Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe

Overview

General Information

Sample Name:SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe
Analysis ID:756214
MD5:b94ac3cb559832fa92e65b6a127ba7e0
SHA1:def0dd941e90de0dc3d077033dbc234e86bcc077
SHA256:c1fd700322fe5a908b87744730a34c923c9db9163adc0d018545c4ab285a31b9
Tags:exe
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected FormBook
Malicious sample detected (through community Yara rule)
Yara detected AntiVM3
Antivirus / Scanner detection for submitted sample
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Machine Learning detection for sample
.NET source code contains potential unpacker
Injects a PE file into a foreign processes
C2 URLs / IPs found in malware configuration
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Found potential string decryption / allocating functions
Contains functionality to call native functions
Contains functionality for execution timing, often used to detect debuggers
Contains long sleeps (>= 3 min)
Creates a DirectInput object (often for capturing keystrokes)
Sample file is different than original file name gathered from version info
Contains functionality to read the PEB
Checks if the current process is being debugged
Binary contains a suspicious time stamp
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64
  • cleanup

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.attracttitude.com/fqwu/"]}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000005.00000002.311228472.0000000000401000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    00000005.00000002.311228472.0000000000401000.00000040.00000400.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x6d48:$a1: 3C 30 50 4F 53 54 74 09 40
    • 0x1f7b7:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0xb026:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    • 0x1854e:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
    00000005.00000002.311228472.0000000000401000.00000040.00000400.00020000.00000000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x1834c:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x17df8:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x1844e:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x185c6:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0xabf1:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x17043:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0x1e52e:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1f521:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000005.00000002.311228472.0000000000401000.00000040.00000400.00020000.00000000.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x1a850:$sqlite3step: 68 34 1C 7B E1
    • 0x1b3c8:$sqlite3step: 68 34 1C 7B E1
    • 0x1a892:$sqlite3text: 68 38 2A 90 C5
    • 0x1b40d:$sqlite3text: 68 38 2A 90 C5
    • 0x1a8a9:$sqlite3blob: 68 53 D8 7F 8C
    • 0x1b423:$sqlite3blob: 68 53 D8 7F 8C
    00000002.00000002.313453933.0000000002C01000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security
      Click to see the 2 entries

      Sigma Signatures

      No Sigma rule has matched

      Snort Signatures

      No Snort rule has matched

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Multi AV Scanner detection for submitted file
      Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeReversingLabs: Detection: 15%
      Yara detected FormBook
      Source: Yara matchFile source: 00000005.00000002.311228472.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
      Antivirus / Scanner detection for submitted sample
      Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeAvira: detected
      Machine Learning detection for sample
      Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeJoe Sandbox ML: detected
      Source: 00000005.00000002.311228472.0000000000401000.00000040.00000400.00020000.00000000.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.attracttitude.com/fqwu/"]}
      Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
      Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
      Source: Binary string: wntdll.pdbUGP source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000005.00000003.309818019.0000000001198000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000005.00000003.308076518.0000000000FF9000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: wntdll.pdb source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000005.00000003.309818019.0000000001198000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000005.00000003.308076518.0000000000FF9000.00000004.00000800.00020000.00000000.sdmp

      Networking

      barindex
      C2 URLs / IPs found in malware configuration
      Source: Malware configuration extractorURLs: www.attracttitude.com/fqwu/
      Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fontfabrik.com
      Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
      Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
      Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
      Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
      Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
      Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
      Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
      Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
      Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
      Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
      Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
      Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
      Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
      Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
      Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
      Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
      Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
      Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
      Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
      Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
      Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
      Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
      Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
      Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
      Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
      Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.309952897.0000000000A1B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

      E-Banking Fraud

      barindex
      Yara detected FormBook
      Source: Yara matchFile source: 00000005.00000002.311228472.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

      System Summary

      barindex
      Malicious sample detected (through community Yara rule)
      Source: 00000005.00000002.311228472.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
      Source: 00000005.00000002.311228472.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
      Source: 00000005.00000002.311228472.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
      Source: Process Memory Space: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe PID: 2412, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
      Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
      Source: 00000005.00000002.311228472.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
      Source: 00000005.00000002.311228472.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
      Source: 00000005.00000002.311228472.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
      Source: Process Memory Space: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe PID: 2412, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 2_2_06E436F02_2_06E436F0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 2_2_06E437002_2_06E43700
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 2_2_06E439A02_2_06E439A0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 2_2_06E439902_2_06E43990
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 2_2_082F00262_2_082F0026
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 2_2_082F00402_2_082F0040
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013741205_2_01374120
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0136C1C05_2_0136C1C0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0138701D5_2_0138701D
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_014110025_2_01411002
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013820A05_2_013820A0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0136B0905_2_0136B090
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_014160F55_2_014160F5
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_014220A85_2_014220A8
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0137A3095_2_0137A309
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013733605_2_01373360
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0141231B5_2_0141231B
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_014103DA5_2_014103DA
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_014023E35_2_014023E3
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0138138B5_2_0138138B
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0137B2365_2_0137B236
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0141E2C55_2_0141E2C5
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_014232A95_2_014232A9
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_014222AE5_2_014222AE
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013865A05_2_013865A0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_014225DD5_2_014225DD
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013825815_2_01382581
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0136D5E05_2_0136D5E0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013724305_2_01372430
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0141D4665_2_0141D466
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0136841F5_2_0136841F
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0137B4775_2_0137B477
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_014144965_2_01414496
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_014167E25_2_014167E2
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013756005_2_01375600
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013596605_2_01359660
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0141D6165_2_0141D616
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013806C05_2_013806C0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0135F9005_2_0135F900
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013799BF5_2_013799BF
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013729905_2_01372990
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0137A8305_2_0137A830
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013568005_2_01356800
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0142E8245_2_0142E824
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_014228EC5_2_014228EC
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013588E05_2_013588E0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01422B285_2_01422B28
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013FCB4F5_2_013FCB4F
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0137AB405_2_0137AB40
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0138EBB05_2_0138EBB0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0141DBD25_2_0141DBD2
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0137EB9A5_2_0137EB9A
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013FEB8A5_2_013FEB8A
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013A8BE85_2_013A8BE8
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0138ABD85_2_0138ABD8
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01415A4F5_2_01415A4F
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0140FA2B5_2_0140FA2B
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01414AEF5_2_01414AEF
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01350D205_2_01350D20
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01421D555_2_01421D55
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01422D075_2_01422D07
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01372D505_2_01372D50
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01412D825_2_01412D82
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0141CC775_2_0141CC77
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01384CD45_2_01384CD4
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0142DFCE5_2_0142DFCE
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01421FF15_2_01421FF1
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01376E305_2_01376E30
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013DAE605_2_013DAE60
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01422EF75_2_01422EF7
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01401EB65_2_01401EB6
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_004012A35_2_004012A3
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_00422A4C5_2_00422A4C
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_004012B45_2_004012B4
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_004044C05_2_004044C0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_004044C75_2_004044C7
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0040B4825_2_0040B482
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0040B4875_2_0040B487
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_004046E75_2_004046E7
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0040FEA75_2_0040FEA7
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: String function: 013AD08C appears 51 times
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: String function: 013E5720 appears 85 times
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: String function: 0135B150 appears 177 times
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01399660 NtAllocateVirtualMemory,LdrInitializeThunk,5_2_01399660
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013996E0 NtFreeVirtualMemory,LdrInitializeThunk,5_2_013996E0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01399860 NtQuerySystemInformation,LdrInitializeThunk,5_2_01399860
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0139B040 NtSuspendThread,5_2_0139B040
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0139A3B0 NtGetContextThread,5_2_0139A3B0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01399520 NtWaitForSingleObject,5_2_01399520
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01399560 NtWriteFile,5_2_01399560
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01399540 NtReadFile,5_2_01399540
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013995F0 NtQueryInformationFile,5_2_013995F0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013995D0 NtClose,5_2_013995D0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01399730 NtQueryVirtualMemory,5_2_01399730
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0139A710 NtOpenProcessToken,5_2_0139A710
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01399710 NtQueryInformationToken,5_2_01399710
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0139A770 NtOpenThread,5_2_0139A770
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01399770 NtSetInformationFile,5_2_01399770
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01399760 NtOpenProcess,5_2_01399760
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013997A0 NtUnmapViewOfSection,5_2_013997A0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01399780 NtMapViewOfSection,5_2_01399780
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01399610 NtEnumerateValueKey,5_2_01399610
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01399670 NtQueryInformationProcess,5_2_01399670
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01399650 NtQueryValueKey,5_2_01399650
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013996D0 NtCreateKey,5_2_013996D0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01399910 NtAdjustPrivilegesToken,5_2_01399910
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01399950 NtQueueApcThread,5_2_01399950
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013999A0 NtCreateSection,5_2_013999A0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013999D0 NtCreateProcessEx,5_2_013999D0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01399820 NtEnumerateKey,5_2_01399820
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01399840 NtDelayExecution,5_2_01399840
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013998A0 NtWriteVirtualMemory,5_2_013998A0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013998F0 NtReadVirtualMemory,5_2_013998F0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01399B00 NtSetValueKey,5_2_01399B00
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01399A20 NtResumeThread,5_2_01399A20
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01399A10 NtQuerySection,5_2_01399A10
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01399A00 NtProtectVirtualMemory,5_2_01399A00
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01399A50 NtCreateFile,5_2_01399A50
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01399A80 NtOpenDirectoryObject,5_2_01399A80
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0139AD30 NtSetContextThread,5_2_0139AD30
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01399FE0 NtCreateMutant,5_2_01399FE0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0041E007 NtClose,5_2_0041E007
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0041E0B7 NtAllocateVirtualMemory,5_2_0041E0B7
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_004012A3 NtProtectVirtualMemory,5_2_004012A3
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0041DED7 NtCreateFile,5_2_0041DED7
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0041DF87 NtReadFile,5_2_0041DF87
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_004012B4 NtProtectVirtualMemory,5_2_004012B4
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_004014E9 NtProtectVirtualMemory,5_2_004014E9
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0041DF86 NtReadFile,5_2_0041DF86
      Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.322576068.0000000006E50000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameCollins.dll8 vs SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe
      Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000000.288391951.00000000001C2000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamerqKR.exe6 vs SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe
      Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.309952897.0000000000A1B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe
      Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.311233732.0000000002721000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamePrecision.dll6 vs SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe
      Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.311233732.0000000002721000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameInspector.dllN vs SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe
      Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.322239890.0000000006C40000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameInspector.dllN vs SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe
      Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe
      Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000005.00000003.308719271.000000000110F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe
      Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000005.00000003.310645530.00000000012B7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe
      Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeBinary or memory string: OriginalFilenamerqKR.exe6 vs SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe
      Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
      Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeReversingLabs: Detection: 15%
      Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe.logJump to behavior
      Source: classification engineClassification label: mal100.troj.evad.winEXE@3/1@0/0
      Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
      Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
      Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
      Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
      Source: Binary string: wntdll.pdbUGP source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000005.00000003.309818019.0000000001198000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000005.00000003.308076518.0000000000FF9000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: wntdll.pdb source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000005.00000003.309818019.0000000001198000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000005.00000003.308076518.0000000000FF9000.00000004.00000800.00020000.00000000.sdmp

      Data Obfuscation

      barindex
      .NET source code contains potential unpacker
      Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, Form1.cs.Net Code: InitializeComponent System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
      Source: 2.0.SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe.1c0000.0.unpack, Form1.cs.Net Code: InitializeComponent System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 2_2_06E465EB push ecx; retf 2_2_06E465EC
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 2_2_06E46F66 push edi; retf 2_2_06E46F67
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013AD0D1 push ecx; ret 5_2_013AD0E4
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_004210F9 push eax; ret 5_2_004210FF
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_004210AC push eax; ret 5_2_004210FF
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_00421163 push eax; ret 5_2_00421169
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_00421102 push eax; ret 5_2_00421169
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_00405267 push ebp; iretd 5_2_00405268
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_00421AE7 push edx; ret 5_2_00421BD9
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0041AFE0 push edi; ret 5_2_0041AFE3
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0041B78A push esp; iretd 5_2_0041B78C
      Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeStatic PE information: 0x814AECD0 [Mon Sep 27 03:32:32 2038 UTC]
      Source: initial sampleStatic PE information: section name: .text entropy: 7.572220133283429
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

      Malware Analysis System Evasion

      barindex
      Yara detected AntiVM3
      Source: Yara matchFile source: 00000002.00000002.313453933.0000000002C01000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe PID: 4964, type: MEMORYSTR
      Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
      Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.313453933.0000000002C01000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
      Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.313453933.0000000002C01000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: KERNEL32.DLL.WINE_GET_UNIX_FILE_NAME
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe TID: 5260Thread sleep time: -38122s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe TID: 4840Thread sleep time: -922337203685477s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01386B90 rdtsc 5_2_01386B90
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeAPI coverage: 1.2 %
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeProcess information queried: ProcessInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeThread delayed: delay time: 38122Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.313453933.0000000002C01000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: InstallPathJC:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
      Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.313453933.0000000002C01000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmware
      Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.313453933.0000000002C01000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware SVGA II
      Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.313453933.0000000002C01000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMWAREDSOFTWARE\VMware, Inc.\VMware Tools
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01386B90 rdtsc 5_2_01386B90
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0138513A mov eax, dword ptr fs:[00000030h]5_2_0138513A
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0138513A mov eax, dword ptr fs:[00000030h]5_2_0138513A
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01353138 mov ecx, dword ptr fs:[00000030h]5_2_01353138
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01374120 mov eax, dword ptr fs:[00000030h]5_2_01374120
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01374120 mov eax, dword ptr fs:[00000030h]5_2_01374120
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01374120 mov eax, dword ptr fs:[00000030h]5_2_01374120
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01374120 mov eax, dword ptr fs:[00000030h]5_2_01374120
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01374120 mov ecx, dword ptr fs:[00000030h]5_2_01374120
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01359100 mov eax, dword ptr fs:[00000030h]5_2_01359100
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01359100 mov eax, dword ptr fs:[00000030h]5_2_01359100
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01359100 mov eax, dword ptr fs:[00000030h]5_2_01359100
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01360100 mov eax, dword ptr fs:[00000030h]5_2_01360100
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01360100 mov eax, dword ptr fs:[00000030h]5_2_01360100
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01360100 mov eax, dword ptr fs:[00000030h]5_2_01360100
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0135B171 mov eax, dword ptr fs:[00000030h]5_2_0135B171
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0135B171 mov eax, dword ptr fs:[00000030h]5_2_0135B171
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013D51BE mov eax, dword ptr fs:[00000030h]5_2_013D51BE
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013D51BE mov eax, dword ptr fs:[00000030h]5_2_013D51BE
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013D51BE mov eax, dword ptr fs:[00000030h]5_2_013D51BE
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013D51BE mov eax, dword ptr fs:[00000030h]5_2_013D51BE
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013661A7 mov eax, dword ptr fs:[00000030h]5_2_013661A7
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013661A7 mov eax, dword ptr fs:[00000030h]5_2_013661A7
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013661A7 mov eax, dword ptr fs:[00000030h]5_2_013661A7
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013661A7 mov eax, dword ptr fs:[00000030h]5_2_013661A7
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013861A0 mov eax, dword ptr fs:[00000030h]5_2_013861A0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013861A0 mov eax, dword ptr fs:[00000030h]5_2_013861A0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_014131DC mov eax, dword ptr fs:[00000030h]5_2_014131DC
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_014131DC mov eax, dword ptr fs:[00000030h]5_2_014131DC
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_014131DC mov eax, dword ptr fs:[00000030h]5_2_014131DC
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_014131DC mov eax, dword ptr fs:[00000030h]5_2_014131DC
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_014131DC mov eax, dword ptr fs:[00000030h]5_2_014131DC
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_014131DC mov eax, dword ptr fs:[00000030h]5_2_014131DC
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_014131DC mov eax, dword ptr fs:[00000030h]5_2_014131DC
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_014131DC mov ecx, dword ptr fs:[00000030h]5_2_014131DC
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_014131DC mov ecx, dword ptr fs:[00000030h]5_2_014131DC
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_014131DC mov eax, dword ptr fs:[00000030h]5_2_014131DC
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_014131DC mov eax, dword ptr fs:[00000030h]5_2_014131DC
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_014131DC mov eax, dword ptr fs:[00000030h]5_2_014131DC
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_014131DC mov eax, dword ptr fs:[00000030h]5_2_014131DC
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01358190 mov ecx, dword ptr fs:[00000030h]5_2_01358190
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01384190 mov eax, dword ptr fs:[00000030h]5_2_01384190
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0135519E mov eax, dword ptr fs:[00000030h]5_2_0135519E
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0135519E mov ecx, dword ptr fs:[00000030h]5_2_0135519E
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0137C182 mov eax, dword ptr fs:[00000030h]5_2_0137C182
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0138A185 mov eax, dword ptr fs:[00000030h]5_2_0138A185
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0141A189 mov eax, dword ptr fs:[00000030h]5_2_0141A189
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0141A189 mov ecx, dword ptr fs:[00000030h]5_2_0141A189
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0135B1E1 mov eax, dword ptr fs:[00000030h]5_2_0135B1E1
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0135B1E1 mov eax, dword ptr fs:[00000030h]5_2_0135B1E1
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0135B1E1 mov eax, dword ptr fs:[00000030h]5_2_0135B1E1
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013531E0 mov eax, dword ptr fs:[00000030h]5_2_013531E0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013E41E8 mov eax, dword ptr fs:[00000030h]5_2_013E41E8
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0137D1EF mov eax, dword ptr fs:[00000030h]5_2_0137D1EF
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0136C1C0 mov eax, dword ptr fs:[00000030h]5_2_0136C1C0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0142F1B5 mov eax, dword ptr fs:[00000030h]5_2_0142F1B5
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0142F1B5 mov eax, dword ptr fs:[00000030h]5_2_0142F1B5
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0138002D mov eax, dword ptr fs:[00000030h]5_2_0138002D
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0138002D mov eax, dword ptr fs:[00000030h]5_2_0138002D
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0138002D mov eax, dword ptr fs:[00000030h]5_2_0138002D
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0138002D mov eax, dword ptr fs:[00000030h]5_2_0138002D
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0138002D mov eax, dword ptr fs:[00000030h]5_2_0138002D
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01384020 mov edi, dword ptr fs:[00000030h]5_2_01384020
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0136B02A mov eax, dword ptr fs:[00000030h]5_2_0136B02A
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0136B02A mov eax, dword ptr fs:[00000030h]5_2_0136B02A
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0136B02A mov eax, dword ptr fs:[00000030h]5_2_0136B02A
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0136B02A mov eax, dword ptr fs:[00000030h]5_2_0136B02A
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0138701D mov eax, dword ptr fs:[00000030h]5_2_0138701D
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0138701D mov eax, dword ptr fs:[00000030h]5_2_0138701D
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0138701D mov eax, dword ptr fs:[00000030h]5_2_0138701D
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0138701D mov eax, dword ptr fs:[00000030h]5_2_0138701D
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0138701D mov eax, dword ptr fs:[00000030h]5_2_0138701D
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0138701D mov eax, dword ptr fs:[00000030h]5_2_0138701D
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013E3019 mov eax, dword ptr fs:[00000030h]5_2_013E3019
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013D7016 mov eax, dword ptr fs:[00000030h]5_2_013D7016
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013D7016 mov eax, dword ptr fs:[00000030h]5_2_013D7016
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013D7016 mov eax, dword ptr fs:[00000030h]5_2_013D7016
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01412073 mov eax, dword ptr fs:[00000030h]5_2_01412073
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01421074 mov eax, dword ptr fs:[00000030h]5_2_01421074
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01424015 mov eax, dword ptr fs:[00000030h]5_2_01424015
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01424015 mov eax, dword ptr fs:[00000030h]5_2_01424015
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01357057 mov eax, dword ptr fs:[00000030h]5_2_01357057
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01355050 mov eax, dword ptr fs:[00000030h]5_2_01355050
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01355050 mov eax, dword ptr fs:[00000030h]5_2_01355050
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01355050 mov eax, dword ptr fs:[00000030h]5_2_01355050
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0141B0C7 mov eax, dword ptr fs:[00000030h]5_2_0141B0C7
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0141B0C7 mov eax, dword ptr fs:[00000030h]5_2_0141B0C7
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0138F0BF mov ecx, dword ptr fs:[00000030h]5_2_0138F0BF
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0138F0BF mov eax, dword ptr fs:[00000030h]5_2_0138F0BF
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0138F0BF mov eax, dword ptr fs:[00000030h]5_2_0138F0BF
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013990AF mov eax, dword ptr fs:[00000030h]5_2_013990AF
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013820A0 mov eax, dword ptr fs:[00000030h]5_2_013820A0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013820A0 mov eax, dword ptr fs:[00000030h]5_2_013820A0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013820A0 mov eax, dword ptr fs:[00000030h]5_2_013820A0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013820A0 mov eax, dword ptr fs:[00000030h]5_2_013820A0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013820A0 mov eax, dword ptr fs:[00000030h]5_2_013820A0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013820A0 mov eax, dword ptr fs:[00000030h]5_2_013820A0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_014160F5 mov eax, dword ptr fs:[00000030h]5_2_014160F5
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_014160F5 mov eax, dword ptr fs:[00000030h]5_2_014160F5
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_014160F5 mov eax, dword ptr fs:[00000030h]5_2_014160F5
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_014160F5 mov eax, dword ptr fs:[00000030h]5_2_014160F5
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01359080 mov eax, dword ptr fs:[00000030h]5_2_01359080
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0135B080 mov eax, dword ptr fs:[00000030h]5_2_0135B080
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013540E1 mov eax, dword ptr fs:[00000030h]5_2_013540E1
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013540E1 mov eax, dword ptr fs:[00000030h]5_2_013540E1
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013540E1 mov eax, dword ptr fs:[00000030h]5_2_013540E1
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013570C0 mov eax, dword ptr fs:[00000030h]5_2_013570C0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013570C0 mov eax, dword ptr fs:[00000030h]5_2_013570C0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0137A309 mov eax, dword ptr fs:[00000030h]5_2_0137A309
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0137A309 mov eax, dword ptr fs:[00000030h]5_2_0137A309
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0137A309 mov eax, dword ptr fs:[00000030h]5_2_0137A309
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0137A309 mov eax, dword ptr fs:[00000030h]5_2_0137A309
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0137A309 mov eax, dword ptr fs:[00000030h]5_2_0137A309
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0137A309 mov eax, dword ptr fs:[00000030h]5_2_0137A309
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0137A309 mov eax, dword ptr fs:[00000030h]5_2_0137A309
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0137A309 mov eax, dword ptr fs:[00000030h]5_2_0137A309
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0137A309 mov eax, dword ptr fs:[00000030h]5_2_0137A309
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0137A309 mov eax, dword ptr fs:[00000030h]5_2_0137A309
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0137A309 mov eax, dword ptr fs:[00000030h]5_2_0137A309
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0137A309 mov eax, dword ptr fs:[00000030h]5_2_0137A309
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0137A309 mov eax, dword ptr fs:[00000030h]5_2_0137A309
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0137A309 mov eax, dword ptr fs:[00000030h]5_2_0137A309
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0137A309 mov eax, dword ptr fs:[00000030h]5_2_0137A309
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0137A309 mov eax, dword ptr fs:[00000030h]5_2_0137A309
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0137A309 mov eax, dword ptr fs:[00000030h]5_2_0137A309
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0137A309 mov eax, dword ptr fs:[00000030h]5_2_0137A309
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0137A309 mov eax, dword ptr fs:[00000030h]5_2_0137A309
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0137A309 mov eax, dword ptr fs:[00000030h]5_2_0137A309
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0137A309 mov eax, dword ptr fs:[00000030h]5_2_0137A309
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0136F370 mov eax, dword ptr fs:[00000030h]5_2_0136F370
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0136F370 mov eax, dword ptr fs:[00000030h]5_2_0136F370
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0136F370 mov eax, dword ptr fs:[00000030h]5_2_0136F370
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0141131B mov eax, dword ptr fs:[00000030h]5_2_0141131B
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013E6365 mov eax, dword ptr fs:[00000030h]5_2_013E6365
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013E6365 mov eax, dword ptr fs:[00000030h]5_2_013E6365
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013E6365 mov eax, dword ptr fs:[00000030h]5_2_013E6365
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0135F358 mov eax, dword ptr fs:[00000030h]5_2_0135F358
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_014023E3 mov ecx, dword ptr fs:[00000030h]5_2_014023E3
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_014023E3 mov ecx, dword ptr fs:[00000030h]5_2_014023E3
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_014023E3 mov eax, dword ptr fs:[00000030h]5_2_014023E3
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0138B390 mov eax, dword ptr fs:[00000030h]5_2_0138B390
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01382397 mov eax, dword ptr fs:[00000030h]5_2_01382397
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0138138B mov eax, dword ptr fs:[00000030h]5_2_0138138B
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0138138B mov eax, dword ptr fs:[00000030h]5_2_0138138B
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0138138B mov eax, dword ptr fs:[00000030h]5_2_0138138B
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0140D380 mov ecx, dword ptr fs:[00000030h]5_2_0140D380
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0141138A mov eax, dword ptr fs:[00000030h]5_2_0141138A
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013803E2 mov eax, dword ptr fs:[00000030h]5_2_013803E2
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013803E2 mov eax, dword ptr fs:[00000030h]5_2_013803E2
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013803E2 mov eax, dword ptr fs:[00000030h]5_2_013803E2
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013803E2 mov eax, dword ptr fs:[00000030h]5_2_013803E2
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013803E2 mov eax, dword ptr fs:[00000030h]5_2_013803E2
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013803E2 mov eax, dword ptr fs:[00000030h]5_2_013803E2
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013D53CA mov eax, dword ptr fs:[00000030h]5_2_013D53CA
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013D53CA mov eax, dword ptr fs:[00000030h]5_2_013D53CA
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013853C5 mov eax, dword ptr fs:[00000030h]5_2_013853C5
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0137B236 mov eax, dword ptr fs:[00000030h]5_2_0137B236
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0137B236 mov eax, dword ptr fs:[00000030h]5_2_0137B236
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0137B236 mov eax, dword ptr fs:[00000030h]5_2_0137B236
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0137B236 mov eax, dword ptr fs:[00000030h]5_2_0137B236
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0137B236 mov eax, dword ptr fs:[00000030h]5_2_0137B236
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0137B236 mov eax, dword ptr fs:[00000030h]5_2_0137B236
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0135B233 mov eax, dword ptr fs:[00000030h]5_2_0135B233
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0135B233 mov eax, dword ptr fs:[00000030h]5_2_0135B233
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01358239 mov eax, dword ptr fs:[00000030h]5_2_01358239
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01358239 mov eax, dword ptr fs:[00000030h]5_2_01358239
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01358239 mov eax, dword ptr fs:[00000030h]5_2_01358239
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0137A229 mov eax, dword ptr fs:[00000030h]5_2_0137A229
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0137A229 mov eax, dword ptr fs:[00000030h]5_2_0137A229
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0137A229 mov eax, dword ptr fs:[00000030h]5_2_0137A229
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0137A229 mov eax, dword ptr fs:[00000030h]5_2_0137A229
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0137A229 mov eax, dword ptr fs:[00000030h]5_2_0137A229
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0137A229 mov eax, dword ptr fs:[00000030h]5_2_0137A229
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0137A229 mov eax, dword ptr fs:[00000030h]5_2_0137A229
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0137A229 mov eax, dword ptr fs:[00000030h]5_2_0137A229
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0137A229 mov eax, dword ptr fs:[00000030h]5_2_0137A229
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0140B260 mov eax, dword ptr fs:[00000030h]5_2_0140B260
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0140B260 mov eax, dword ptr fs:[00000030h]5_2_0140B260
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01355210 mov eax, dword ptr fs:[00000030h]5_2_01355210
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01355210 mov ecx, dword ptr fs:[00000030h]5_2_01355210
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01355210 mov eax, dword ptr fs:[00000030h]5_2_01355210
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01355210 mov eax, dword ptr fs:[00000030h]5_2_01355210
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0139927A mov eax, dword ptr fs:[00000030h]5_2_0139927A
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01411229 mov eax, dword ptr fs:[00000030h]5_2_01411229
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013E4257 mov eax, dword ptr fs:[00000030h]5_2_013E4257
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01359240 mov eax, dword ptr fs:[00000030h]5_2_01359240
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01359240 mov eax, dword ptr fs:[00000030h]5_2_01359240
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01359240 mov eax, dword ptr fs:[00000030h]5_2_01359240
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01359240 mov eax, dword ptr fs:[00000030h]5_2_01359240
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013812BD mov esi, dword ptr fs:[00000030h]5_2_013812BD
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013812BD mov eax, dword ptr fs:[00000030h]5_2_013812BD
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013812BD mov eax, dword ptr fs:[00000030h]5_2_013812BD
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013552A5 mov eax, dword ptr fs:[00000030h]5_2_013552A5
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013552A5 mov eax, dword ptr fs:[00000030h]5_2_013552A5
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013552A5 mov eax, dword ptr fs:[00000030h]5_2_013552A5
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013552A5 mov eax, dword ptr fs:[00000030h]5_2_013552A5
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013552A5 mov eax, dword ptr fs:[00000030h]5_2_013552A5
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013662A0 mov eax, dword ptr fs:[00000030h]5_2_013662A0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013662A0 mov eax, dword ptr fs:[00000030h]5_2_013662A0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013662A0 mov eax, dword ptr fs:[00000030h]5_2_013662A0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013662A0 mov eax, dword ptr fs:[00000030h]5_2_013662A0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0141B2E8 mov eax, dword ptr fs:[00000030h]5_2_0141B2E8
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0141B2E8 mov eax, dword ptr fs:[00000030h]5_2_0141B2E8
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0141B2E8 mov eax, dword ptr fs:[00000030h]5_2_0141B2E8
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0141B2E8 mov eax, dword ptr fs:[00000030h]5_2_0141B2E8
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0138D294 mov eax, dword ptr fs:[00000030h]5_2_0138D294
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0138D294 mov eax, dword ptr fs:[00000030h]5_2_0138D294
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0141129A mov eax, dword ptr fs:[00000030h]5_2_0141129A
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013512D4 mov eax, dword ptr fs:[00000030h]5_2_013512D4
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013DA537 mov eax, dword ptr fs:[00000030h]5_2_013DA537
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0138F527 mov eax, dword ptr fs:[00000030h]5_2_0138F527
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0138F527 mov eax, dword ptr fs:[00000030h]5_2_0138F527
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0138F527 mov eax, dword ptr fs:[00000030h]5_2_0138F527
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01359515 mov ecx, dword ptr fs:[00000030h]5_2_01359515
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0135751A mov eax, dword ptr fs:[00000030h]5_2_0135751A
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0135751A mov eax, dword ptr fs:[00000030h]5_2_0135751A
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0135751A mov eax, dword ptr fs:[00000030h]5_2_0135751A
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0135751A mov eax, dword ptr fs:[00000030h]5_2_0135751A
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0137C577 mov eax, dword ptr fs:[00000030h]5_2_0137C577
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0137C577 mov eax, dword ptr fs:[00000030h]5_2_0137C577
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01413518 mov eax, dword ptr fs:[00000030h]5_2_01413518
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01413518 mov eax, dword ptr fs:[00000030h]5_2_01413518
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01413518 mov eax, dword ptr fs:[00000030h]5_2_01413518
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0135B540 mov eax, dword ptr fs:[00000030h]5_2_0135B540
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0135B540 mov eax, dword ptr fs:[00000030h]5_2_0135B540
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0141E539 mov eax, dword ptr fs:[00000030h]5_2_0141E539
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0135354C mov eax, dword ptr fs:[00000030h]5_2_0135354C
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0135354C mov eax, dword ptr fs:[00000030h]5_2_0135354C
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013D3540 mov eax, dword ptr fs:[00000030h]5_2_013D3540
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013865A0 mov eax, dword ptr fs:[00000030h]5_2_013865A0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013865A0 mov eax, dword ptr fs:[00000030h]5_2_013865A0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013865A0 mov eax, dword ptr fs:[00000030h]5_2_013865A0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013835A1 mov eax, dword ptr fs:[00000030h]5_2_013835A1
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01353591 mov eax, dword ptr fs:[00000030h]5_2_01353591
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01382581 mov eax, dword ptr fs:[00000030h]5_2_01382581
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01382581 mov eax, dword ptr fs:[00000030h]5_2_01382581
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01382581 mov eax, dword ptr fs:[00000030h]5_2_01382581
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01382581 mov eax, dword ptr fs:[00000030h]5_2_01382581
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0141B581 mov eax, dword ptr fs:[00000030h]5_2_0141B581
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0141B581 mov eax, dword ptr fs:[00000030h]5_2_0141B581
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0141B581 mov eax, dword ptr fs:[00000030h]5_2_0141B581
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0141B581 mov eax, dword ptr fs:[00000030h]5_2_0141B581
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013595F0 mov eax, dword ptr fs:[00000030h]5_2_013595F0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013595F0 mov ecx, dword ptr fs:[00000030h]5_2_013595F0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013895EC mov eax, dword ptr fs:[00000030h]5_2_013895EC
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0136D5E0 mov eax, dword ptr fs:[00000030h]5_2_0136D5E0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0136D5E0 mov eax, dword ptr fs:[00000030h]5_2_0136D5E0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_014205AC mov eax, dword ptr fs:[00000030h]5_2_014205AC
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_014205AC mov eax, dword ptr fs:[00000030h]5_2_014205AC
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013515C1 mov eax, dword ptr fs:[00000030h]5_2_013515C1
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0136B433 mov eax, dword ptr fs:[00000030h]5_2_0136B433
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0136B433 mov eax, dword ptr fs:[00000030h]5_2_0136B433
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0136B433 mov eax, dword ptr fs:[00000030h]5_2_0136B433
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01372430 mov eax, dword ptr fs:[00000030h]5_2_01372430
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01372430 mov eax, dword ptr fs:[00000030h]5_2_01372430
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01354439 mov eax, dword ptr fs:[00000030h]5_2_01354439
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01428450 mov eax, dword ptr fs:[00000030h]5_2_01428450
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01358410 mov eax, dword ptr fs:[00000030h]5_2_01358410
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0137B477 mov eax, dword ptr fs:[00000030h]5_2_0137B477
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0137B477 mov eax, dword ptr fs:[00000030h]5_2_0137B477
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0137B477 mov eax, dword ptr fs:[00000030h]5_2_0137B477
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0137B477 mov eax, dword ptr fs:[00000030h]5_2_0137B477
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0137B477 mov eax, dword ptr fs:[00000030h]5_2_0137B477
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0137B477 mov eax, dword ptr fs:[00000030h]5_2_0137B477
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0137B477 mov eax, dword ptr fs:[00000030h]5_2_0137B477
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0137B477 mov eax, dword ptr fs:[00000030h]5_2_0137B477
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0137B477 mov eax, dword ptr fs:[00000030h]5_2_0137B477
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0137B477 mov eax, dword ptr fs:[00000030h]5_2_0137B477
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0137B477 mov eax, dword ptr fs:[00000030h]5_2_0137B477
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0137B477 mov eax, dword ptr fs:[00000030h]5_2_0137B477
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0142740D mov eax, dword ptr fs:[00000030h]5_2_0142740D
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0142740D mov eax, dword ptr fs:[00000030h]5_2_0142740D
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0142740D mov eax, dword ptr fs:[00000030h]5_2_0142740D
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01358466 mov eax, dword ptr fs:[00000030h]5_2_01358466
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01358466 mov eax, dword ptr fs:[00000030h]5_2_01358466
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0137746D mov eax, dword ptr fs:[00000030h]5_2_0137746D
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01359450 mov eax, dword ptr fs:[00000030h]5_2_01359450
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013EC450 mov eax, dword ptr fs:[00000030h]5_2_013EC450
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013EC450 mov eax, dword ptr fs:[00000030h]5_2_013EC450
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0138A44B mov eax, dword ptr fs:[00000030h]5_2_0138A44B
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013634B1 mov eax, dword ptr fs:[00000030h]5_2_013634B1
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013634B1 mov eax, dword ptr fs:[00000030h]5_2_013634B1
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0138D4B0 mov eax, dword ptr fs:[00000030h]5_2_0138D4B0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013E64B5 mov eax, dword ptr fs:[00000030h]5_2_013E64B5
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013E64B5 mov eax, dword ptr fs:[00000030h]5_2_013E64B5
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013E34A0 mov eax, dword ptr fs:[00000030h]5_2_013E34A0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013E34A0 mov eax, dword ptr fs:[00000030h]5_2_013E34A0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013E34A0 mov eax, dword ptr fs:[00000030h]5_2_013E34A0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013614A9 mov eax, dword ptr fs:[00000030h]5_2_013614A9
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013614A9 mov ecx, dword ptr fs:[00000030h]5_2_013614A9
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0136849B mov eax, dword ptr fs:[00000030h]5_2_0136849B
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0135649B mov eax, dword ptr fs:[00000030h]5_2_0135649B
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0135649B mov eax, dword ptr fs:[00000030h]5_2_0135649B
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01351480 mov eax, dword ptr fs:[00000030h]5_2_01351480
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_014114FB mov eax, dword ptr fs:[00000030h]5_2_014114FB
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01414496 mov eax, dword ptr fs:[00000030h]5_2_01414496
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01414496 mov eax, dword ptr fs:[00000030h]5_2_01414496
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01414496 mov eax, dword ptr fs:[00000030h]5_2_01414496
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01414496 mov eax, dword ptr fs:[00000030h]5_2_01414496
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01414496 mov eax, dword ptr fs:[00000030h]5_2_01414496
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01414496 mov eax, dword ptr fs:[00000030h]5_2_01414496
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01414496 mov eax, dword ptr fs:[00000030h]5_2_01414496
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01414496 mov eax, dword ptr fs:[00000030h]5_2_01414496
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01414496 mov eax, dword ptr fs:[00000030h]5_2_01414496
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01414496 mov eax, dword ptr fs:[00000030h]5_2_01414496
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01414496 mov eax, dword ptr fs:[00000030h]5_2_01414496
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01414496 mov eax, dword ptr fs:[00000030h]5_2_01414496
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01414496 mov eax, dword ptr fs:[00000030h]5_2_01414496
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013884E0 mov eax, dword ptr fs:[00000030h]5_2_013884E0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013884E0 mov eax, dword ptr fs:[00000030h]5_2_013884E0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013884E0 mov eax, dword ptr fs:[00000030h]5_2_013884E0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013884E0 mov eax, dword ptr fs:[00000030h]5_2_013884E0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013884E0 mov eax, dword ptr fs:[00000030h]5_2_013884E0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013884E0 mov eax, dword ptr fs:[00000030h]5_2_013884E0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01356730 mov eax, dword ptr fs:[00000030h]5_2_01356730
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01356730 mov eax, dword ptr fs:[00000030h]5_2_01356730
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01356730 mov eax, dword ptr fs:[00000030h]5_2_01356730
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0138E730 mov eax, dword ptr fs:[00000030h]5_2_0138E730
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0137B73D mov eax, dword ptr fs:[00000030h]5_2_0137B73D
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0137B73D mov eax, dword ptr fs:[00000030h]5_2_0137B73D
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01411751 mov eax, dword ptr fs:[00000030h]5_2_01411751
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0137F716 mov eax, dword ptr fs:[00000030h]5_2_0137F716
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01384710 mov eax, dword ptr fs:[00000030h]5_2_01384710
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0138D715 mov eax, dword ptr fs:[00000030h]5_2_0138D715
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0138D715 mov eax, dword ptr fs:[00000030h]5_2_0138D715
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0138A70E mov eax, dword ptr fs:[00000030h]5_2_0138A70E
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0138A70E mov eax, dword ptr fs:[00000030h]5_2_0138A70E
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0138C707 mov eax, dword ptr fs:[00000030h]5_2_0138C707
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0138C707 mov ecx, dword ptr fs:[00000030h]5_2_0138C707
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0138C707 mov eax, dword ptr fs:[00000030h]5_2_0138C707
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0142070D mov eax, dword ptr fs:[00000030h]5_2_0142070D
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0142070D mov eax, dword ptr fs:[00000030h]5_2_0142070D
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01358760 mov eax, dword ptr fs:[00000030h]5_2_01358760
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01358760 mov eax, dword ptr fs:[00000030h]5_2_01358760
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01358760 mov eax, dword ptr fs:[00000030h]5_2_01358760
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01358760 mov ecx, dword ptr fs:[00000030h]5_2_01358760
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01358760 mov eax, dword ptr fs:[00000030h]5_2_01358760
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01358760 mov eax, dword ptr fs:[00000030h]5_2_01358760
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01358760 mov eax, dword ptr fs:[00000030h]5_2_01358760
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01358760 mov eax, dword ptr fs:[00000030h]5_2_01358760
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01358760 mov eax, dword ptr fs:[00000030h]5_2_01358760
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01358760 mov eax, dword ptr fs:[00000030h]5_2_01358760
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0137E760 mov eax, dword ptr fs:[00000030h]5_2_0137E760
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0137E760 mov eax, dword ptr fs:[00000030h]5_2_0137E760
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0135A745 mov eax, dword ptr fs:[00000030h]5_2_0135A745
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_014287CF mov eax, dword ptr fs:[00000030h]5_2_014287CF
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_014117D2 mov eax, dword ptr fs:[00000030h]5_2_014117D2
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01368794 mov eax, dword ptr fs:[00000030h]5_2_01368794
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013D7794 mov eax, dword ptr fs:[00000030h]5_2_013D7794
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013D7794 mov eax, dword ptr fs:[00000030h]5_2_013D7794
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013D7794 mov eax, dword ptr fs:[00000030h]5_2_013D7794
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013937F5 mov eax, dword ptr fs:[00000030h]5_2_013937F5
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013837EB mov eax, dword ptr fs:[00000030h]5_2_013837EB
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013837EB mov eax, dword ptr fs:[00000030h]5_2_013837EB
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013837EB mov eax, dword ptr fs:[00000030h]5_2_013837EB
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013837EB mov eax, dword ptr fs:[00000030h]5_2_013837EB
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013837EB mov eax, dword ptr fs:[00000030h]5_2_013837EB
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013837EB mov eax, dword ptr fs:[00000030h]5_2_013837EB
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013837EB mov eax, dword ptr fs:[00000030h]5_2_013837EB
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013797ED mov eax, dword ptr fs:[00000030h]5_2_013797ED
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013797ED mov eax, dword ptr fs:[00000030h]5_2_013797ED
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013797ED mov eax, dword ptr fs:[00000030h]5_2_013797ED
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013797ED mov eax, dword ptr fs:[00000030h]5_2_013797ED
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013797ED mov eax, dword ptr fs:[00000030h]5_2_013797ED
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013797ED mov eax, dword ptr fs:[00000030h]5_2_013797ED
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013797ED mov eax, dword ptr fs:[00000030h]5_2_013797ED
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0138D7CA mov eax, dword ptr fs:[00000030h]5_2_0138D7CA
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0138D7CA mov eax, dword ptr fs:[00000030h]5_2_0138D7CA
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0138C63D mov eax, dword ptr fs:[00000030h]5_2_0138C63D
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0135A63B mov eax, dword ptr fs:[00000030h]5_2_0135A63B
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0135A63B mov eax, dword ptr fs:[00000030h]5_2_0135A63B
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0135E620 mov eax, dword ptr fs:[00000030h]5_2_0135E620
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0136B62E mov eax, dword ptr fs:[00000030h]5_2_0136B62E
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0136B62E mov eax, dword ptr fs:[00000030h]5_2_0136B62E
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01387620 mov eax, dword ptr fs:[00000030h]5_2_01387620
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01387620 mov eax, dword ptr fs:[00000030h]5_2_01387620
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01387620 mov eax, dword ptr fs:[00000030h]5_2_01387620
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01387620 mov eax, dword ptr fs:[00000030h]5_2_01387620
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01387620 mov eax, dword ptr fs:[00000030h]5_2_01387620
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01387620 mov eax, dword ptr fs:[00000030h]5_2_01387620
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013D5623 mov eax, dword ptr fs:[00000030h]5_2_013D5623
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013D5623 mov eax, dword ptr fs:[00000030h]5_2_013D5623
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013D5623 mov eax, dword ptr fs:[00000030h]5_2_013D5623
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013D5623 mov eax, dword ptr fs:[00000030h]5_2_013D5623
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013D5623 mov eax, dword ptr fs:[00000030h]5_2_013D5623
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013D5623 mov eax, dword ptr fs:[00000030h]5_2_013D5623
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013D5623 mov eax, dword ptr fs:[00000030h]5_2_013D5623
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013D5623 mov eax, dword ptr fs:[00000030h]5_2_013D5623
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013D5623 mov eax, dword ptr fs:[00000030h]5_2_013D5623
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0138A61C mov eax, dword ptr fs:[00000030h]5_2_0138A61C
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0138A61C mov eax, dword ptr fs:[00000030h]5_2_0138A61C
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01351618 mov eax, dword ptr fs:[00000030h]5_2_01351618
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0135C600 mov eax, dword ptr fs:[00000030h]5_2_0135C600
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0135C600 mov eax, dword ptr fs:[00000030h]5_2_0135C600
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0135C600 mov eax, dword ptr fs:[00000030h]5_2_0135C600
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01375600 mov eax, dword ptr fs:[00000030h]5_2_01375600
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01375600 mov eax, dword ptr fs:[00000030h]5_2_01375600
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01375600 mov eax, dword ptr fs:[00000030h]5_2_01375600
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01375600 mov eax, dword ptr fs:[00000030h]5_2_01375600
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01375600 mov ecx, dword ptr fs:[00000030h]5_2_01375600
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01375600 mov ecx, dword ptr fs:[00000030h]5_2_01375600
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01375600 mov eax, dword ptr fs:[00000030h]5_2_01375600
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01375600 mov ecx, dword ptr fs:[00000030h]5_2_01375600
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01375600 mov ecx, dword ptr fs:[00000030h]5_2_01375600
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01375600 mov eax, dword ptr fs:[00000030h]5_2_01375600
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01375600 mov eax, dword ptr fs:[00000030h]5_2_01375600
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01375600 mov eax, dword ptr fs:[00000030h]5_2_01375600
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01375600 mov eax, dword ptr fs:[00000030h]5_2_01375600
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01375600 mov eax, dword ptr fs:[00000030h]5_2_01375600
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01375600 mov eax, dword ptr fs:[00000030h]5_2_01375600
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01375600 mov eax, dword ptr fs:[00000030h]5_2_01375600
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01375600 mov eax, dword ptr fs:[00000030h]5_2_01375600
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01375600 mov eax, dword ptr fs:[00000030h]5_2_01375600
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01375600 mov eax, dword ptr fs:[00000030h]5_2_01375600
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01374670 mov eax, dword ptr fs:[00000030h]5_2_01374670
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01374670 mov eax, dword ptr fs:[00000030h]5_2_01374670
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01374670 mov eax, dword ptr fs:[00000030h]5_2_01374670
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01374670 mov eax, dword ptr fs:[00000030h]5_2_01374670
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01411608 mov eax, dword ptr fs:[00000030h]5_2_01411608
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0136766D mov eax, dword ptr fs:[00000030h]5_2_0136766D
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013E6652 mov eax, dword ptr fs:[00000030h]5_2_013E6652
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013586A0 mov eax, dword ptr fs:[00000030h]5_2_013586A0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013D46A7 mov eax, dword ptr fs:[00000030h]5_2_013D46A7
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013676E2 mov eax, dword ptr fs:[00000030h]5_2_013676E2
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013816E0 mov ecx, dword ptr fs:[00000030h]5_2_013816E0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013836CC mov eax, dword ptr fs:[00000030h]5_2_013836CC
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_014156B6 mov eax, dword ptr fs:[00000030h]5_2_014156B6
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_014156B6 mov eax, dword ptr fs:[00000030h]5_2_014156B6
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013806C0 mov eax, dword ptr fs:[00000030h]5_2_013806C0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013806C0 mov ecx, dword ptr fs:[00000030h]5_2_013806C0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013806C0 mov eax, dword ptr fs:[00000030h]5_2_013806C0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013806C0 mov eax, dword ptr fs:[00000030h]5_2_013806C0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013806C0 mov eax, dword ptr fs:[00000030h]5_2_013806C0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013806C0 mov eax, dword ptr fs:[00000030h]5_2_013806C0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013806C0 mov eax, dword ptr fs:[00000030h]5_2_013806C0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013806C0 mov eax, dword ptr fs:[00000030h]5_2_013806C0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013806C0 mov eax, dword ptr fs:[00000030h]5_2_013806C0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013806C0 mov eax, dword ptr fs:[00000030h]5_2_013806C0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013806C0 mov eax, dword ptr fs:[00000030h]5_2_013806C0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013806C0 mov eax, dword ptr fs:[00000030h]5_2_013806C0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013806C0 mov eax, dword ptr fs:[00000030h]5_2_013806C0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01411951 mov eax, dword ptr fs:[00000030h]5_2_01411951
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0141E962 mov eax, dword ptr fs:[00000030h]5_2_0141E962
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01428966 mov eax, dword ptr fs:[00000030h]5_2_01428966
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0135C962 mov eax, dword ptr fs:[00000030h]5_2_0135C962
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0135395E mov eax, dword ptr fs:[00000030h]5_2_0135395E
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0135395E mov eax, dword ptr fs:[00000030h]5_2_0135395E
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0137B944 mov eax, dword ptr fs:[00000030h]5_2_0137B944
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0137B944 mov eax, dword ptr fs:[00000030h]5_2_0137B944
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013899BC mov eax, dword ptr fs:[00000030h]5_2_013899BC
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0138C9BF mov eax, dword ptr fs:[00000030h]5_2_0138C9BF
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0138C9BF mov eax, dword ptr fs:[00000030h]5_2_0138C9BF
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013799BF mov ecx, dword ptr fs:[00000030h]5_2_013799BF
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013799BF mov ecx, dword ptr fs:[00000030h]5_2_013799BF
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013799BF mov eax, dword ptr fs:[00000030h]5_2_013799BF
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013799BF mov ecx, dword ptr fs:[00000030h]5_2_013799BF
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013799BF mov ecx, dword ptr fs:[00000030h]5_2_013799BF
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013799BF mov eax, dword ptr fs:[00000030h]5_2_013799BF
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013799BF mov ecx, dword ptr fs:[00000030h]5_2_013799BF
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013799BF mov ecx, dword ptr fs:[00000030h]5_2_013799BF
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013799BF mov eax, dword ptr fs:[00000030h]5_2_013799BF
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013799BF mov ecx, dword ptr fs:[00000030h]5_2_013799BF
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013799BF mov ecx, dword ptr fs:[00000030h]5_2_013799BF
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013799BF mov eax, dword ptr fs:[00000030h]5_2_013799BF
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_014119D8 mov eax, dword ptr fs:[00000030h]5_2_014119D8
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013D69A6 mov eax, dword ptr fs:[00000030h]5_2_013D69A6
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_014289E7 mov eax, dword ptr fs:[00000030h]5_2_014289E7
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0135B990 mov eax, dword ptr fs:[00000030h]5_2_0135B990
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01382990 mov eax, dword ptr fs:[00000030h]5_2_01382990
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_014149A4 mov eax, dword ptr fs:[00000030h]5_2_014149A4
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_014149A4 mov eax, dword ptr fs:[00000030h]5_2_014149A4
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_014149A4 mov eax, dword ptr fs:[00000030h]5_2_014149A4
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_014149A4 mov eax, dword ptr fs:[00000030h]5_2_014149A4
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013699C7 mov eax, dword ptr fs:[00000030h]5_2_013699C7
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013699C7 mov eax, dword ptr fs:[00000030h]5_2_013699C7
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013699C7 mov eax, dword ptr fs:[00000030h]5_2_013699C7
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013699C7 mov eax, dword ptr fs:[00000030h]5_2_013699C7
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01411843 mov eax, dword ptr fs:[00000030h]5_2_01411843
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0137A830 mov eax, dword ptr fs:[00000030h]5_2_0137A830
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0137A830 mov eax, dword ptr fs:[00000030h]5_2_0137A830
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0137A830 mov eax, dword ptr fs:[00000030h]5_2_0137A830
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0137A830 mov eax, dword ptr fs:[00000030h]5_2_0137A830
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01356800 mov eax, dword ptr fs:[00000030h]5_2_01356800
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01356800 mov eax, dword ptr fs:[00000030h]5_2_01356800
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_01356800 mov eax, dword ptr fs:[00000030h]5_2_01356800
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0137F86D mov eax, dword ptr fs:[00000030h]5_2_0137F86D
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_014118CA mov eax, dword ptr fs:[00000030h]5_2_014118CA
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013628AE mov eax, dword ptr fs:[00000030h]5_2_013628AE
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013628AE mov eax, dword ptr fs:[00000030h]5_2_013628AE
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013628AE mov eax, dword ptr fs:[00000030h]5_2_013628AE
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013628AE mov ecx, dword ptr fs:[00000030h]5_2_013628AE
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013628AE mov eax, dword ptr fs:[00000030h]5_2_013628AE
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013628AE mov eax, dword ptr fs:[00000030h]5_2_013628AE
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013878A0 mov eax, dword ptr fs:[00000030h]5_2_013878A0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013878A0 mov eax, dword ptr fs:[00000030h]5_2_013878A0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013878A0 mov eax, dword ptr fs:[00000030h]5_2_013878A0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013878A0 mov eax, dword ptr fs:[00000030h]5_2_013878A0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013878A0 mov eax, dword ptr fs:[00000030h]5_2_013878A0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013878A0 mov eax, dword ptr fs:[00000030h]5_2_013878A0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013878A0 mov eax, dword ptr fs:[00000030h]5_2_013878A0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_013878A0 mov eax, dword ptr fs:[00000030h]5_2_013878A0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeProcess queried: DebugPortJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeCode function: 5_2_0139967A LdrInitializeThunk,5_2_0139967A
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeMemory allocated: page read and write | page guardJump to behavior

      HIPS / PFW / Operating System Protection Evasion

      barindex
      Injects a PE file into a foreign processes
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeMemory written: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe base: 400000 value starts with: 4D5AJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

      Stealing of Sensitive Information

      barindex
      Yara detected FormBook
      Source: Yara matchFile source: 00000005.00000002.311228472.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

      Remote Access Functionality

      barindex
      Yara detected FormBook
      Source: Yara matchFile source: 00000005.00000002.311228472.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

      Mitre Att&ck Matrix

      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
      Valid AccountsWindows Management InstrumentationPath Interception111
      Process Injection      		1
      Masquerading      		1
      Input Capture      		121
      Security Software Discovery      		Remote Services1
      Input Capture      		Exfiltration Over Other Network Medium1
      Encrypted Channel      		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
      Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
      Disable or Modify Tools      		LSASS Memory1
      Process Discovery      		Remote Desktop Protocol1
      Archive Collected Data      		Exfiltration Over Bluetooth1
      Application Layer Protocol      		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
      Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)31
      Virtualization/Sandbox Evasion      		Security Account Manager31
      Virtualization/Sandbox Evasion      		SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
      Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)111
      Process Injection      		NTDS12
      System Information Discovery      		Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
      Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
      Deobfuscate/Decode Files or Information      		LSA SecretsRemote System DiscoverySSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
      Replication Through Removable MediaLaunchdRc.commonRc.common3
      Obfuscated Files or Information      		Cached Domain CredentialsSystem Owner/User DiscoveryVNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
      External Remote ServicesScheduled TaskStartup ItemsStartup Items12
      Software Packing      		DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
      Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job1
      Timestomp      		Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe15%ReversingLabs
      SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe100%AviraHEUR/AGEN.1249296
      SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe100%Joe Sandbox ML

      Dropped Files

      No Antivirus matches

      Unpacked PE Files

      SourceDetectionScannerLabelLinkDownload
      5.0.SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
      2.0.SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe.1c0000.0.unpack100%AviraHEUR/AGEN.1249296Download File

      Domains

      No Antivirus matches

      URLs

      SourceDetectionScannerLabelLink
      http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
      http://www.tiro.com0%URL Reputationsafe
      http://www.goodfont.co.kr0%URL Reputationsafe
      http://www.carterandcone.coml0%URL Reputationsafe
      http://www.sajatypeworks.com0%URL Reputationsafe
      http://www.typography.netD0%URL Reputationsafe
      http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
      http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
      http://fontfabrik.com0%URL Reputationsafe
      http://www.founder.com.cn/cn0%URL Reputationsafe
      http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
      http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
      http://www.sandoll.co.kr0%URL Reputationsafe
      http://www.urwpp.deDPlease0%URL Reputationsafe
      http://www.zhongyicts.com.cn0%URL Reputationsafe
      http://www.sakkal.com0%URL Reputationsafe
      www.attracttitude.com/fqwu/0%Avira URL Cloudsafe

      Domains and IPs

      Contacted Domains

      No contacted domains info

      Contacted URLs

      NameMaliciousAntivirus DetectionReputation
      www.attracttitude.com/fqwu/true
      • Avira URL Cloud: safe
      		low

      URLs from Memory and Binaries

      NameSourceMaliciousAntivirus DetectionReputation
      http://www.apache.org/licenses/LICENSE-2.0SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmpfalse
        		high
        http://www.fontbureau.comSecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmpfalse
          		high
          http://www.fontbureau.com/designersGSecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmpfalse
            		high
            http://www.fontbureau.com/designers/?SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmpfalse
              		high
              http://www.founder.com.cn/cn/bTheSecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              http://www.fontbureau.com/designers?SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmpfalse
                		high
                http://www.tiro.comSecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                http://www.fontbureau.com/designersSecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmpfalse
                  		high
                  http://www.goodfont.co.krSecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  http://www.carterandcone.comlSecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  http://www.sajatypeworks.comSecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  http://www.typography.netDSecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  http://www.fontbureau.com/designers/cabarga.htmlNSecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmpfalse
                    		high
                    http://www.founder.com.cn/cn/cTheSecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://www.galapagosdesign.com/staff/dennis.htmSecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://fontfabrik.comSecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://www.founder.com.cn/cnSecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://www.fontbureau.com/designers/frere-user.htmlSecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmpfalse
                      		high
                      http://www.jiyu-kobo.co.jp/SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://www.galapagosdesign.com/DPleaseSecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://www.fontbureau.com/designers8SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmpfalse
                        		high
                        http://www.fonts.comSecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          http://www.sandoll.co.krSecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://www.urwpp.deDPleaseSecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://www.zhongyicts.com.cnSecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://www.sakkal.comSecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown

                          World Map of Contacted IPs

                          No contacted IP infos

                          General Information

                          Joe Sandbox Version:36.0.0 Rainbow Opal
                          Analysis ID:756214
                          Start date and time:2022-11-29 20:33:08 +01:00
                          Joe Sandbox Product:CloudBasic
                          Overall analysis duration:0h 6m 27s
                          Hypervisor based Inspection enabled:false
                          Report type:full
                          Sample file name:SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe
                          Cookbook file name:default.jbs
                          Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                          Number of analysed new started processes analysed:11
                          Number of new started drivers analysed:0
                          Number of existing processes analysed:0
                          Number of existing drivers analysed:0
                          Number of injected processes analysed:0
                          Technologies:
                          • HCA enabled
                          • EGA enabled
                          • HDC enabled
                          • AMSI enabled
                          Analysis Mode:default
                          Analysis stop reason:Timeout
                          Detection:MAL
                          Classification:mal100.troj.evad.winEXE@3/1@0/0
                          EGA Information:
                          • Successful, ratio: 100%
                          HDC Information:
                          • Successful, ratio: 59.8% (good quality ratio 54.3%)
                          • Quality average: 75.4%
                          • Quality standard deviation: 30.7%
                          HCA Information:
                          • Successful, ratio: 85%
                          • Number of executed functions: 24
                          • Number of non-executed functions: 237
                          Cookbook Comments:
                          • Found application associated with file extension: .exe

                          Warnings

                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, WMIADAP.exe, SgrmBroker.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
                          • Excluded domains from analysis (whitelisted): ctldl.windowsupdate.com
                          • Not all processes where analyzed, report is missing behavior information
                          • Report size getting too big, too many NtAllocateVirtualMemory calls found.

                          Simulations

                          Behavior and APIs

                          TimeTypeDescription
                          20:34:03API Interceptor1x Sleep call for process: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe modified

                          Joe Sandbox View / Context

                          IPs

                          No context

                          Domains

                          No context

                          ASNs

                          No context

                          JA3 Fingerprints

                          No context

                          Dropped Files

                          No context

                          Created / dropped Files

                          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe.log

                          Download File
                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe
                          File Type:ASCII text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):1216
                          Entropy (8bit):5.355304211458859
                          Encrypted:false
                          SSDEEP:24:MLUE4K5E4Ks2E1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4x84j:MIHK5HKXE1qHiYHKhQnoPtHoxHhAHKzr
                          MD5:FED34146BF2F2FA59DCF8702FCC8232E
                          SHA1:B03BFEA175989D989850CF06FE5E7BBF56EAA00A
                          SHA-256:123BE4E3590609A008E85501243AF5BC53FA0C26C82A92881B8879524F8C0D5C
                          SHA-512:1CC89F2ED1DBD70628FA1DC41A32BA0BFA3E81EAE1A1CF3C5F6A48F2DA0BF1F21A5001B8A18B04043C5B8FE4FBE663068D86AA8C4BD8E17933F75687C3178FF6
                          Malicious:true
                          Reputation:high, very likely benign file
                          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b219d4630d26b88041b59c21

                          Static File Info

                          General

                          File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                          Entropy (8bit):7.566857272366476
                          TrID:
                          • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                          • Win32 Executable (generic) a (10002005/4) 49.75%
                          • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                          • Windows Screen Saver (13104/52) 0.07%
                          • Generic Win/DOS Executable (2004/3) 0.01%
                          File name:SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe
                          File size:810496
                          MD5:b94ac3cb559832fa92e65b6a127ba7e0
                          SHA1:def0dd941e90de0dc3d077033dbc234e86bcc077
                          SHA256:c1fd700322fe5a908b87744730a34c923c9db9163adc0d018545c4ab285a31b9
                          SHA512:b221425dc8dc5058fed6ef7a7200dde81f89788fc54bc709b261bd7c467737d5528575de33da853828c200bf6c4d83c4a706361d64ffc142ab6b6d3d02034164
                          SSDEEP:12288:vOvEq3qsQx8CuOrz/fsjE+en9+Ijp4mcDTUO95e6ANXJzvFC:zq3qn8CTrz/fswj9+ISmEVC6Ajzv
                          TLSH:9805392297B1C606F83389ED62DC5A514EA850C158B8C949CC523DC15E78E6BF4FCAFB
                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....J...............0..V...........t... ........@.. ....................................@................................

                          File Icon

                          Icon Hash:00828e8e8686b000

                          Static PE Info

                          General

                          Entrypoint:0x4c7402
                          Entrypoint Section:.text
                          Digitally signed:false
                          Imagebase:0x400000
                          Subsystem:windows gui
                          Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                          DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                          Time Stamp:0x814AECD0 [Mon Sep 27 03:32:32 2038 UTC]
                          TLS Callbacks:
                          CLR (.Net) Version:
                          OS Version Major:4
                          OS Version Minor:0
                          File Version Major:4
                          File Version Minor:0
                          Subsystem Version Major:4
                          Subsystem Version Minor:0
                          Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                          Entrypoint Preview

                          Instruction
                          jmp dword ptr [00402000h]
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al

                          Data Directories

                          NameVirtual AddressVirtual Size Is in Section
                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                          IMAGE_DIRECTORY_ENTRY_IMPORT0xc73b00x4f.text
                          IMAGE_DIRECTORY_ENTRY_RESOURCE0xc80000x370.rsrc
                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                          IMAGE_DIRECTORY_ENTRY_BASERELOC0xca0000xc.reloc
                          IMAGE_DIRECTORY_ENTRY_DEBUG0xc73940x1c.text
                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                          IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                          Sections

                          NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                          .text0x20000xc54080xc5600False0.7798324691260291data7.572220133283429IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                          .rsrc0xc80000x3700x400False0.36328125data2.7819019941376095IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                          .reloc0xca0000xc0x200False0.044921875data0.09800417566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                          Resources

                          NameRVASizeTypeLanguageCountry
                          RT_VERSION0xc80580x314data

                          Imports

                          DLLImport
                          mscoree.dll_CorExeMain

                          Network Behavior

                          No network behavior found

                          Statistics

                          CPU Usage

                          Click to jump to process

                          Memory Usage

                          Click to jump to process

                          High Level Behavior Distribution

                          Click to dive into process behavior distribution

                          Behavior

                          Click to jump to process

                          System Behavior

                          General

                          Target ID:2
                          Start time:20:33:55
                          Start date:29/11/2022
                          Path:C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe
                          Wow64 process (32bit):true
                          Commandline:C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe
                          Imagebase:0x1c0000
                          File size:810496 bytes
                          MD5 hash:B94AC3CB559832FA92E65B6A127BA7E0
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:.Net C# or VB.NET
                          Yara matches:
                          • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000002.00000002.313453933.0000000002C01000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                          Reputation:low

                          General

                          Target ID:5
                          Start time:20:34:04
                          Start date:29/11/2022
                          Path:C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe
                          Wow64 process (32bit):true
                          Commandline:C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe
                          Imagebase:0x830000
                          File size:810496 bytes
                          MD5 hash:B94AC3CB559832FA92E65B6A127BA7E0
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:C, C++ or other language
                          Yara matches:
                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000005.00000002.311228472.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                          • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.311228472.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000002.311228472.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000005.00000002.311228472.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                          Reputation:low

                          Disassembly

                          Reset < >

                            Execution Graph

                            Execution Coverage:5.7%
                            Dynamic/Decrypted Code Coverage:100%
                            Signature Coverage:0%
                            Total number of Nodes:27
                            Total number of Limit Nodes:2
                            execution_graph 6439 6e4bfa0 6440 6e4bfeb ReadProcessMemory 6439->6440 6442 6e4c02f 6440->6442 6443 6e4be80 6444 6e4bec8 WriteProcessMemory 6443->6444 6446 6e4bf1f 6444->6446 6447 82f7d48 6448 82f7d5d 6447->6448 6451 6e4bbf8 6448->6451 6452 6e4bc3d SetThreadContext 6451->6452 6454 6e4bc85 6452->6454 6455 82f7c78 6456 82f7c8d 6455->6456 6459 6e4bd90 6456->6459 6460 6e4bdd0 VirtualAllocEx 6459->6460 6462 6e4be0d 6460->6462 6463 6e4c198 6464 6e4c221 CreateProcessA 6463->6464 6466 6e4c3e3 6464->6466 6467 6e4bb18 6468 6e4bb58 ResumeThread 6467->6468 6470 6e4bb89 6468->6470 6471 82f7d90 6472 82f7f1b 6471->6472 6473 82f7db6 6471->6473 6473->6472 6475 82f8010 PostMessageW 6473->6475 6476 82f807c 6475->6476 6476->6473

                            Executed Functions

                            Function 06E4C198 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 0 6e4c198-6e4c22d 2 6e4c266-6e4c286 0->2 3 6e4c22f-6e4c239 0->3 10 6e4c2bf-6e4c2ee 2->10 11 6e4c288-6e4c292 2->11 3->2 4 6e4c23b-6e4c23d 3->4 5 6e4c260-6e4c263 4->5 6 6e4c23f-6e4c249 4->6 5->2 8 6e4c24d-6e4c25c 6->8 9 6e4c24b 6->9 8->8 13 6e4c25e 8->13 9->8 19 6e4c327-6e4c3e1 CreateProcessA 10->19 20 6e4c2f0-6e4c2fa 10->20 11->10 12 6e4c294-6e4c296 11->12 14 6e4c298-6e4c2a2 12->14 15 6e4c2b9-6e4c2bc 12->15 13->5 17 6e4c2a4 14->17 18 6e4c2a6-6e4c2b5 14->18 15->10 17->18 18->18 21 6e4c2b7 18->21 31 6e4c3e3-6e4c3e9 19->31 32 6e4c3ea-6e4c470 19->32 20->19 22 6e4c2fc-6e4c2fe 20->22 21->15 24 6e4c300-6e4c30a 22->24 25 6e4c321-6e4c324 22->25 26 6e4c30c 24->26 27 6e4c30e-6e4c31d 24->27 25->19 26->27 27->27 29 6e4c31f 27->29 29->25 31->32 42 6e4c480-6e4c484 32->42 43 6e4c472-6e4c476 32->43 45 6e4c494-6e4c498 42->45 46 6e4c486-6e4c48a 42->46 43->42 44 6e4c478 43->44 44->42 47 6e4c4a8-6e4c4ac 45->47 48 6e4c49a-6e4c49e 45->48 46->45 49 6e4c48c 46->49 51 6e4c4be-6e4c4c5 47->51 52 6e4c4ae-6e4c4b4 47->52 48->47 50 6e4c4a0 48->50 49->45 50->47 53 6e4c4c7-6e4c4d6 51->53 54 6e4c4dc 51->54 52->51 53->54
                            APIs
                            • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 06E4C3CE
                            Memory Dump Source
                            • Source File: 00000002.00000002.322435929.0000000006E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E40000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_2_2_6e40000_SecuriteInfo.jbxd
                            Similarity
                            • API ID: CreateProcess
                            • String ID:
                            • API String ID: 963392458-0
                            • Opcode ID: 27f92fad89076420e3c42fd801b42cb6d6b612104af31e03647d40d3b61b5c01
                            • Instruction ID: b7e6531b1b65c726c999b3d4a77001becb61712c573b1c8bfa79fc68260ee010
                            • Opcode Fuzzy Hash: 27f92fad89076420e3c42fd801b42cb6d6b612104af31e03647d40d3b61b5c01
                            • Instruction Fuzzy Hash: F6919931D01719CFDB50DFA8D880BEDBBB2BF48708F1495A9E809A7240DB749985CF91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 06E4BE80 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 56 6e4be80-6e4bece 58 6e4bed0-6e4bedc 56->58 59 6e4bede-6e4bf1d WriteProcessMemory 56->59 58->59 61 6e4bf26-6e4bf56 59->61 62 6e4bf1f-6e4bf25 59->62 62->61
                            APIs
                            • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 06E4BF10
                            Memory Dump Source
                            • Source File: 00000002.00000002.322435929.0000000006E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E40000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_2_2_6e40000_SecuriteInfo.jbxd
                            Similarity
                            • API ID: MemoryProcessWrite
                            • String ID:
                            • API String ID: 3559483778-0
                            • Opcode ID: d28f28e6b63ad35d7fd933c06fa2b01091910b9be6bc10fb662361e115c4f47d
                            • Instruction ID: cfba4345934340f7527295e88dd8ad700be68f954659731eeb8aefb890583938
                            • Opcode Fuzzy Hash: d28f28e6b63ad35d7fd933c06fa2b01091910b9be6bc10fb662361e115c4f47d
                            • Instruction Fuzzy Hash: 272115759003499FCB10DFA9C885BDEBBF5FB48314F54842AE919A7240C778A944CFA1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 06E4BFA0 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 76 6e4bfa0-6e4c02d ReadProcessMemory 79 6e4c036-6e4c066 76->79 80 6e4c02f-6e4c035 76->80 80->79
                            APIs
                            • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 06E4C020
                            Memory Dump Source
                            • Source File: 00000002.00000002.322435929.0000000006E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E40000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_2_2_6e40000_SecuriteInfo.jbxd
                            Similarity
                            • API ID: MemoryProcessRead
                            • String ID:
                            • API String ID: 1726664587-0
                            • Opcode ID: 1af0324254f654b39dd4425dccfad63b9c647bc480273a2f82fc710c5c10c1f1
                            • Instruction ID: 3cabe32d3db5b051b767c6512194bccd09abb49eb948b008155f1aa8e7509708
                            • Opcode Fuzzy Hash: 1af0324254f654b39dd4425dccfad63b9c647bc480273a2f82fc710c5c10c1f1
                            • Instruction Fuzzy Hash: F92116B1C003499FCB10DFAAC884AEEBBB5FF48314F54842AE519A7240D7759944CFA1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 06E4BBF8 Relevance: 1.6, APIs: 1, Instructions: 63threadinjectionCOMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 66 6e4bbf8-6e4bc43 68 6e4bc45-6e4bc51 66->68 69 6e4bc53-6e4bc83 SetThreadContext 66->69 68->69 71 6e4bc85-6e4bc8b 69->71 72 6e4bc8c-6e4bcbc 69->72 71->72
                            APIs
                            • SetThreadContext.KERNELBASE(?,00000000), ref: 06E4BC76
                            Memory Dump Source
                            • Source File: 00000002.00000002.322435929.0000000006E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E40000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_2_2_6e40000_SecuriteInfo.jbxd
                            Similarity
                            • API ID: ContextThread
                            • String ID:
                            • API String ID: 1591575202-0
                            • Opcode ID: 04ae00b80df14cc72f022ec443f5f7138c98d69cbec7e9b8f2f5c3add90ea42d
                            • Instruction ID: e09dccfc9160048773190812f3ed5e536f664a175187189112c488e1ecfca681
                            • Opcode Fuzzy Hash: 04ae00b80df14cc72f022ec443f5f7138c98d69cbec7e9b8f2f5c3add90ea42d
                            • Instruction Fuzzy Hash: FD214971D003098FCB50DFAAC4847EEBBF4EF88254F54842ED519A7640CB78A945CFA1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 06E4BD90 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 84 6e4bd90-6e4be0b VirtualAllocEx 87 6e4be14-6e4be39 84->87 88 6e4be0d-6e4be13 84->88 88->87
                            APIs
                            • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06E4BDFE
                            Memory Dump Source
                            • Source File: 00000002.00000002.322435929.0000000006E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E40000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_2_2_6e40000_SecuriteInfo.jbxd
                            Similarity
                            • API ID: AllocVirtual
                            • String ID:
                            • API String ID: 4275171209-0
                            • Opcode ID: 3de3fe83826e68ec41657e8c9bf23ee1effd8845ab7811c14a51cf3c72102998
                            • Instruction ID: bdf19291705cdd814089cfef702d99e7b0af553f35eecdf5ac5b2f861a74fe0c
                            • Opcode Fuzzy Hash: 3de3fe83826e68ec41657e8c9bf23ee1effd8845ab7811c14a51cf3c72102998
                            • Instruction Fuzzy Hash: 8F113472D002499FCB10DFAAC844BDFBBF5EF88324F14881AE619A7650C775A944CFA1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 06E4BB18 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 92 6e4bb18-6e4bb87 ResumeThread 95 6e4bb90-6e4bbb5 92->95 96 6e4bb89-6e4bb8f 92->96 96->95
                            APIs
                            Memory Dump Source
                            • Source File: 00000002.00000002.322435929.0000000006E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E40000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_2_2_6e40000_SecuriteInfo.jbxd
                            Similarity
                            • API ID: ResumeThread
                            • String ID:
                            • API String ID: 947044025-0
                            • Opcode ID: 4894c3d56fce819920b4e8068243288e2d90abcba32ddcbe078cde41256b7962
                            • Instruction ID: d94972682cbca8704dbfff85c34cd1800cb324de4635fe0fbaa592b0fe1dd364
                            • Opcode Fuzzy Hash: 4894c3d56fce819920b4e8068243288e2d90abcba32ddcbe078cde41256b7962
                            • Instruction Fuzzy Hash: 97113A71D003488BCB10DFAAC4447DEFBF4AB88224F14841DD519A7640C775A944CF95
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 082F8010 Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 100 82f8010-82f807a PostMessageW 101 82f807c-82f8082 100->101 102 82f8083-82f8097 100->102 101->102
                            APIs
                            • PostMessageW.USER32(?,?,?,?), ref: 082F806D
                            Memory Dump Source
                            • Source File: 00000002.00000002.327274453.00000000082F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 082F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_2_2_82f0000_SecuriteInfo.jbxd
                            Similarity
                            • API ID: MessagePost
                            • String ID:
                            • API String ID: 410705778-0
                            • Opcode ID: 56214b2a9cbd12e27fa56be4973e167acded44b03a04d65e0a79296124e9c064
                            • Instruction ID: 92dfaf62c1aba76e21e437166aa456ab6000d446b6dbabcaca8418baf42fa0b2
                            • Opcode Fuzzy Hash: 56214b2a9cbd12e27fa56be4973e167acded44b03a04d65e0a79296124e9c064
                            • Instruction Fuzzy Hash: 1F11E2B58003499FDB10DF9AD889BDEFBF8EB48324F14842AE515A7600C375A984CFA1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Non-executed Functions

                            Function 082F0026 Relevance: 1.4, Strings: 1, Instructions: 108COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000002.00000002.327274453.00000000082F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 082F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_2_2_82f0000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID: j
                            • API String ID: 0-2137352139
                            • Opcode ID: dae969132c87da1f04e6678079a50ed688bd20e0cde1d3838a2b494f9f6f4bdf
                            • Instruction ID: f2a4552f188f5956a20ce90c367d9532f9e19913fb2ad5abf747d1884986b357
                            • Opcode Fuzzy Hash: dae969132c87da1f04e6678079a50ed688bd20e0cde1d3838a2b494f9f6f4bdf
                            • Instruction Fuzzy Hash: A4417671E05A548FE75DCF678D4068BFAF3AFC9241F58C1FA940CAA255EB3005458F51
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 082F0040 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000002.00000002.327274453.00000000082F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 082F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_2_2_82f0000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID: j
                            • API String ID: 0-2137352139
                            • Opcode ID: 06e394441c9099af7484835581c9af52aec72d2c96f7797af49e658cbd24ad54
                            • Instruction ID: 7bbd9ba06107d71f3a03729bd91e7cc881b853a70dbe0d49dd757e84e04cfe2f
                            • Opcode Fuzzy Hash: 06e394441c9099af7484835581c9af52aec72d2c96f7797af49e658cbd24ad54
                            • Instruction Fuzzy Hash: E4416D71E11A18CBEB5CCF6B8C4068AFAF3BFC9201F54C1B9880CAA255EB700985CF01
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 06E43990 Relevance: 1.4, Strings: 1, Instructions: 103COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000002.00000002.322435929.0000000006E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E40000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_2_2_6e40000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID: 7
                            • API String ID: 0-1790921346
                            • Opcode ID: eb512b97791c6b49c2b30efca8db08102f75e3c20461cad002f3403b581f40c4
                            • Instruction ID: a4cd3dd09f8bf828a9fa038aca3249dd66e5c1725c47a95a66c809db0224b607
                            • Opcode Fuzzy Hash: eb512b97791c6b49c2b30efca8db08102f75e3c20461cad002f3403b581f40c4
                            • Instruction Fuzzy Hash: 1B414671E056588BEB5CDF6B9D4068EFAF7AFC9200F18C1BAC40CAB219DB3105558F51
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 06E439A0 Relevance: 1.4, Strings: 1, Instructions: 101COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000002.00000002.322435929.0000000006E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E40000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_2_2_6e40000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID: 7
                            • API String ID: 0-1790921346
                            • Opcode ID: a981227be77e9c7f594cac2a97c08407476e852800f0a42336c31f4e8225538e
                            • Instruction ID: 4b48758c8a9826ac644fbb2923ed485c55ed52b55aaad62d91c5a782b99fa9f2
                            • Opcode Fuzzy Hash: a981227be77e9c7f594cac2a97c08407476e852800f0a42336c31f4e8225538e
                            • Instruction Fuzzy Hash: 2B4124B1E01A588BEB5CCF6BDD4068EFAF7AFC9300F14C1BA840DAA218DB3105568F11
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 06E436F0 Relevance: .2, Instructions: 166COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000002.00000002.322435929.0000000006E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E40000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_2_2_6e40000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 8662533a71b9219bf5728d760e35dbaf3422d160ee205506dc9c2c810b18faca
                            • Instruction ID: 8ea499647fab74870eb06a2c5b70e850fec61e65a8373061350d39e88d2659fa
                            • Opcode Fuzzy Hash: 8662533a71b9219bf5728d760e35dbaf3422d160ee205506dc9c2c810b18faca
                            • Instruction Fuzzy Hash: 01615F70E056448FD748EF6BE991A8ABBF3BFC9208F14C83AD1049B265EB7459058B91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 06E43700 Relevance: .2, Instructions: 160COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000002.00000002.322435929.0000000006E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E40000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_2_2_6e40000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: c8b0fe6f2ef96af03c47a2ff9c8219d317a114b5a8f064b974fbb1507d39c657
                            • Instruction ID: 5919eab6ecb990928efd17ce24a6a6d5c266efdb7742d020b0bc5c8f57642f5c
                            • Opcode Fuzzy Hash: c8b0fe6f2ef96af03c47a2ff9c8219d317a114b5a8f064b974fbb1507d39c657
                            • Instruction Fuzzy Hash: E3616070E016448FD748EF6BE991A8ABBF3FFC9308F14C83AD1049B265EB7459058B91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Execution Graph

                            Execution Coverage:1.2%
                            Dynamic/Decrypted Code Coverage:2.8%
                            Signature Coverage:9.9%
                            Total number of Nodes:212
                            Total number of Limit Nodes:31
                            execution_graph 53617 4014e9 53618 4014f0 NtProtectVirtualMemory 53617->53618 53620 401570 53618->53620 53624 422f43 53620->53624 53627 422f47 53620->53627 53621 40157b 53630 41f577 53624->53630 53626 422f52 53626->53621 53628 422f52 53627->53628 53629 41f577 9 API calls 53627->53629 53628->53621 53629->53628 53631 41f59d 53630->53631 53638 40b367 53631->53638 53633 41f5a9 53637 41f5f5 53633->53637 53644 40f597 NtClose 53633->53644 53635 41f5be 53645 40d197 9 API calls 53635->53645 53637->53626 53641 40b374 53638->53641 53646 40b2b7 53638->53646 53640 40b37b 53640->53633 53641->53640 53653 40f357 NtClose 53641->53653 53643 40b38c 53643->53633 53644->53635 53645->53637 53648 40b2ca 53646->53648 53647 40b2dd 53647->53641 53648->53647 53654 41eed7 53648->53654 53650 40b31a 53650->53647 53665 40b0e7 53650->53665 53652 40b33a 53652->53641 53653->53643 53655 41eef0 53654->53655 53672 418697 53655->53672 53657 41ef08 53658 41ef11 53657->53658 53701 41ed17 53657->53701 53658->53650 53660 41ef25 53660->53658 53714 41da77 53660->53714 53666 40b0f5 53665->53666 53857 408937 53666->53857 53668 40b108 53668->53652 53669 40b101 53669->53668 53870 408bf7 53669->53870 53673 4186ab 53672->53673 53676 4187bf 53672->53676 53673->53676 53721 41ded7 53673->53721 53675 418803 53677 41fa67 RtlFreeHeap 53675->53677 53676->53657 53678 41880f 53677->53678 53678->53676 53679 41899e 53678->53679 53680 4189b4 53678->53680 53685 4188a7 53678->53685 53681 41e007 NtClose 53679->53681 53770 4183b7 NtReadFile NtClose 53680->53770 53682 4189a5 53681->53682 53682->53657 53684 4189c7 53684->53657 53686 41890e 53685->53686 53687 4188b6 53685->53687 53686->53679 53693 418921 53686->53693 53688 4188bb 53687->53688 53689 4188cf 53687->53689 53766 418277 NtClose 53688->53766 53691 4188d4 53689->53691 53692 4188ec 53689->53692 53724 418317 53691->53724 53692->53682 53734 418037 53692->53734 53767 41e007 53693->53767 53694 4188c5 53694->53657 53696 4188e2 53696->53657 53699 418904 53699->53657 53700 41898d 53700->53657 53703 41ed32 53701->53703 53702 41ed44 53702->53660 53703->53702 53788 41f9e7 53703->53788 53705 41ed64 53791 417c87 53705->53791 53707 41ed87 53707->53702 53708 417c87 2 API calls 53707->53708 53710 41eda9 53708->53710 53710->53702 53816 418fe7 53710->53816 53711 41ee31 53827 41da37 53711->53827 53715 41da93 53714->53715 53851 139967a 53715->53851 53716 41daae 53718 41fa67 53716->53718 53854 41e1e7 53718->53854 53720 41ef80 53720->53650 53771 41eb27 53721->53771 53723 41def3 NtCreateFile 53723->53675 53725 418333 53724->53725 53726 41835b 53725->53726 53727 41836f 53725->53727 53728 41e007 NtClose 53726->53728 53729 41e007 NtClose 53727->53729 53730 418364 53728->53730 53731 418378 53729->53731 53730->53696 53773 41fb87 RtlAllocateHeap 53731->53773 53733 418383 53733->53696 53735 418082 53734->53735 53736 4180b5 53734->53736 53738 41e007 NtClose 53735->53738 53737 4180d1 53736->53737 53742 418200 53736->53742 53740 4180f3 53737->53740 53741 418108 53737->53741 53739 4180a6 53738->53739 53739->53699 53743 41e007 NtClose 53740->53743 53744 418123 53741->53744 53745 41810d 53741->53745 53746 41e007 NtClose 53742->53746 53747 4180fc 53743->53747 53753 418128 53744->53753 53774 41fb47 53744->53774 53748 41e007 NtClose 53745->53748 53749 418260 53746->53749 53747->53699 53750 418116 53748->53750 53749->53699 53750->53699 53760 41813a 53753->53760 53777 41df87 53753->53777 53754 41818e 53755 4181c1 53754->53755 53756 4181ac 53754->53756 53757 41e007 NtClose 53755->53757 53758 41e007 NtClose 53756->53758 53759 4181ca 53757->53759 53758->53760 53761 4181f6 53759->53761 53780 41f867 53759->53780 53760->53699 53761->53699 53763 4181e1 53764 41fa67 RtlFreeHeap 53763->53764 53765 4181ea 53764->53765 53765->53699 53766->53694 53768 41eb27 53767->53768 53769 41e023 NtClose 53768->53769 53769->53700 53770->53684 53772 41eb36 53771->53772 53772->53723 53773->53733 53785 41e1a7 53774->53785 53776 41fb5f 53776->53753 53778 41eb27 53777->53778 53779 41dfa3 NtReadFile 53778->53779 53779->53754 53781 41f874 53780->53781 53782 41f88b 53780->53782 53781->53782 53783 41fb47 RtlAllocateHeap 53781->53783 53782->53763 53784 41f8a2 53783->53784 53784->53763 53786 41eb27 53785->53786 53787 41e1c3 RtlAllocateHeap 53786->53787 53787->53776 53789 41fa14 53788->53789 53831 41e0b7 53788->53831 53789->53705 53792 417c98 53791->53792 53793 417ca0 53791->53793 53792->53707 53815 417f73 53793->53815 53834 420b27 53793->53834 53795 417cf4 53796 420b27 RtlAllocateHeap 53795->53796 53799 417cff 53796->53799 53797 417d4d 53800 420b27 RtlAllocateHeap 53797->53800 53799->53797 53839 420bc7 53799->53839 53802 417d61 53800->53802 53801 420b27 RtlAllocateHeap 53804 417dd4 53801->53804 53802->53801 53803 420b27 RtlAllocateHeap 53809 417e1c 53803->53809 53804->53803 53806 417f4b 53846 420b87 RtlFreeHeap 53806->53846 53808 417f55 53847 420b87 RtlFreeHeap 53808->53847 53845 420b87 RtlFreeHeap 53809->53845 53811 417f5f 53848 420b87 RtlFreeHeap 53811->53848 53813 417f69 53849 420b87 RtlFreeHeap 53813->53849 53815->53707 53817 418ff8 53816->53817 53818 418697 5 API calls 53817->53818 53820 41900e 53818->53820 53819 419017 53819->53711 53820->53819 53821 41904e 53820->53821 53824 41909a 53820->53824 53822 41fa67 RtlFreeHeap 53821->53822 53823 41905f 53822->53823 53823->53711 53825 41fa67 RtlFreeHeap 53824->53825 53826 41909f 53825->53826 53826->53711 53828 41da53 53827->53828 53850 1399860 LdrInitializeThunk 53828->53850 53829 41da6a 53829->53660 53832 41eb27 53831->53832 53833 41e0d3 NtAllocateVirtualMemory 53832->53833 53833->53789 53835 420b37 53834->53835 53836 420b3d 53834->53836 53835->53795 53837 41fb47 RtlAllocateHeap 53836->53837 53838 420b63 53837->53838 53838->53795 53840 420bec 53839->53840 53842 420c24 53839->53842 53841 41fb47 RtlAllocateHeap 53840->53841 53843 420c01 53841->53843 53842->53799 53844 41fa67 RtlFreeHeap 53843->53844 53844->53842 53845->53806 53846->53808 53847->53811 53848->53813 53849->53815 53850->53829 53852 139968f LdrInitializeThunk 53851->53852 53853 1399681 53851->53853 53852->53716 53853->53716 53855 41e203 53854->53855 53856 41e212 RtlFreeHeap 53855->53856 53856->53720 53858 408942 53857->53858 53859 408947 53857->53859 53858->53669 53860 41f9e7 NtAllocateVirtualMemory 53859->53860 53867 40896c 53860->53867 53861 4089cf 53861->53669 53862 41da37 LdrInitializeThunk 53862->53867 53863 4089d5 53865 4089fb 53863->53865 53866 41e137 LdrInitializeThunk 53863->53866 53865->53669 53868 4089ec 53866->53868 53867->53861 53867->53862 53867->53863 53869 41f9e7 NtAllocateVirtualMemory 53867->53869 53873 41e137 53867->53873 53868->53669 53869->53867 53871 408c15 53870->53871 53872 41e137 LdrInitializeThunk 53870->53872 53871->53652 53872->53871 53874 41e153 53873->53874 53877 13996e0 LdrInitializeThunk 53874->53877 53875 41e16a 53875->53867 53877->53875 53878 1399660 LdrInitializeThunk

                            Executed Functions

                            Function 004012B4 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 176nativeCOMMON
                            Download Yara Rule

                            Control-flow Graph

                            APIs
                            • NtProtectVirtualMemory.NTDLL(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040153C
                            Strings
                            Memory Dump Source
                            • Source File: 00000005.00000002.311228472.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_401000_SecuriteInfo.jbxd
                            Yara matches
                            Similarity
                            • API ID: MemoryProtectVirtual
                            • String ID: ~.1`
                            • API String ID: 2706961497-328730035
                            • Opcode ID: 82806235985da035652c2b06a2fa06e4e402f68f9f339a13c088361678751219
                            • Instruction ID: 625e553a0c0a4db3f3d02bb2284ad2bb37cc2ac88b96a1997adadf3ef8ddd02a
                            • Opcode Fuzzy Hash: 82806235985da035652c2b06a2fa06e4e402f68f9f339a13c088361678751219
                            • Instruction Fuzzy Hash: 0D810571C2035C9ADF10CFE4C841AEEBBB4BF99304F20425EE504BA291EBB45685CB99
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 004012A3 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 161COMMON
                            Download Yara Rule

                            Control-flow Graph

                            Strings
                            Memory Dump Source
                            • Source File: 00000005.00000002.311228472.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_401000_SecuriteInfo.jbxd
                            Yara matches
                            Similarity
                            • API ID:
                            • String ID: ~.1`
                            • API String ID: 0-328730035
                            • Opcode ID: d09e9a76c0637702f6d064a38a5b87ea171c0c28fbd89080be7370100b2b0e8b
                            • Instruction ID: 2fde9362f9aaab20ac3e389e81eef4881be2bb1eb6956583a5d44ac0f8481d9a
                            • Opcode Fuzzy Hash: d09e9a76c0637702f6d064a38a5b87ea171c0c28fbd89080be7370100b2b0e8b
                            • Instruction Fuzzy Hash: 5B710571C2435C9ADF10CFE4CC81BEEBBB4BF49304F20426AE515BB291E77456858B99
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0041E0B7 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 30memorynativeCOMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 59 41e0b7-41e0f4 call 41eb27 NtAllocateVirtualMemory
                            APIs
                            • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,HD@,00002000,00003000,00000004), ref: 0041E0F0
                            Strings
                            Memory Dump Source
                            • Source File: 00000005.00000002.311228472.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_401000_SecuriteInfo.jbxd
                            Yara matches
                            Similarity
                            • API ID: AllocateMemoryVirtual
                            • String ID: HD@
                            • API String ID: 2167126740-1661062907
                            • Opcode ID: 107957d8c795b333ded00ace03cd3146f2686dc39c93665bb87dde6ee63d9857
                            • Instruction ID: 618cacc9d955091c37b283641f352ee75933b55fd80a6a003cdf773a50a2a1f8
                            • Opcode Fuzzy Hash: 107957d8c795b333ded00ace03cd3146f2686dc39c93665bb87dde6ee63d9857
                            • Instruction Fuzzy Hash: DFF015B6200219ABCB18DF89DC81EEB77ADAF88754F018109BE0997242C630F810CBB4
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 004014E9 Relevance: 1.5, APIs: 1, Instructions: 48nativeCOMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 152 4014e9 153 4014f0-4014ff 152->153 154 401501-401504 153->154 155 401512-401519 153->155 154->155 156 401506-40150a 154->156 155->153 157 40151b 155->157 156->155 158 40150c-401510 156->158 159 40151e-401573 NtProtectVirtualMemory call 4016b0 157->159 158->155 160 401586-40158c 158->160 164 401579 call 422f43 159->164 165 401579 call 422f47 159->165 160->159 163 40157b-401585 164->163 165->163
                            APIs
                            • NtProtectVirtualMemory.NTDLL(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040153C
                            Memory Dump Source
                            • Source File: 00000005.00000002.311228472.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_401000_SecuriteInfo.jbxd
                            Yara matches
                            Similarity
                            • API ID: MemoryProtectVirtual
                            • String ID:
                            • API String ID: 2706961497-0
                            • Opcode ID: b4672319e39b2f19a36576a9b195cd148acc67bddd914d8c0d52d7db5061dace
                            • Instruction ID: 2e32136fae0cad21732bfd4f980d450d13d06601ab41384fe6d9a26eea3a5204
                            • Opcode Fuzzy Hash: b4672319e39b2f19a36576a9b195cd148acc67bddd914d8c0d52d7db5061dace
                            • Instruction Fuzzy Hash: BD118672C0910C6EEF24CAB0DC45ADFBBB4EB40718F20066ED911B61E2D3741A459F59
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0041DED7 Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 166 41ded7-41df28 call 41eb27 NtCreateFile
                            APIs
                            • NtCreateFile.NTDLL(00000060,00000005,00000000,00418803,00000005,FFFFFFFF,?,?,FFFFFFFF,00000005,00418803,00000000,00000005,00000060,00000000,00000000), ref: 0041DF24
                            Memory Dump Source
                            • Source File: 00000005.00000002.311228472.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_401000_SecuriteInfo.jbxd
                            Yara matches
                            Similarity
                            • API ID: CreateFile
                            • String ID:
                            • API String ID: 823142352-0
                            • Opcode ID: 52fd8550b5ffed5040cca72760f4c6904de973dc388b4940b87b9fd54387311f
                            • Instruction ID: c0286b2864f0c35431545fb634747f2496e329dba7df57a784a8bffd1e9d319f
                            • Opcode Fuzzy Hash: 52fd8550b5ffed5040cca72760f4c6904de973dc388b4940b87b9fd54387311f
                            • Instruction Fuzzy Hash: B7F0CFB2204208AFCB08CF89DC85EEB37EDAF8C754F018208BA0D97241C630F851CBA4
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0041DF87 Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 179 41df87-41dfd0 call 41eb27 NtReadFile
                            APIs
                            • NtReadFile.NTDLL(004189C7,00413C97,FFFFFFFF,004184B1,00000206,?,004189C7,00000206,004184B1,FFFFFFFF,00413C97,004189C7,00000206,00000000), ref: 0041DFCC
                            Memory Dump Source
                            • Source File: 00000005.00000002.311228472.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_401000_SecuriteInfo.jbxd
                            Yara matches
                            Similarity
                            • API ID: FileRead
                            • String ID:
                            • API String ID: 2738559852-0
                            • Opcode ID: 575c386c5d692800333430db9171b0e47531436ed35eda719a5eef038bfb36b1
                            • Instruction ID: 32b046dcbb71cb4e6359c6725ba47d80c1c5cab5c032eea9b29b0e9906148c6b
                            • Opcode Fuzzy Hash: 575c386c5d692800333430db9171b0e47531436ed35eda719a5eef038bfb36b1
                            • Instruction Fuzzy Hash: BCF0AFB6200208ABCB14DF89DC85EEB77ADAF8C754F118249BE0DA7241D630F811CBA4
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0041DF86 Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 176 41df86-41df9d 177 41dfa3-41dfd0 NtReadFile 176->177 178 41df9e call 41eb27 176->178 178->177
                            APIs
                            • NtReadFile.NTDLL(004189C7,00413C97,FFFFFFFF,004184B1,00000206,?,004189C7,00000206,004184B1,FFFFFFFF,00413C97,004189C7,00000206,00000000), ref: 0041DFCC
                            Memory Dump Source
                            • Source File: 00000005.00000002.311228472.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_401000_SecuriteInfo.jbxd
                            Yara matches
                            Similarity
                            • API ID: FileRead
                            • String ID:
                            • API String ID: 2738559852-0
                            • Opcode ID: cd8d1f1cfd25680113efec027f733d1af0f1a4ebf2768d6a0421a7ca9402f837
                            • Instruction ID: 027ae795d15d6e0d66431c3f1b65ab2d4225ce58b4ecadcd564216b88743a669
                            • Opcode Fuzzy Hash: cd8d1f1cfd25680113efec027f733d1af0f1a4ebf2768d6a0421a7ca9402f837
                            • Instruction Fuzzy Hash: 70F0AFB6200108AFCB14DF99DC85EEB77A9EF8C354F118249BE0DA7241D630E811CBA4
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0041E007 Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 269 41e007-41e030 call 41eb27 NtClose
                            APIs
                            • NtClose.NTDLL(004189A5,00000206,?,004189A5,00000005,FFFFFFFF), ref: 0041E02C
                            Memory Dump Source
                            • Source File: 00000005.00000002.311228472.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_401000_SecuriteInfo.jbxd
                            Yara matches
                            Similarity
                            • API ID: Close
                            • String ID:
                            • API String ID: 3535843008-0
                            • Opcode ID: 77df3bc20a88481b6eeebad4f0032449139f9042298b0a6973820ccbbf80a917
                            • Instruction ID: 51f7b19349b25f870e13c14fb46d1f84fc665ab1cf3978e02f270bc9d52711b0
                            • Opcode Fuzzy Hash: 77df3bc20a88481b6eeebad4f0032449139f9042298b0a6973820ccbbf80a917
                            • Instruction Fuzzy Hash: 97D01776204214ABD614EFA9DC89ED77BACDF48664F014155BA0D5B242C630FA00CBE4
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0139967A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID: InitializeThunk
                            • String ID:
                            • API String ID: 2994545307-0
                            • Opcode ID: 5376899c6dc3986d75f0cf000ac5bdaa86999274e3644363d8c372afd6d3ff68
                            • Instruction ID: 2f242dfc75d5da44a64c5959093a1dde875d049aa88b14bf7f3ff5424666dd8f
                            • Opcode Fuzzy Hash: 5376899c6dc3986d75f0cf000ac5bdaa86999274e3644363d8c372afd6d3ff68
                            • Instruction Fuzzy Hash: E2B09B719014C5D5DF11D7A546087177900B7D0759F56C065D1020681B4778C095F6F5
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 01399660 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID: InitializeThunk
                            • String ID:
                            • API String ID: 2994545307-0
                            • Opcode ID: 25e04c5062a004760855a4b51357523d9667ab1232d4b786a040bf03cb58cdbe
                            • Instruction ID: 339d8f14b3d45f7609369ecff4045e0b27f7c83cc00b11d1c3fbbd6b986ce567
                            • Opcode Fuzzy Hash: 25e04c5062a004760855a4b51357523d9667ab1232d4b786a040bf03cb58cdbe
                            • Instruction Fuzzy Hash: 7F90027520100812D5807199440464A0005E7D1345FD1C025A0015694DCE558A5D77E1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 013996E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID: InitializeThunk
                            • String ID:
                            • API String ID: 2994545307-0
                            • Opcode ID: 0b274cf71cbb5da45f875b5f4526f91112c186c4705a8bb9645294b9e7a3c82c
                            • Instruction ID: af8386841af474ef70bf48d25b000d6d91b9cdbc8c481a757e7530ce5a19a615
                            • Opcode Fuzzy Hash: 0b274cf71cbb5da45f875b5f4526f91112c186c4705a8bb9645294b9e7a3c82c
                            • Instruction Fuzzy Hash: 3290027520108812D5106199840474A0005E7D0345FD5C421A4414698DCAD588957161
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 01399860 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID: InitializeThunk
                            • String ID:
                            • API String ID: 2994545307-0
                            • Opcode ID: 2fb3d8725f293f3c4f28c3da32814b91ebb1b1ada94d231e70d712b3431b1e65
                            • Instruction ID: 1e941464bcd75c08a94e31f392aa12c815dccbb4267d8a5d3dc0d8f16406f0a5
                            • Opcode Fuzzy Hash: 2fb3d8725f293f3c4f28c3da32814b91ebb1b1ada94d231e70d712b3431b1e65
                            • Instruction Fuzzy Hash: A590027520100423D511619945047070009E7D0285FD1C422A0414598DDA968956B161
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0041E1DD Relevance: 1.5, APIs: 1, Instructions: 40memoryCOMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 169 41e1dd-41e1e0 170 41e191-41e1a4 169->170 171 41e1e2-41e1fd 169->171 173 41e203-41e210 171->173 174 41e1fe call 41eb27 171->174 175 41e212-41e218 RtlFreeHeap 173->175 174->173
                            APIs
                            • RtlFreeHeap.NTDLL(00000060,00000005,00000000,00000000,00000005,00000060,00000000,00000000,?,?,00000000,00000206,?), ref: 0041E214
                            Memory Dump Source
                            • Source File: 00000005.00000002.311228472.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_401000_SecuriteInfo.jbxd
                            Yara matches
                            Similarity
                            • API ID: FreeHeap
                            • String ID:
                            • API String ID: 3298025750-0
                            • Opcode ID: d55237b0f66325dda65c0877212d1944594259d1c9089f7271ab49777edd4d4a
                            • Instruction ID: cca9e2322996d7f8e5ec2a144d6acd9f04d07ab8071e4c6cd4bea75067474e8d
                            • Opcode Fuzzy Hash: d55237b0f66325dda65c0877212d1944594259d1c9089f7271ab49777edd4d4a
                            • Instruction Fuzzy Hash: B7F044B5200244AFDB14DF6ADC85EE73BA9EF84364F01845AFD4997242DA32E910CBA0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0041E1D9 Relevance: 1.5, APIs: 1, Instructions: 27memoryCOMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 182 41e1d9-41e1e5 184 41e212-41e218 RtlFreeHeap 182->184 185 41e1e7-41e210 call 41eb27 182->185 185->184
                            APIs
                            • RtlFreeHeap.NTDLL(00000060,00000005,00000000,00000000,00000005,00000060,00000000,00000000,?,?,00000000,00000206,?), ref: 0041E214
                            Memory Dump Source
                            • Source File: 00000005.00000002.311228472.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_401000_SecuriteInfo.jbxd
                            Yara matches
                            Similarity
                            • API ID: FreeHeap
                            • String ID:
                            • API String ID: 3298025750-0
                            • Opcode ID: da1a3d7bfc9dde2cd7be9a1fe81d94f410f45218cfb28ae5e3c966d6be7b0ae6
                            • Instruction ID: e8e44e1f07197aea7de6899df0dec84cb814ed53d956e78ff671564006c8dbc3
                            • Opcode Fuzzy Hash: da1a3d7bfc9dde2cd7be9a1fe81d94f410f45218cfb28ae5e3c966d6be7b0ae6
                            • Instruction Fuzzy Hash: FCE09AB5200214BBCB14DF8ADC49EE737ACAF88754F008045FD0957242CA30F940CAB4
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0041E1E7 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 191 41e1e7-41e218 call 41eb27 RtlFreeHeap
                            APIs
                            • RtlFreeHeap.NTDLL(00000060,00000005,00000000,00000000,00000005,00000060,00000000,00000000,?,?,00000000,00000206,?), ref: 0041E214
                            Memory Dump Source
                            • Source File: 00000005.00000002.311228472.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_401000_SecuriteInfo.jbxd
                            Yara matches
                            Similarity
                            • API ID: FreeHeap
                            • String ID:
                            • API String ID: 3298025750-0
                            • Opcode ID: 3980ed482677736cc5c75815743f456ca970aed34ae76bce0643f6dfbe19f633
                            • Instruction ID: ff71e45145ce3c742298049d26a32dfca4dc9eab044cbc71735d9f34edea979b
                            • Opcode Fuzzy Hash: 3980ed482677736cc5c75815743f456ca970aed34ae76bce0643f6dfbe19f633
                            • Instruction Fuzzy Hash: 95E046B5200218ABDB14EF8ADC49EE737ACEF88754F018159FE095B242CA30F914CBB4
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0041E1A7 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 188 41e1a7-41e1d8 call 41eb27 RtlAllocateHeap
                            APIs
                            • RtlAllocateHeap.NTDLL(0041815D,?,00418904,00418904,?,0041815D,?,?,?,?,?,00000000,00000005,00000206), ref: 0041E1D4
                            Memory Dump Source
                            • Source File: 00000005.00000002.311228472.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_401000_SecuriteInfo.jbxd
                            Yara matches
                            Similarity
                            • API ID: AllocateHeap
                            • String ID:
                            • API String ID: 1279760036-0
                            • Opcode ID: b93de2f1341bf5ce8cdbbdaaaa340b563c849e526fbbecde218cfe8243b78e6d
                            • Instruction ID: 1388dd934f0a4cc284384f94e8c5a8998a3c4ae718bb400ef2b18055324356cd
                            • Opcode Fuzzy Hash: b93de2f1341bf5ce8cdbbdaaaa340b563c849e526fbbecde218cfe8243b78e6d
                            • Instruction Fuzzy Hash: 95E046B5200218ABDB18EF9ADC45EE737ACEF88754F018159FE095B242C630F910CBB4
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0041E16D Relevance: 1.5, APIs: 1, Instructions: 16memoryCOMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 272 41e16d-41e170 273 41e1c2-41e1d8 RtlAllocateHeap 272->273 274 41e172-41e175 272->274 274->273
                            APIs
                            • RtlAllocateHeap.NTDLL(0041815D,?,00418904,00418904,?,0041815D,?,?,?,?,?,00000000,00000005,00000206), ref: 0041E1D4
                            Memory Dump Source
                            • Source File: 00000005.00000002.311228472.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_401000_SecuriteInfo.jbxd
                            Yara matches
                            Similarity
                            • API ID: AllocateHeap
                            • String ID:
                            • API String ID: 1279760036-0
                            • Opcode ID: c8a436256a6b5218f7d5fe5930870023430bc0cf5abe199cd78b7d2802972755
                            • Instruction ID: a4b8fbd9e33872ba53e18388d0300bcda6f427c456c1ca38dd0b3b3866d26579
                            • Opcode Fuzzy Hash: c8a436256a6b5218f7d5fe5930870023430bc0cf5abe199cd78b7d2802972755
                            • Instruction Fuzzy Hash: 45D022352098803AE700CE2169C24E6B71A898051C7340B8AD8C84F00BC019800787A1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Non-executed Functions

                            Function 0140B260 Relevance: 37.8, Strings: 30, Instructions: 262COMMONLIBRARYCODE
                            Download Yara Rule
                            Strings
                            • The instruction at %p referenced memory at %p., xrefs: 0140B432
                            • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 0140B39B
                            • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 0140B53F
                            • *** enter .cxr %p for the context, xrefs: 0140B50D
                            • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 0140B476
                            • *** A stack buffer overrun occurred in %ws:%s, xrefs: 0140B2F3
                            • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 0140B38F
                            • *** enter .exr %p for the exception record, xrefs: 0140B4F1
                            • *** Resource timeout (%p) in %ws:%s, xrefs: 0140B352
                            • The resource is owned exclusively by thread %p, xrefs: 0140B374
                            • <unknown>, xrefs: 0140B27E, 0140B2D1, 0140B350, 0140B399, 0140B417, 0140B48E
                            • This failed because of error %Ix., xrefs: 0140B446
                            • an invalid address, %p, xrefs: 0140B4CF
                            • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 0140B3D6
                            • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 0140B2DC
                            • read from, xrefs: 0140B4AD, 0140B4B2
                            • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 0140B305
                            • The critical section is owned by thread %p., xrefs: 0140B3B9
                            • a NULL pointer, xrefs: 0140B4E0
                            • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 0140B323
                            • *** then kb to get the faulting stack, xrefs: 0140B51C
                            • *** Inpage error in %ws:%s, xrefs: 0140B418
                            • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 0140B47D
                            • The resource is owned shared by %d threads, xrefs: 0140B37E
                            • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 0140B484
                            • Go determine why that thread has not released the critical section., xrefs: 0140B3C5
                            • write to, xrefs: 0140B4A6
                            • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 0140B314
                            • *** An Access Violation occurred in %ws:%s, xrefs: 0140B48F
                            • The instruction at %p tried to %s , xrefs: 0140B4B6
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                            • API String ID: 0-108210295
                            • Opcode ID: afa2ec1f5def3d90167c805b3f35482c0a5fb085e8c218fa92d88f93781a793c
                            • Instruction ID: 0d149690b8d494029d227c2592de3c02a34c8bacf0dfcbe0b2bc8b5c8ac09833
                            • Opcode Fuzzy Hash: afa2ec1f5def3d90167c805b3f35482c0a5fb085e8c218fa92d88f93781a793c
                            • Instruction Fuzzy Hash: 8281577DA80210FFDB226B4BCC49D6B3BA5EF66A5DF01006AF5041B3A2D2719512C776
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0138C9BF Relevance: 14.2, Strings: 11, Instructions: 412COMMON
                            Download Yara Rule
                            C-Code - Quality: 77%
                            			E0138C9BF(signed int __ecx, signed int __edx, signed int _a4, intOrPtr _a12) {
				signed int _v12;
				char _v552;
				char _v1072;
				char _v1073;
				signed int _v1080;
				signed int _v1084;
				signed short _v1088;
				signed int _v1092;
				signed short _v1094;
				char _v1096;
				char _v1100;
				intOrPtr _v1104;
				signed int _v1108;
				char _v1112;
				char _v1116;
				signed short _v1120;
				char _v1124;
				char* _v1128;
				char _v1132;
				char _v1135;
				char _v1136;
				signed int _v1140;
				char _v1144;
				intOrPtr _v1148;
				short _v1150;
				char _v1152;
				signed int _v1156;
				char* _v1160;
				char _v1164;
				signed int _v1168;
				signed int _v1172;
				intOrPtr _v1176;
				intOrPtr _v1180;
				char _v1184;
				signed int _v1188;
				signed int _v1192;
				intOrPtr _v1196;
				char* _v1200;
				intOrPtr _v1204;
				char _v1208;
				char _v1216;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t166;
				void* _t184;
				signed short _t188;
				char _t199;
				intOrPtr _t200;
				signed int _t205;
				signed int _t207;
				intOrPtr _t218;
				short _t219;
				char _t236;
				char _t242;
				signed int _t253;
				intOrPtr _t258;
				void* _t260;
				signed int _t272;
				void* _t276;
				unsigned int _t277;
				signed short _t279;
				signed int _t280;
				void* _t281;
				void* _t305;

				_t271 = __edx;
				_v12 =  *0x144d360 ^ _t280;
				_t253 = _a4;
				_v1104 = _a12;
				_t272 = __ecx;
				_v1160 =  &_v1072;
				_v1168 = __ecx;
				_t166 = 0;
				_v1073 = 0;
				_v1084 = 0;
				_t274 = 0;
				_v1156 = 0;
				_v1164 = 0x2080000;
				_v1096 = 0;
				_v1092 = 0;
				_v1112 = 0;
				_v1108 = 0;
				_v1100 = 0;
				if(__ecx == 0) {
					L67:
					_push(_t166);
					_push(_t253);
					_push(_t271);
					_push(_t272);
					E013E5720(0x33, 0, "SXS: %s() bad parameters\nSXS:   Map                : %p\nSXS:   Data               : %p\nSXS:   AssemblyRosterIndex: 0x%lx\nSXS:   Map->AssemblyCount : 0x%lx\n", "RtlpResolveAssemblyStorageMapEntry");
					_t274 = 0xc000000d;
					L21:
					if(_v1073 == 0) {
						L23:
						if(_v1092 != 0) {
							E0135AD30(_v1092);
						}
						L24:
						if(_v1084 != 0) {
							_push(_v1084);
							E013995D0();
						}
						_t170 = _v1156;
						if(_v1156 != 0) {
							L013777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t170);
						}
						L26:
						return E0139B640(_t274, _t253, _v12 ^ _t280, _t271, _t272, _t274);
					}
					L22:
					_v1144 = _v1100;
					E0138CCC0(4,  &_v1144, _v1104);
					goto L23;
				}
				if(__edx == 0 || _t253 < 1 || _t253 >  *((intOrPtr*)(__ecx + 4))) {
					_t166 =  *((intOrPtr*)(_t272 + 4));
					goto L67;
				} else {
					if( *((intOrPtr*)( *((intOrPtr*)(__ecx + 8)) + _t253 * 4)) != 0) {
						goto L26;
					}
					asm("lfence");
					_t258 =  *((intOrPtr*)(__edx + 0x18));
					_t260 =  *((intOrPtr*)(_t258 + __edx + 0x10)) + __edx;
					_t276 =  *((intOrPtr*)(_t253 * 0x18 +  *((intOrPtr*)(_t258 + __edx + 0xc)) + __edx + 0x10)) + __edx;
					_t181 =  *((intOrPtr*)(_t276 + 0x50));
					if( *((intOrPtr*)(_t276 + 0x50)) > 0xfffe) {
						_push(__edx);
						E013E5720(0x33, 0, "SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p\n", _t181);
						_t274 = 0xc0000106;
						goto L23;
					}
					if(( *(_t276 + 4) & 0x00000010) != 0) {
						_v1080 =  &_v1164;
						_t272 =  *((intOrPtr*)(_t276 + 0x18)) + _t260;
						if(_t272 != 0) {
							_t184 = L013A13D0(_t272, 0x5c);
							if(_t184 != 0) {
								_t188 = 0x00000004 + (_t184 - _t272 >> 0x00000001) * 0x00000002 & 0x0000ffff;
								_v1088 = _t188;
								_t277 = _t188 & 0x0000ffff;
								if(_t188 <= 0x208) {
									_t264 = _v1080;
									L39:
									E0139F3E0( *((intOrPtr*)(_t264 + 4)), _t272, _t277 - 2);
									_t281 = _t281 + 0xc;
									 *((short*)( *((intOrPtr*)(_v1080 + 4)) + (_t277 >> 1) * 2 - 2)) = 0;
									 *_v1080 = _v1088 + 0xfffffffe;
									L18:
									if(_v1084 == 0) {
										if(E01366A00( *((intOrPtr*)(_v1080 + 4)),  &_v1112, 0,  &_v1184) != 0) {
											_v1156 = _v1108;
											_t199 = _v1184;
											if(_t199 == 0) {
												_t200 = 0;
											} else {
												_v1112 = _t199;
												_v1108 = _v1180;
												_t200 = _v1176;
											}
											_v1192 = _v1192 & 0x00000000;
											_v1188 = _v1188 & 0x00000000;
											_v1204 = _t200;
											_push(0x21);
											_v1200 =  &_v1112;
											_push(3);
											_push( &_v1216);
											_v1208 = 0x18;
											_push( &_v1208);
											_push(0x100020);
											_v1196 = 0x40;
											_push( &_v1084);
											_t205 = E01399830();
											_t272 = _v1172;
											_t274 = _t205;
											if(_t272 != 0) {
												asm("lock xadd [edi], eax");
												if((_t205 | 0xffffffff) == 0) {
													_push( *((intOrPtr*)(_t272 + 4)));
													E013995D0();
													L013777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t272);
												}
											}
											if(_t274 >= 0) {
												goto L19;
											} else {
												_push(_t274);
												E013E5720(0x33, 0, "SXS: Unable to open assembly directory under storage root \"%S\"; Status = 0x%08lx\n",  *((intOrPtr*)(_v1080 + 4)));
												goto L21;
											}
										}
										E013E5720(0x33, 0, "SXS: Attempt to translate DOS path name \"%S\" to NT format failed\n",  *((intOrPtr*)(_v1080 + 4)));
										_t274 = 0xc000003a;
										goto L21;
									}
									L19:
									_t271 = _t253;
									_t207 = E0138CE6C(_v1168, _t253, _v1080,  &_v1084);
									_t274 = _t207;
									if(_t207 < 0) {
										E013E5720(0x33, 0, "SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx\n", _t274);
									} else {
										_t274 = 0;
									}
									goto L21;
								}
								_v1094 = _t188;
								_t218 = E01373A1C(_t277);
								_v1092 = _t218;
								if(_t218 != 0) {
									_t264 =  &_v1096;
									_v1080 =  &_v1096;
									goto L39;
								}
								_t274 = 0xc0000017;
								goto L24;
							}
							_t274 = 0xc00000e5;
							goto L23;
						}
						_t274 = 0xc00000e5;
						goto L26;
					}
					_v1080 = _v1080 & 0x00000000;
					_t219 =  *((intOrPtr*)(_t276 + 0x50));
					_v1152 = _t219;
					_v1150 = _t219;
					_v1144 = __edx;
					_v1148 =  *((intOrPtr*)(_t276 + 0x54)) + _t260;
					_v1140 = _t253;
					_v1128 =  &_v552;
					_v1136 = 0;
					_v1132 = 0x2160000;
					_v1124 = 0;
					_v1116 = 0;
					_v1120 = 0;
					E0138CCC0(1,  &_v1144, _v1104);
					if(_v1116 != 0) {
						_t274 = 0xc0000120;
						goto L23;
					}
					if(_v1124 != 0) {
						_t271 =  &_v1132;
						_t274 = E0138CF6A( &_v1132,  &_v1152,  &_v1164,  &_v1096,  &_v1080,  &_v1084);
						if(_t274 >= 0) {
							_t271 = _t253;
							_t274 = E0138CE6C(_t272, _t253,  &_v1132,  &_v1084);
							if(_t274 < 0) {
								_push(_t274);
								_push(_t253);
								_push("SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx\n");
								L44:
								_push(0);
								_push(0x33);
								E013E5720();
								goto L23;
							}
							_t274 = 0;
							goto L23;
						}
						_push(_t274);
						_push( &_v1132);
						_push("SXS: Attempt to probe known root of assembly storage (\"%wZ\") failed; Status = 0x%08lx\n");
						goto L44;
					}
					_t279 = _v1120;
					_t272 = 0;
					_t236 = _v1136;
					_v1100 = _t236;
					_v1088 = _t279;
					_v1073 = 1;
					if(_t279 == 0) {
						L16:
						_t305 = _t272 - _t279;
						L17:
						if(_t305 == 0) {
							L54:
							_push(_t272);
							E013E5720(0x33, 0, "SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries\n",  &_v1152);
							_t274 = 0xc0150004;
							goto L22;
						}
						goto L18;
					} else {
						goto L10;
					}
					while(1) {
						L10:
						_v1144 = _t236;
						_v1128 =  &_v552;
						_v1140 = _t272;
						_v1132 = 0x2160000;
						_v1136 = 0;
						E0138CCC0(2,  &_v1144, _v1104);
						if(_v1136 != 0) {
							break;
						}
						_t242 = _v1132;
						if(_v1135 != 0) {
							if(_t242 == 0) {
								goto L54;
							}
							_t119 = _t272 + 1; // 0x1
							_t279 = _t119;
							_v1088 = _t279;
						}
						if(_t242 == 0) {
							L27:
							_t272 = _t272 + 1;
							if(_t272 >= _t279) {
								goto L17;
							} else {
								_t236 = _v1100;
								continue;
							}
						}
						if(_v1084 != 0) {
							_push(_v1084);
							E013995D0();
							_v1084 = _v1084 & 0x00000000;
						}
						_t271 =  &_v1132;
						_t274 = E0138CF6A( &_v1132,  &_v1152,  &_v1164,  &_v1096,  &_v1080,  &_v1084);
						if(_t274 < 0) {
							if(_t274 != 0xc0150004) {
								_push(_t274);
								_push( &_v1152);
								E013E5720(0x33, 0, "SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx\n",  &_v1132);
								goto L22;
							}
							_t279 = _v1088;
							goto L27;
						} else {
							_t279 = _v1088;
							goto L16;
						}
					}
					_t274 = 0xc0000120;
					goto L22;
				}
			}




































































                            0x0138c9bf
                            0x0138c9d1
                            0x0138c9d8
                            0x0138c9dc
                            0x0138c9e9
                            0x0138c9eb
                            0x0138c9f3
                            0x0138c9f9
                            0x0138c9fb
                            0x0138ca01
                            0x0138ca07
                            0x0138ca09
                            0x0138ca0f
                            0x0138ca19
                            0x0138ca1f
                            0x0138ca25
                            0x0138ca2b
                            0x0138ca31
                            0x0138ca39
                            0x013cac23
                            0x013cac23
                            0x013cac24
                            0x013cac25
                            0x013cac26
                            0x013cac34
                            0x013cac3c
                            0x0138cc3c
                            0x0138cc43
                            0x0138cc65
                            0x0138cc6c
                            0x013cac4c
                            0x013cac4c
                            0x0138cc72
                            0x0138cc79
                            0x013cac56
                            0x013cac5c
                            0x013cac5c
                            0x0138cc7f
                            0x0138cc87
                            0x013cac72
                            0x013cac72
                            0x0138cc8d
                            0x0138cc9f
                            0x0138cc9f
                            0x0138cc45
                            0x0138cc51
                            0x0138cc60
                            0x00000000
                            0x0138cc60
                            0x0138ca41
                            0x013cac20
                            0x00000000
                            0x0138ca59
                            0x0138ca5f
                            0x00000000
                            0x00000000
                            0x0138ca65
                            0x0138ca68
                            0x0138ca76
                            0x0138ca7c
                            0x0138ca7e
                            0x0138ca86
                            0x013ca8ea
                            0x013ca8f5
                            0x013ca8fd
                            0x00000000
                            0x013ca8fd
                            0x0138ca90
                            0x013ca90d
                            0x013ca916
                            0x013ca918
                            0x013ca927
                            0x013ca930
                            0x013ca94c
                            0x013ca94f
                            0x013ca955
                            0x013ca95b
                            0x013ca98c
                            0x013ca992
                            0x013ca99a
                            0x013ca9a9
                            0x013ca9af
                            0x013ca9c3
                            0x0138cc09
                            0x0138cc10
                            0x013cab03
                            0x013cab2f
                            0x013cab35
                            0x013cab3e
                            0x013cab5a
                            0x013cab40
                            0x013cab40
                            0x013cab4c
                            0x013cab52
                            0x013cab52
                            0x013cab5c
                            0x013cab63
                            0x013cab6a
                            0x013cab76
                            0x013cab78
                            0x013cab84
                            0x013cab86
                            0x013cab8d
                            0x013cab97
                            0x013cab98
                            0x013caba3
                            0x013cabad
                            0x013cabae
                            0x013cabb3
                            0x013cabb9
                            0x013cabbd
                            0x013cabc2
                            0x013cabc6
                            0x013cabc8
                            0x013cabcb
                            0x013cabdc
                            0x013cabdc
                            0x013cabc6
                            0x013cabe3
                            0x00000000
                            0x013cabe9
                            0x013cabef
                            0x013cabfc
                            0x00000000
                            0x013cac01
                            0x013cabe3
                            0x013cab17
                            0x013cab1f
                            0x00000000
                            0x013cab1f
                            0x0138cc16
                            0x0138cc29
                            0x0138cc2b
                            0x0138cc30
                            0x0138cc34
                            0x013cac13
                            0x0138cc3a
                            0x0138cc3a
                            0x0138cc3a
                            0x00000000
                            0x0138cc34
                            0x013ca95e
                            0x013ca965
                            0x013ca96a
                            0x013ca972
                            0x013ca97e
                            0x013ca984
                            0x00000000
                            0x013ca984
                            0x013ca974
                            0x00000000
                            0x013ca974
                            0x013ca932
                            0x00000000
                            0x013ca932
                            0x013ca91a
                            0x00000000
                            0x013ca91a
                            0x0138ca96
                            0x0138ca9d
                            0x0138caa7
                            0x0138caae
                            0x0138caba
                            0x0138cac0
                            0x0138cace
                            0x0138cad4
                            0x0138cae3
                            0x0138cae9
                            0x0138caf3
                            0x0138caf9
                            0x0138caff
                            0x0138cb05
                            0x0138cb11
                            0x013ca9cb
                            0x00000000
                            0x013ca9cb
                            0x0138cb1e
                            0x013ca9f8
                            0x013caa03
                            0x013caa07
                            0x013caa36
                            0x013caa47
                            0x013caa4b
                            0x013caa18
                            0x013caa19
                            0x013caa1a
                            0x013caa1f
                            0x013caa1f
                            0x013caa21
                            0x013caa23
                            0x00000000
                            0x013caa28
                            0x013caa4d
                            0x00000000
                            0x013caa4d
                            0x013caa09
                            0x013caa10
                            0x013caa11
                            0x00000000
                            0x013caa11
                            0x0138cb24
                            0x0138cb2a
                            0x0138cb2c
                            0x0138cb32
                            0x0138cb38
                            0x0138cb3e
                            0x0138cb47
                            0x0138cc01
                            0x0138cc01
                            0x0138cc03
                            0x0138cc03
                            0x013caac0
                            0x013caac0
                            0x013caad1
                            0x013caad9
                            0x00000000
                            0x013caad9
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x0138cb4d
                            0x0138cb4d
                            0x0138cb53
                            0x0138cb5f
                            0x0138cb6e
                            0x0138cb74
                            0x0138cb7e
                            0x0138cb87
                            0x0138cb93
                            0x00000000
                            0x00000000
                            0x0138cba0
                            0x0138cba7
                            0x013caa57
                            0x00000000
                            0x00000000
                            0x013caa59
                            0x013caa59
                            0x013caa5c
                            0x013caa5c
                            0x0138cbb0
                            0x0138cca2
                            0x0138cca2
                            0x0138cca5
                            0x00000000
                            0x0138ccab
                            0x0138ccab
                            0x00000000
                            0x0138ccab
                            0x0138cca5
                            0x0138cbbd
                            0x013caa67
                            0x013caa6d
                            0x013caa72
                            0x013caa72
                            0x0138cbe6
                            0x0138cbf1
                            0x0138cbf5
                            0x013caa84
                            0x013caa91
                            0x013caa98
                            0x013caaa9
                            0x00000000
                            0x013caaae
                            0x013caa86
                            0x00000000
                            0x0138cbfb
                            0x0138cbfb
                            0x00000000
                            0x0138cbfb
                            0x0138cbf5
                            0x013caab6
                            0x00000000
                            0x013caab6

                            Strings
                            • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 013CAC2C
                            • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 013CAAA0
                            • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 013CAB0E
                            • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 013CAAC8
                            • RtlpResolveAssemblyStorageMapEntry, xrefs: 013CAC27
                            • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 013CA8EC
                            • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 013CAA11
                            • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 013CAA1A
                            • @, xrefs: 013CABA3
                            • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 013CAC0A
                            • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 013CABF3
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                            • API String ID: 0-4009184096
                            • Opcode ID: ee6e5598bc5f9e301056cb55496d1b0044d255522f9e3fe3ac3f15c13c4edc06
                            • Instruction ID: 4db1eb1f8065f6d3737d3678fe68319f17ac08f7acadd0a2e9bec5fc255908e1
                            • Opcode Fuzzy Hash: ee6e5598bc5f9e301056cb55496d1b0044d255522f9e3fe3ac3f15c13c4edc06
                            • Instruction Fuzzy Hash: B70250F5D0062D9BDF31DB18CD80BDAB7B8AB54708F4051DAE609A7241E730AE85CF69
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 01372D50 Relevance: 12.6, APIs: 1, Strings: 6, Instructions: 397COMMONCrypto
                            Download Yara Rule
                            C-Code - Quality: 54%
                            			E01372D50(signed int _a4, signed int _a8, signed int _a12, intOrPtr _a16, signed int _a20) {
				signed int _v8;
				char _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr _v40;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				intOrPtr _v72;
				void* _v76;
				void* _v80;
				void* _v84;
				void* _v88;
				void* _v89;
				void* _v96;
				void* _v100;
				void* _v113;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t131;
				signed int _t134;
				signed int _t139;
				void* _t140;
				signed int _t150;
				intOrPtr _t156;
				intOrPtr* _t167;
				intOrPtr _t168;
				signed int _t169;
				void* _t174;
				signed int _t175;
				signed int _t176;
				void* _t177;
				signed int _t179;
				signed int _t180;
				signed int _t184;
				signed int _t189;
				void* _t200;
				intOrPtr* _t201;
				intOrPtr _t210;
				signed int _t211;
				void* _t212;
				void* _t224;
				intOrPtr _t226;
				signed int _t227;
				void* _t228;
				void* _t230;
				signed int _t231;
				signed int _t232;
				void* _t233;
				signed int _t237;
				signed int _t239;

				_t239 = (_t237 & 0xfffffff8) - 0x44;
				_v8 =  *0x144d360 ^ _t239;
				_t184 =  *[fs:0x18];
				_t131 =  *((intOrPtr*)(_t184 + 0x30));
				if( *((intOrPtr*)(_t131 + 0x1f8)) == 0) {
					if( *((intOrPtr*)(_t131 + 0x200)) != 0 ||  *((intOrPtr*)( *((intOrPtr*)(_t184 + 0x1a8)))) != 0) {
						goto L1;
					} else {
						_t132 = 0xc0150001;
						goto L33;
					}
				} else {
					L1:
					_v48 = 0;
					_v12 = 0xffffffff;
					_v16 = 0;
					if(_a16 == 0) {
						L81:
						_t132 = 0xc000000d;
						goto L33;
					} else {
						_t222 = _a4;
						if((_t222 & 0xfffffff8) != 0) {
							goto L81;
						} else {
							_t134 = _a20;
							if((_t222 & 0x00000007) == 0) {
								if(_t134 != 0) {
									goto L5;
								} else {
									goto L6;
								}
							} else {
								if(_t134 == 0) {
									goto L81;
								} else {
									L5:
									if( *_t134 < 0x24) {
										goto L81;
									} else {
										L6:
										if((_t222 & 0x00000002) == 0) {
											L9:
											if((_t222 & 0x00000004) != 0) {
												if(_t134 + 0x40 <=  *_t134 + _t134) {
													goto L10;
												} else {
													_push(0xc000000d);
													_push("RtlpFindActivationContextSection_CheckParameters");
													_push("SXS: %s() flags contains return_assembly_metadata but they don\'t fit in size, return invalid_parameter 0x%08lx.\n");
													goto L80;
												}
											} else {
												L10:
												_t231 = _a8;
												_v36 = _t222;
												_t222 =  *[fs:0x18];
												_v28 = _a12;
												_v24 = 0;
												_t175 = _v24;
												_t189 =  *((intOrPtr*)(_t222 + 0x30));
												_v40 = 0x18;
												_v20 = 0;
												_v32 = _t231;
												_v64 = 0;
												_v60 = _t222;
												_v52 = _t189;
												while(1) {
													_t139 = _t175;
													if(_t139 != 0) {
														goto L34;
													}
													_t167 =  *((intOrPtr*)(_t222 + 0x1a8));
													if(_t167 == 0) {
														L14:
														_t226 =  *((intOrPtr*)(_t189 + 0x1f8));
														_v64 = 0;
														if(_t226 == 0) {
															L36:
															_t226 =  *((intOrPtr*)(_t189 + 0x200));
															_v64 = 0xfffffffc;
															if(_t226 == 0) {
																L86:
																if(_t175 <= 3) {
																	goto L16;
																} else {
																	_t132 = 0xc00000e5;
																	goto L89;
																}
															} else {
																_t175 = 3;
																_v24 = 3;
																goto L16;
															}
														} else {
															_t175 = 2;
															_v24 = 2;
															goto L16;
														}
													} else {
														_t168 =  *_t167;
														if(_t168 != 0) {
															_t169 =  *((intOrPtr*)(_t168 + 4));
															_v64 = _t169;
															if(_t169 == 0) {
																L58:
																if(_t226 == 0) {
																	goto L14;
																} else {
																	goto L59;
																}
															} else {
																if(_t169 == 0xfffffffc) {
																	_t226 =  *((intOrPtr*)(_t189 + 0x200));
																	goto L58;
																} else {
																	if(_t169 == 0xfffffffd) {
																		_t226 = "Actx ";
																		L59:
																		_t175 = 1;
																		_v24 = 1;
																		L16:
																		if(_t226 == 0) {
																			_t132 = 0xc0150001;
																			L89:
																			_t232 = 0;
																			goto L90;
																		} else {
																			_t222 = _t231;
																			_t132 = E013731F0(_t226, _t231, _a12,  &_v56,  &_v48);
																			if(_t132 < 0) {
																				_t232 = 0;
																				if(_t132 != 0xc0150001 || _t175 == 3) {
																					goto L19;
																				} else {
																					_t189 = _v52;
																					_t222 = _v60;
																					_t231 = _a8;
																					continue;
																				}
																			} else {
																				_t222 = _v64;
																				_v20 = (0 | _t222 != 0xfffffffc) - 0x00000001 & 0x00000002 | 0 | _t222 == 0x00000000;
																				asm("sbb esi, esi");
																				_t232 =  ~(_t222 - 0xfffffffc) & _t222;
																				_t132 = 0;
																				L19:
																				if(_t132 < 0) {
																					L90:
																					if(_t132 < 0) {
																						goto L33;
																					} else {
																						goto L20;
																					}
																				} else {
																					L20:
																					_t176 = _v48;
																					if(_t176 < 0x2c) {
																						L104:
																						_t142 = _v56;
																						goto L105;
																					} else {
																						_t227 = _a20;
																						while(1) {
																							L22:
																							_t142 = _v56;
																							if( *_v56 != 0x64487353) {
																								break;
																							}
																							_t239 = _t239 - 8;
																							_t222 = _t176;
																							_t132 = E01373360(_t142, _t176, _a16, _t227,  &_v12,  &_v16);
																							if(_t132 >= 0) {
																								_t85 = _t232 - 1; // -1
																								if((_t85 | 0x00000007) != 0xffffffff) {
																									_t150 =  *((intOrPtr*)(_t232 + 0x14));
																									_v52 = _t150;
																									if(_t150 != 0 && (( *(_t232 + 0x1c) & 0x00000008) == 0 || ( *(_t232 + 0x3c) & 0x00000008) == 0)) {
																										 *((char*)(_t239 + 0x13)) = 0;
																										 *0x144b1e0(3, _t232,  *((intOrPtr*)(_t232 + 0x10)),  *((intOrPtr*)(_t232 + 0x18)), 0, _t239 + 0x13);
																										_v52();
																										 *(_t232 + 0x1c) =  *(_t232 + 0x1c) | 0x00000008;
																										if( *((char*)(_t239 + 0x13)) != 0) {
																											 *(_t232 + 0x3c) =  *(_t232 + 0x3c) | 0x00000008;
																										}
																									}
																								}
																								if(_t227 == 0) {
																									L66:
																									_pop(_t228);
																									_pop(_t233);
																									_pop(_t177);
																									return E0139B640(0, _t177, _v16 ^ _t239, _t222, _t228, _t233);
																								} else {
																									_t148 = _v64;
																									_t222 = _t227;
																									if(E0137FD1F(_a4, _t227, _t232,  &_v48, _v64,  *((intOrPtr*)(_v64 + 0x24)),  *((intOrPtr*)(_t148 + 0x28)), _t176) < 0) {
																										goto L33;
																									} else {
																										goto L66;
																									}
																								}
																							} else {
																								if(_t132 != 0xc0150008) {
																									L33:
																									_pop(_t224);
																									_pop(_t230);
																									_pop(_t174);
																									return E0139B640(_t132, _t174, _v8 ^ _t239, _t222, _t224, _t230);
																								} else {
																									_t222 =  *[fs:0x18];
																									_t232 = 0;
																									_v72 = 0;
																									_v52 = _t222;
																									_v68 = 0;
																									_v60 =  *((intOrPtr*)(_t222 + 0x30));
																									_t179 = _v32;
																									L26:
																									while(1) {
																										if(_t179 <= 2) {
																											_t200 = _t179 - _t232;
																											if(_t200 == 0) {
																												_t201 =  *((intOrPtr*)(_t222 + 0x1a8));
																												if(_t201 == 0) {
																													goto L67;
																												} else {
																													_t210 =  *_t201;
																													if(_t210 == 0) {
																														goto L67;
																													} else {
																														_t211 =  *((intOrPtr*)(_t210 + 4));
																														_v68 = _t211;
																														if(_t211 == 0) {
																															L101:
																															if(_t156 == 0) {
																																goto L67;
																															} else {
																																goto L102;
																															}
																														} else {
																															if(_t211 != 0xfffffffc) {
																																if(_t211 != 0xfffffffd) {
																																	_t156 =  *((intOrPtr*)(_t211 + 0x10));
																																	goto L100;
																																} else {
																																	_t156 = "Actx ";
																																	_v72 = _t156;
																																	L102:
																																	_t179 = 1;
																																	_v32 = 1;
																																	goto L28;
																																}
																															} else {
																																_t156 =  *((intOrPtr*)(_v60 + 0x200));
																																L100:
																																_v72 = _t156;
																																goto L101;
																															}
																														}
																													}
																												}
																											} else {
																												_t212 = _t200 - 1;
																												if(_t212 == 0) {
																													L67:
																													_v68 = 0;
																													_t156 =  *((intOrPtr*)(_v60 + 0x1f8));
																													_v72 = _t156;
																													if(_t156 == 0) {
																														goto L44;
																													} else {
																														_t179 = 2;
																														_v32 = 2;
																														goto L28;
																													}
																												} else {
																													if(_t212 != 1) {
																														goto L27;
																													} else {
																														L44:
																														_v68 = 0xfffffffc;
																														_t156 =  *((intOrPtr*)(_v60 + 0x200));
																														_v72 = _t156;
																														if(_t156 == 0) {
																															goto L27;
																														} else {
																															_t179 = 3;
																															_v32 = 3;
																															goto L28;
																														}
																													}
																												}
																											}
																										} else {
																											L27:
																											if(_t179 > 3) {
																												_t132 = 0xc00000e5;
																												goto L30;
																											} else {
																												L28:
																												if(_t156 != 0) {
																													_t222 = _a8;
																													_t132 = E013731F0(_t156, _a8, _a12,  &_v64,  &_v56);
																													if(_t132 < 0) {
																														if(_t132 != 0xc0150001 || _t179 == 3) {
																															_t180 = 0;
																															goto L48;
																														} else {
																															_t156 = _v72;
																															_t222 = _v52;
																															continue;
																														}
																													} else {
																														_t222 = _v68;
																														_v28 = (0 | _t222 != 0xfffffffc) - 0x00000001 & 0x00000002 | 0 | _t222 == 0x00000000;
																														asm("sbb ebx, ebx");
																														_t180 =  ~(_t222 - 0xfffffffc) & _t222;
																														_t132 = 0;
																														L48:
																														if(_t132 < 0) {
																															goto L31;
																														} else {
																															L0137F830(_t132, _t180);
																															_t232 = _t180;
																															goto L50;
																														}
																													}
																												} else {
																													_t132 = 0xc0150001;
																													L30:
																													if(_t132 >= 0) {
																														L50:
																														_t176 = _v56;
																														if(_t176 >= 0x2c) {
																															goto L22;
																														} else {
																															goto L104;
																														}
																													} else {
																														L31:
																														if(_t132 == 0xc0150001) {
																															_t132 = 0xc0150008;
																														}
																														goto L33;
																													}
																												}
																											}
																										}
																										goto L106;
																									}
																								}
																							}
																							goto L106;
																						}
																						L105:
																						_push(_t176);
																						E013E5720(0x33, 0, "RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section\n", _t142);
																						_t239 = _t239 + 0x14;
																						_t132 = 0xc0150003;
																						goto L33;
																					}
																				}
																			}
																		}
																	} else {
																		_t226 =  *((intOrPtr*)(_t169 + 0x10));
																		goto L58;
																	}
																}
															}
														} else {
															goto L14;
														}
													}
													goto L106;
													L34:
													_t140 = _t139 - 1;
													if(_t140 == 0) {
														goto L14;
													} else {
														if(_t140 != 1) {
															goto L86;
														} else {
															goto L36;
														}
													}
													goto L106;
												}
											}
										} else {
											if(_t134 + 0x2c >  *_t134 + _t134) {
												_push(0xc000000d);
												_push("RtlpFindActivationContextSection_CheckParameters");
												_push("SXS: %s() flags contains return_flags but they don\'t fit in size, return invalid_parameter 0x%08lx.\n");
												L80:
												_push(0);
												_push(0x33);
												E013E5720();
												_t239 = _t239 + 0x14;
												goto L81;
											} else {
												_t134 = _a20;
												goto L9;
											}
										}
									}
								}
							}
						}
					}
				}
				L106:
			}






























































                            0x01372d58
                            0x01372d62
                            0x01372d66
                            0x01372d70
                            0x01372d7a
                            0x013730ad
                            0x00000000
                            0x013bd710
                            0x013bd710
                            0x00000000
                            0x013bd710
                            0x01372d80
                            0x01372d80
                            0x01372d84
                            0x01372d8c
                            0x01372d94
                            0x01372d9c
                            0x013bd735
                            0x013bd735
                            0x00000000
                            0x01372da2
                            0x01372da2
                            0x01372dab
                            0x00000000
                            0x01372db1
                            0x01372db1
                            0x01372db7
                            0x013731d4
                            0x00000000
                            0x013731da
                            0x00000000
                            0x013731da
                            0x01372dbd
                            0x01372dbf
                            0x00000000
                            0x01372dc5
                            0x01372dc5
                            0x01372dc8
                            0x00000000
                            0x01372dce
                            0x01372dce
                            0x01372dd1
                            0x01372de5
                            0x01372de8
                            0x013bd748
                            0x00000000
                            0x013bd74e
                            0x013bd74e
                            0x013bd753
                            0x013bd758
                            0x00000000
                            0x013bd758
                            0x01372dee
                            0x01372dee
                            0x01372df3
                            0x01372df6
                            0x01372dfa
                            0x01372e01
                            0x01372e07
                            0x01372e0f
                            0x01372e13
                            0x01372e16
                            0x01372e1e
                            0x01372e26
                            0x01372e2a
                            0x01372e2e
                            0x01372e32
                            0x01372e40
                            0x01372e42
                            0x01372e45
                            0x00000000
                            0x00000000
                            0x01372e4b
                            0x01372e53
                            0x01372e5f
                            0x01372e5f
                            0x01372e67
                            0x01372e6d
                            0x01372fa9
                            0x01372fa9
                            0x01372faf
                            0x01372fb9
                            0x013bd774
                            0x013bd777
                            0x00000000
                            0x013bd77d
                            0x013bd77d
                            0x00000000
                            0x013bd77d
                            0x01372fbf
                            0x01372fbf
                            0x01372fc4
                            0x00000000
                            0x01372fc4
                            0x01372e73
                            0x01372e73
                            0x01372e78
                            0x00000000
                            0x01372e78
                            0x01372e55
                            0x01372e55
                            0x01372e59
                            0x013730b8
                            0x013730bb
                            0x013730c1
                            0x013730d8
                            0x013730da
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x013730c3
                            0x013730c6
                            0x013bd75f
                            0x00000000
                            0x013730cc
                            0x013730cf
                            0x013bd76a
                            0x013730e0
                            0x013730e0
                            0x013730e5
                            0x01372e7c
                            0x01372e7e
                            0x013bd784
                            0x013bd789
                            0x013bd789
                            0x00000000
                            0x01372e84
                            0x01372e88
                            0x01372e95
                            0x01372e9c
                            0x01372fcd
                            0x01372fd4
                            0x00000000
                            0x01372fe3
                            0x01372fe3
                            0x01372fe7
                            0x01372feb
                            0x00000000
                            0x01372feb
                            0x01372ea2
                            0x01372ea2
                            0x01372ec2
                            0x01372ec6
                            0x01372ec8
                            0x01372eca
                            0x01372ecc
                            0x01372ece
                            0x013bd78b
                            0x013bd78d
                            0x00000000
                            0x013bd793
                            0x00000000
                            0x013bd793
                            0x01372ed4
                            0x01372ed4
                            0x01372ed4
                            0x01372edb
                            0x013bd803
                            0x013bd803
                            0x00000000
                            0x01372ee1
                            0x01372ee1
                            0x01372ef0
                            0x01372ef0
                            0x01372ef0
                            0x01372efa
                            0x00000000
                            0x00000000
                            0x01372f00
                            0x01372f07
                            0x01372f15
                            0x01372f1c
                            0x013730ee
                            0x013730f7
                            0x013730f9
                            0x013730fc
                            0x01373102
                            0x0137319d
                            0x013731b0
                            0x013731b6
                            0x013731ba
                            0x013731c3
                            0x013731c9
                            0x013731c9
                            0x013731c3
                            0x01373102
                            0x0137311a
                            0x01373140
                            0x01373146
                            0x01373147
                            0x01373148
                            0x01373153
                            0x0137311c
                            0x0137311c
                            0x01373120
                            0x0137313a
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x0137313a
                            0x01372f22
                            0x01372f27
                            0x01372f83
                            0x01372f83
                            0x01372f84
                            0x01372f85
                            0x01372f94
                            0x01372f29
                            0x01372f29
                            0x01372f32
                            0x01372f34
                            0x01372f3a
                            0x01372f3e
                            0x01372f45
                            0x01372f49
                            0x00000000
                            0x01372f50
                            0x01372f53
                            0x01372ff5
                            0x01372ff7
                            0x013bd798
                            0x013bd7a0
                            0x00000000
                            0x013bd7a6
                            0x013bd7a6
                            0x013bd7aa
                            0x00000000
                            0x013bd7b0
                            0x013bd7b0
                            0x013bd7b3
                            0x013bd7b9
                            0x013bd7e3
                            0x013bd7e5
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x013bd7bb
                            0x013bd7be
                            0x013bd7cf
                            0x013bd7dc
                            0x00000000
                            0x013bd7d1
                            0x013bd7d1
                            0x013bd7d6
                            0x013bd7eb
                            0x013bd7eb
                            0x013bd7f0
                            0x00000000
                            0x013bd7f0
                            0x013bd7c0
                            0x013bd7c4
                            0x013bd7df
                            0x013bd7df
                            0x00000000
                            0x013bd7df
                            0x013bd7be
                            0x013bd7b9
                            0x013bd7aa
                            0x01372ffd
                            0x01372ffd
                            0x01373000
                            0x01373156
                            0x01373158
                            0x01373160
                            0x01373166
                            0x0137316c
                            0x00000000
                            0x01373172
                            0x01373172
                            0x01373177
                            0x00000000
                            0x01373177
                            0x01373006
                            0x01373009
                            0x00000000
                            0x0137300f
                            0x0137300f
                            0x01373013
                            0x0137301b
                            0x01373021
                            0x01373027
                            0x00000000
                            0x0137302d
                            0x0137302d
                            0x01373032
                            0x00000000
                            0x01373032
                            0x01373027
                            0x01373009
                            0x01373000
                            0x01372f59
                            0x01372f59
                            0x01372f5c
                            0x013bd7f9
                            0x00000000
                            0x01372f62
                            0x01372f62
                            0x01372f64
                            0x0137303b
                            0x0137304d
                            0x01373054
                            0x01373185
                            0x013731df
                            0x00000000
                            0x0137318c
                            0x0137318c
                            0x01373190
                            0x00000000
                            0x01373190
                            0x0137305a
                            0x0137305a
                            0x0137307a
                            0x0137307e
                            0x01373080
                            0x01373082
                            0x01373084
                            0x01373086
                            0x00000000
                            0x0137308c
                            0x0137308d
                            0x01373092
                            0x00000000
                            0x01373092
                            0x01373086
                            0x01372f6a
                            0x01372f6a
                            0x01372f6f
                            0x01372f71
                            0x01373094
                            0x01373094
                            0x0137309b
                            0x00000000
                            0x013730a1
                            0x00000000
                            0x013730a1
                            0x01372f77
                            0x01372f77
                            0x01372f7c
                            0x01372f7e
                            0x01372f7e
                            0x00000000
                            0x01372f7c
                            0x01372f71
                            0x01372f64
                            0x01372f5c
                            0x00000000
                            0x01372f53
                            0x01372f50
                            0x01372f27
                            0x00000000
                            0x01372f1c
                            0x013bd807
                            0x013bd807
                            0x013bd812
                            0x013bd817
                            0x013bd81a
                            0x00000000
                            0x013bd81a
                            0x01372edb
                            0x01372ece
                            0x01372e9c
                            0x013730d5
                            0x013730d5
                            0x00000000
                            0x013730d5
                            0x013730cf
                            0x013730c6
                            0x00000000
                            0x00000000
                            0x00000000
                            0x01372e59
                            0x00000000
                            0x01372f97
                            0x01372f97
                            0x01372f9a
                            0x00000000
                            0x01372fa0
                            0x01372fa3
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x01372fa3
                            0x00000000
                            0x01372f9a
                            0x01372e40
                            0x01372dd3
                            0x01372ddc
                            0x013bd71a
                            0x013bd71f
                            0x013bd724
                            0x013bd729
                            0x013bd729
                            0x013bd72b
                            0x013bd72d
                            0x013bd732
                            0x00000000
                            0x01372de2
                            0x01372de2
                            0x00000000
                            0x01372de2
                            0x01372ddc
                            0x01372dd1
                            0x01372dc8
                            0x01372dbf
                            0x01372db7
                            0x01372dab
                            0x01372d9c
                            0x00000000

                            Strings
                            • RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section, xrefs: 013BD809
                            • SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 013BD724
                            • SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 013BD758
                            • Actx , xrefs: 013BD76A, 013BD7D1
                            • RtlpFindActivationContextSection_CheckParameters, xrefs: 013BD71F, 013BD753
                            • SsHd, xrefs: 01372EF4
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID: Actx $RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section$RtlpFindActivationContextSection_CheckParameters$SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx.$SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx.$SsHd
                            • API String ID: 0-1988757188
                            • Opcode ID: 76bf2469c5717b108f5b7b3bce6fffa69ffd791a15f827d707818bc6bfa1eb2b
                            • Instruction ID: b365f49f49b65e60f9e90b68b9b3b2d31d69f5e69fea5fb416faba895ab17f98
                            • Opcode Fuzzy Hash: 76bf2469c5717b108f5b7b3bce6fffa69ffd791a15f827d707818bc6bfa1eb2b
                            • Instruction Fuzzy Hash: 60E1F4706043068FD735CF28C885BABBBE5BB8821CF044A2DFA56CB691D735D945CB82
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 01412D82 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 228timeCOMMONCrypto
                            Download Yara Rule
                            C-Code - Quality: 64%
                            			E01412D82(void* __ebx, intOrPtr* __ecx, signed int __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t83;
				signed char _t89;
				intOrPtr _t90;
				signed char _t101;
				signed int _t102;
				intOrPtr _t104;
				signed int _t105;
				signed int _t106;
				intOrPtr _t108;
				intOrPtr _t112;
				short* _t130;
				short _t131;
				signed int _t148;
				intOrPtr _t149;
				signed int* _t154;
				short* _t165;
				signed int _t171;
				void* _t182;

				_push(0x44);
				_push(0x1430e80);
				E013AD0E8(__ebx, __edi, __esi);
				_t177 = __edx;
				_t181 = __ecx;
				 *((intOrPtr*)(_t182 - 0x44)) = __ecx;
				 *((char*)(_t182 - 0x1d)) = 0;
				 *(_t182 - 0x24) = 0;
				if(( *(__ecx + 0x44) & 0x01000000) == 0) {
					 *((intOrPtr*)(_t182 - 4)) = 0;
					 *((intOrPtr*)(_t182 - 4)) = 1;
					_t83 = E013540E1("RtlAllocateHeap");
					__eflags = _t83;
					if(_t83 == 0) {
						L48:
						 *(_t182 - 0x24) = 0;
						L49:
						 *((intOrPtr*)(_t182 - 4)) = 0;
						 *((intOrPtr*)(_t182 - 4)) = 0xfffffffe;
						E014130C4();
						goto L50;
					}
					_t89 =  *(__ecx + 0x44) | __edx | 0x10000100;
					 *(_t182 - 0x28) = _t89;
					 *(_t182 - 0x3c) = _t89;
					_t177 =  *(_t182 + 8);
					__eflags = _t177;
					if(_t177 == 0) {
						_t171 = 1;
						__eflags = 1;
					} else {
						_t171 = _t177;
					}
					_t148 =  *((intOrPtr*)(_t181 + 0x94)) + _t171 &  *(_t181 + 0x98);
					__eflags = _t148 - 0x10;
					if(_t148 < 0x10) {
						_t148 = 0x10;
					}
					_t149 = _t148 + 8;
					 *((intOrPtr*)(_t182 - 0x48)) = _t149;
					__eflags = _t149 - _t177;
					if(_t149 < _t177) {
						L44:
						_t90 =  *[fs:0x30];
						__eflags =  *(_t90 + 0xc);
						if( *(_t90 + 0xc) == 0) {
							_push("HEAP: ");
							E0135B150();
						} else {
							E0135B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push( *((intOrPtr*)(_t181 + 0x78)));
						E0135B150("Invalid allocation size - %Ix (exceeded %Ix)\n", _t177);
						goto L48;
					} else {
						__eflags = _t149 -  *((intOrPtr*)(_t181 + 0x78));
						if(_t149 >  *((intOrPtr*)(_t181 + 0x78))) {
							goto L44;
						}
						__eflags = _t89 & 0x00000001;
						if((_t89 & 0x00000001) != 0) {
							_t178 =  *(_t182 - 0x28);
						} else {
							E0136EEF0( *((intOrPtr*)(_t181 + 0xc8)));
							 *((char*)(_t182 - 0x1d)) = 1;
							_t178 =  *(_t182 - 0x28) | 0x00000001;
							 *(_t182 - 0x3c) =  *(_t182 - 0x28) | 0x00000001;
						}
						E01414496(_t181, 0);
						_t177 = E01374620(_t181, _t181, _t178,  *(_t182 + 8));
						 *(_t182 - 0x24) = _t177;
						_t173 = 1;
						E014149A4(_t181);
						__eflags = _t177;
						if(_t177 == 0) {
							goto L49;
						} else {
							_t177 = _t177 + 0xfffffff8;
							__eflags =  *((char*)(_t177 + 7)) - 5;
							if( *((char*)(_t177 + 7)) == 5) {
								_t177 = _t177 - (( *(_t177 + 6) & 0x000000ff) << 3);
								__eflags = _t177;
							}
							_t154 = _t177;
							 *(_t182 - 0x40) = _t177;
							__eflags =  *(_t181 + 0x4c);
							if( *(_t181 + 0x4c) != 0) {
								 *_t177 =  *_t177 ^  *(_t181 + 0x50);
								__eflags =  *(_t177 + 3) - (_t154[0] ^ _t154[0] ^  *_t154);
								if(__eflags != 0) {
									_push(_t154);
									_t173 = _t177;
									E0140FA2B(0, _t181, _t177, _t177, _t181, __eflags);
								}
							}
							__eflags =  *(_t177 + 2) & 0x00000002;
							if(( *(_t177 + 2) & 0x00000002) == 0) {
								_t101 =  *(_t177 + 3);
								 *(_t182 - 0x29) = _t101;
								_t102 = _t101 & 0x000000ff;
							} else {
								_t130 = E01351F5B(_t177);
								 *((intOrPtr*)(_t182 - 0x30)) = _t130;
								__eflags =  *(_t181 + 0x40) & 0x08000000;
								if(( *(_t181 + 0x40) & 0x08000000) == 0) {
									 *_t130 = 0;
								} else {
									_t131 = E013816C7(1, _t173);
									_t165 =  *((intOrPtr*)(_t182 - 0x30));
									 *_t165 = _t131;
									_t130 = _t165;
								}
								_t102 =  *(_t130 + 2) & 0x0000ffff;
							}
							 *(_t182 - 0x34) = _t102;
							 *(_t182 - 0x28) = _t102;
							__eflags =  *(_t181 + 0x4c);
							if( *(_t181 + 0x4c) != 0) {
								 *(_t177 + 3) =  *(_t177 + 2) ^  *(_t177 + 1) ^  *_t177;
								 *_t177 =  *_t177 ^  *(_t181 + 0x50);
								__eflags =  *_t177;
							}
							__eflags =  *(_t181 + 0x40) & 0x20000000;
							if(( *(_t181 + 0x40) & 0x20000000) != 0) {
								__eflags = 0;
								E01414496(_t181, 0);
							}
							__eflags =  *(_t182 - 0x24) -  *0x1446360; // 0x0
							_t104 =  *[fs:0x30];
							if(__eflags != 0) {
								_t105 =  *(_t104 + 0x68);
								 *(_t182 - 0x4c) = _t105;
								__eflags = _t105 & 0x00000800;
								if((_t105 & 0x00000800) == 0) {
									goto L49;
								}
								_t106 =  *(_t182 - 0x34);
								__eflags = _t106;
								if(_t106 == 0) {
									goto L49;
								}
								__eflags = _t106 -  *0x1446364; // 0x0
								if(__eflags != 0) {
									goto L49;
								}
								__eflags =  *((intOrPtr*)(_t181 + 0x7c)) -  *0x1446366; // 0x0
								if(__eflags != 0) {
									goto L49;
								}
								_t108 =  *[fs:0x30];
								__eflags =  *(_t108 + 0xc);
								if( *(_t108 + 0xc) == 0) {
									_push("HEAP: ");
									E0135B150();
								} else {
									E0135B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push(E013FD455(_t181,  *(_t182 - 0x28)));
								_push( *(_t182 + 8));
								E0135B150("Just allocated block at %p for 0x%Ix bytes with tag %ws\n",  *(_t182 - 0x24));
								goto L34;
							} else {
								__eflags =  *(_t104 + 0xc);
								if( *(_t104 + 0xc) == 0) {
									_push("HEAP: ");
									E0135B150();
								} else {
									E0135B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push( *(_t182 + 8));
								E0135B150("Just allocated block at %p for %Ix bytes\n",  *0x1446360);
								L34:
								_t112 =  *[fs:0x30];
								__eflags =  *((char*)(_t112 + 2));
								if( *((char*)(_t112 + 2)) != 0) {
									 *0x1446378 = 1;
									 *0x14460c0 = 0;
									asm("int3");
									 *0x1446378 = 0;
								}
								goto L49;
							}
						}
					}
				} else {
					_t181 =  *0x1445708; // 0x0
					 *0x144b1e0(__ecx, __edx,  *(_t182 + 8));
					 *_t181();
					L50:
					return E013AD130(0, _t177, _t181);
				}
			}





















                            0x01412d82
                            0x01412d84
                            0x01412d89
                            0x01412d8e
                            0x01412d90
                            0x01412d92
                            0x01412d97
                            0x01412d9a
                            0x01412da4
                            0x01412dc0
                            0x01412dc3
                            0x01412dd1
                            0x01412dd6
                            0x01412dd8
                            0x014130a7
                            0x014130a7
                            0x014130aa
                            0x014130aa
                            0x014130ad
                            0x014130b4
                            0x00000000
                            0x014130b9
                            0x01412de3
                            0x01412de8
                            0x01412deb
                            0x01412dee
                            0x01412df1
                            0x01412df3
                            0x01412dfb
                            0x01412dfb
                            0x01412df5
                            0x01412df5
                            0x01412df5
                            0x01412e04
                            0x01412e0a
                            0x01412e0d
                            0x01412e11
                            0x01412e11
                            0x01412e12
                            0x01412e15
                            0x01412e18
                            0x01412e1a
                            0x01413027
                            0x01413027
                            0x0141302d
                            0x01413030
                            0x0141304f
                            0x01413054
                            0x01413032
                            0x01413047
                            0x0141304c
                            0x0141305a
                            0x01413063
                            0x00000000
                            0x01412e20
                            0x01412e20
                            0x01412e23
                            0x00000000
                            0x00000000
                            0x01412e29
                            0x01412e2b
                            0x01412e47
                            0x01412e2d
                            0x01412e33
                            0x01412e38
                            0x01412e3f
                            0x01412e42
                            0x01412e42
                            0x01412e4e
                            0x01412e5d
                            0x01412e5f
                            0x01412e62
                            0x01412e66
                            0x01412e6b
                            0x01412e6d
                            0x00000000
                            0x01412e73
                            0x01412e73
                            0x01412e76
                            0x01412e7a
                            0x01412e83
                            0x01412e83
                            0x01412e83
                            0x01412e85
                            0x01412e87
                            0x01412e8a
                            0x01412e8d
                            0x01412e92
                            0x01412e9c
                            0x01412e9f
                            0x01412ea1
                            0x01412ea2
                            0x01412ea6
                            0x01412ea6
                            0x01412e9f
                            0x01412eab
                            0x01412eaf
                            0x01412edf
                            0x01412ee2
                            0x01412ee5
                            0x01412eb1
                            0x01412eb3
                            0x01412eb8
                            0x01412ebd
                            0x01412ec4
                            0x01412ed6
                            0x01412ec6
                            0x01412ec7
                            0x01412ecc
                            0x01412ecf
                            0x01412ed2
                            0x01412ed2
                            0x01412ed9
                            0x01412ed9
                            0x01412ee8
                            0x01412eeb
                            0x01412eef
                            0x01412ef2
                            0x01412efe
                            0x01412f04
                            0x01412f04
                            0x01412f04
                            0x01412f06
                            0x01412f0d
                            0x01412f0f
                            0x01412f13
                            0x01412f13
                            0x01412f1b
                            0x01412f21
                            0x01412f27
                            0x01412f95
                            0x01412f98
                            0x01412f9b
                            0x01412fa0
                            0x00000000
                            0x00000000
                            0x01412fa6
                            0x01412fa9
                            0x01412fac
                            0x00000000
                            0x00000000
                            0x01412fb2
                            0x01412fb9
                            0x00000000
                            0x00000000
                            0x01412fc3
                            0x01412fca
                            0x00000000
                            0x00000000
                            0x01412fd0
                            0x01412fd6
                            0x01412fd9
                            0x01412ff8
                            0x01412ffd
                            0x01412fdb
                            0x01412ff0
                            0x01412ff5
                            0x0141300e
                            0x0141300f
                            0x0141301a
                            0x00000000
                            0x01412f29
                            0x01412f29
                            0x01412f2c
                            0x01412f4b
                            0x01412f50
                            0x01412f2e
                            0x01412f43
                            0x01412f48
                            0x01412f56
                            0x01412f64
                            0x01412f6c
                            0x01412f6c
                            0x01412f72
                            0x01412f76
                            0x01412f7c
                            0x01412f83
                            0x01412f89
                            0x01412f8a
                            0x01412f8a
                            0x00000000
                            0x01412f76
                            0x01412f27
                            0x01412e6d
                            0x01412da6
                            0x01412dab
                            0x01412db3
                            0x01412db9
                            0x014130bc
                            0x014130c1
                            0x014130c1

                            APIs
                            Strings
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID: DebugPrintTimes
                            • String ID: HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just allocated block at %p for %Ix bytes$Just allocated block at %p for 0x%Ix bytes with tag %ws$RtlAllocateHeap
                            • API String ID: 3446177414-1745908468
                            • Opcode ID: 615912285277e5bed1676e47d448aaf018d9cc7c5868dad109bd47e406c19a0f
                            • Instruction ID: ece2f257e883c472326dd84407e839e5b0fb04a7f5a914ef1b2703089fa545b0
                            • Opcode Fuzzy Hash: 615912285277e5bed1676e47d448aaf018d9cc7c5868dad109bd47e406c19a0f
                            • Instruction Fuzzy Hash: AE9124755006819FDB22DFACC454AAEBFF2FF49724F18801EE5499B3A9C7719942CB00
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 01414496 Relevance: 10.4, Strings: 8, Instructions: 417COMMONCrypto
                            Download Yara Rule
                            C-Code - Quality: 56%
                            			E01414496(signed int* __ecx, void* __edx) {
				signed int _v5;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed char _v24;
				signed int* _v28;
				char _v32;
				signed int* _v36;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t150;
				intOrPtr _t151;
				signed char _t156;
				intOrPtr _t157;
				unsigned int _t169;
				intOrPtr _t170;
				signed int* _t183;
				signed char _t184;
				intOrPtr _t191;
				signed int _t201;
				intOrPtr _t203;
				intOrPtr _t212;
				intOrPtr _t220;
				signed int _t230;
				signed int _t241;
				signed int _t244;
				void* _t259;
				signed int _t260;
				signed int* _t261;
				intOrPtr* _t262;
				signed int _t263;
				signed int* _t264;
				signed int _t267;
				signed int* _t268;
				void* _t270;
				void* _t281;
				signed short _t285;
				signed short _t289;
				signed int _t291;
				signed int _t298;
				signed char _t303;
				signed char _t308;
				signed int _t314;
				intOrPtr _t317;
				unsigned int _t319;
				signed int* _t325;
				signed int _t326;
				signed int _t327;
				intOrPtr _t328;
				signed int _t329;
				signed int _t330;
				signed int* _t331;
				signed int _t332;
				signed int _t350;

				_t259 = __edx;
				_t331 = __ecx;
				_v28 = __ecx;
				_v20 = 0;
				_v12 = 0;
				_t150 = E014149A4(__ecx);
				_t267 = 1;
				if(_t150 == 0) {
					L61:
					_t151 =  *[fs:0x30];
					__eflags =  *((char*)(_t151 + 2));
					if( *((char*)(_t151 + 2)) != 0) {
						 *0x1446378 = _t267;
						asm("int3");
						 *0x1446378 = 0;
					}
					__eflags = _v12;
					if(_v12 != 0) {
						_t105 =  &_v16;
						 *_t105 = _v16 & 0x00000000;
						__eflags =  *_t105;
						E0138174B( &_v12,  &_v16, 0x8000);
					}
					L65:
					__eflags = 0;
					return 0;
				}
				if(_t259 != 0 || (__ecx[0x10] & 0x20000000) != 0) {
					_t268 =  &(_t331[0x30]);
					_v32 = 0;
					_t260 =  *_t268;
					_t308 = 0;
					_v24 = 0;
					while(_t268 != _t260) {
						_t260 =  *_t260;
						_v16 =  *_t325 & 0x0000ffff;
						_t156 = _t325[0];
						_v28 = _t325;
						_v5 = _t156;
						__eflags = _t156 & 0x00000001;
						if((_t156 & 0x00000001) != 0) {
							_t157 =  *[fs:0x30];
							__eflags =  *(_t157 + 0xc);
							if( *(_t157 + 0xc) == 0) {
								_push("HEAP: ");
								E0135B150();
							} else {
								E0135B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push(_t325);
							E0135B150("dedicated (%04Ix) free list element %p is marked busy\n", _v16);
							L32:
							_t270 = 0;
							__eflags = _t331[0x13];
							if(_t331[0x13] != 0) {
								_t325[0] = _t325[0] ^ _t325[0] ^  *_t325;
								 *_t325 =  *_t325 ^ _t331[0x14];
							}
							L60:
							_t267 = _t270 + 1;
							__eflags = _t267;
							goto L61;
						}
						_t169 =  *_t325 & 0x0000ffff;
						__eflags = _t169 - _t308;
						if(_t169 < _t308) {
							_t170 =  *[fs:0x30];
							__eflags =  *(_t170 + 0xc);
							if( *(_t170 + 0xc) == 0) {
								_push("HEAP: ");
								E0135B150();
							} else {
								E0135B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							E0135B150("Non-Dedicated free list element %p is out of order\n", _t325);
							goto L32;
						} else {
							__eflags = _t331[0x13];
							_t308 = _t169;
							_v24 = _t308;
							if(_t331[0x13] != 0) {
								_t325[0] = _t169 >> 0x00000008 ^ _v5 ^ _t308;
								 *_t325 =  *_t325 ^ _t331[0x14];
								__eflags =  *_t325;
							}
							_t26 =  &_v32;
							 *_t26 = _v32 + 1;
							__eflags =  *_t26;
							continue;
						}
					}
					_v16 = 0x208 + (_t331[0x21] & 0x0000ffff) * 4;
					if( *0x1446350 != 0 && _t331[0x2f] != 0) {
						_push(4);
						_push(0x1000);
						_push( &_v16);
						_push(0);
						_push( &_v12);
						_push(0xffffffff);
						if(E01399660() >= 0) {
							_v20 = _v12 + 0x204;
						}
					}
					_t183 =  &(_t331[0x27]);
					_t281 = 0x81;
					_t326 =  *_t183;
					if(_t183 == _t326) {
						L49:
						_t261 =  &(_t331[0x29]);
						_t184 = 0;
						_t327 =  *_t261;
						_t282 = 0;
						_v24 = 0;
						_v36 = 0;
						__eflags = _t327 - _t261;
						if(_t327 == _t261) {
							L53:
							_t328 = _v32;
							_v28 = _t331;
							__eflags = _t328 - _t184;
							if(_t328 == _t184) {
								__eflags = _t331[0x1d] - _t282;
								if(_t331[0x1d] == _t282) {
									__eflags = _v12;
									if(_v12 == 0) {
										L82:
										_t267 = 1;
										__eflags = 1;
										goto L83;
									}
									_t329 = _t331[0x2f];
									__eflags = _t329;
									if(_t329 == 0) {
										L77:
										_t330 = _t331[0x22];
										__eflags = _t330;
										if(_t330 == 0) {
											L81:
											_t129 =  &_v16;
											 *_t129 = _v16 & 0x00000000;
											__eflags =  *_t129;
											E0138174B( &_v12,  &_v16, 0x8000);
											goto L82;
										}
										_t314 = _t331[0x21] & 0x0000ffff;
										_t285 = 1;
										__eflags = 1 - _t314;
										if(1 >= _t314) {
											goto L81;
										} else {
											goto L79;
										}
										while(1) {
											L79:
											_t330 = _t330 + 0x40;
											_t332 = _t285 & 0x0000ffff;
											_t262 = _v20 + _t332 * 4;
											__eflags =  *_t262 -  *((intOrPtr*)(_t330 + 8));
											if( *_t262 !=  *((intOrPtr*)(_t330 + 8))) {
												break;
											}
											_t285 = _t285 + 1;
											__eflags = _t285 - _t314;
											if(_t285 < _t314) {
												continue;
											}
											goto L81;
										}
										_t191 =  *[fs:0x30];
										__eflags =  *(_t191 + 0xc);
										if( *(_t191 + 0xc) == 0) {
											_push("HEAP: ");
											E0135B150();
										} else {
											E0135B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
										}
										_push(_t262);
										_push( *((intOrPtr*)(_v20 + _t332 * 4)));
										_t148 = _t330 + 0x10; // 0x10
										_push( *((intOrPtr*)(_t330 + 8)));
										E0135B150("Tag %04x (%ws) size incorrect (%Ix != %Ix) %p\n", _t332);
										L59:
										_t270 = 0;
										__eflags = 0;
										goto L60;
									}
									_t289 = 1;
									__eflags = 1;
									while(1) {
										_t201 = _v12;
										_t329 = _t329 + 0xc;
										_t263 = _t289 & 0x0000ffff;
										__eflags =  *((intOrPtr*)(_t201 + _t263 * 4)) -  *((intOrPtr*)(_t329 + 8));
										if( *((intOrPtr*)(_t201 + _t263 * 4)) !=  *((intOrPtr*)(_t329 + 8))) {
											break;
										}
										_t289 = _t289 + 1;
										__eflags = _t289 - 0x81;
										if(_t289 < 0x81) {
											continue;
										}
										goto L77;
									}
									_t203 =  *[fs:0x30];
									__eflags =  *(_t203 + 0xc);
									if( *(_t203 + 0xc) == 0) {
										_push("HEAP: ");
										E0135B150();
									} else {
										E0135B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
									}
									_t291 = _v12;
									_push(_t291 + _t263 * 4);
									_push( *((intOrPtr*)(_t291 + _t263 * 4)));
									_push( *((intOrPtr*)(_t329 + 8)));
									E0135B150("Pseudo Tag %04x size incorrect (%Ix != %Ix) %p\n", _t263);
									goto L59;
								}
								_t212 =  *[fs:0x30];
								__eflags =  *(_t212 + 0xc);
								if( *(_t212 + 0xc) == 0) {
									_push("HEAP: ");
									E0135B150();
								} else {
									E0135B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push(_t331[0x1d]);
								_push(_v36);
								_push("Total size of free blocks in arena (%Id) does not match number total in heap header (%Id)\n");
								L58:
								E0135B150();
								goto L59;
							}
							_t220 =  *[fs:0x30];
							__eflags =  *(_t220 + 0xc);
							if( *(_t220 + 0xc) == 0) {
								_push("HEAP: ");
								E0135B150();
							} else {
								E0135B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push(_t328);
							_push(_v24);
							_push("Number of free blocks in arena (%ld) does not match number in the free lists (%ld)\n");
							goto L58;
						} else {
							goto L50;
						}
						while(1) {
							L50:
							_t92 = _t327 - 0x10; // -24
							_t282 = _t331;
							_t230 = E01414AEF(_t331, _t92, _t331,  &_v24,  &_v36,  &_v28, _v20, _v12);
							__eflags = _t230;
							if(_t230 == 0) {
								goto L59;
							}
							_t327 =  *_t327;
							__eflags = _t327 - _t261;
							if(_t327 != _t261) {
								continue;
							}
							_t184 = _v24;
							_t282 = _v36;
							goto L53;
						}
						goto L59;
					} else {
						while(1) {
							_t39 = _t326 + 0x18; // 0x10
							_t264 = _t39;
							if(_t331[0x13] != 0) {
								_t319 = _t331[0x14] ^  *_t264;
								 *_t264 = _t319;
								_t303 = _t319 >> 0x00000010 ^ _t319 >> 0x00000008 ^ _t319;
								_t348 = _t319 >> 0x18 - _t303;
								if(_t319 >> 0x18 != _t303) {
									_push(_t303);
									E0140FA2B(_t264, _t331, _t264, _t326, _t331, _t348);
								}
								_t281 = 0x81;
							}
							_t317 = _v20;
							if(_t317 != 0) {
								_t241 =  *(_t326 + 0xa) & 0x0000ffff;
								_t350 = _t241;
								if(_t350 != 0) {
									if(_t350 >= 0) {
										__eflags = _t241 & 0x00000800;
										if(__eflags == 0) {
											__eflags = _t241 - _t331[0x21];
											if(__eflags < 0) {
												_t298 = _t241;
												_t65 = _t317 + _t298 * 4;
												 *_t65 =  *(_t317 + _t298 * 4) + ( *(_t326 + 0x10) >> 3);
												__eflags =  *_t65;
											}
										}
									} else {
										_t244 = _t241 & 0x00007fff;
										if(_t244 < _t281) {
											 *((intOrPtr*)(_v12 + _t244 * 4)) =  *((intOrPtr*)(_v12 + _t244 * 4)) + ( *(_t326 + 0x10) >> 3);
										}
									}
								}
							}
							if(( *(_t326 + 0x1a) & 0x00000004) != 0 && E014023E3(_t331, _t264) == 0) {
								break;
							}
							if(_t331[0x13] != 0) {
								_t264[0] = _t264[0] ^ _t264[0] ^  *_t264;
								 *_t264 =  *_t264 ^ _t331[0x14];
							}
							_t326 =  *_t326;
							if( &(_t331[0x27]) == _t326) {
								goto L49;
							} else {
								_t281 = 0x81;
								continue;
							}
						}
						__eflags = _t331[0x13];
						if(_t331[0x13] != 0) {
							 *(_t326 + 0x1b) =  *(_t326 + 0x1a) ^  *(_t326 + 0x19) ^  *(_t326 + 0x18);
							 *(_t326 + 0x18) =  *(_t326 + 0x18) ^ _t331[0x14];
						}
						goto L65;
					}
				} else {
					L83:
					return _t267;
				}
			}



























































                            0x014144a1
                            0x014144a3
                            0x014144a7
                            0x014144ac
                            0x014144af
                            0x014144b2
                            0x014144b9
                            0x014144bc
                            0x014147f2
                            0x014147f2
                            0x014147f8
                            0x014147fc
                            0x014147fe
                            0x01414804
                            0x01414805
                            0x01414805
                            0x0141480c
                            0x01414810
                            0x01414812
                            0x01414812
                            0x01414812
                            0x01414822
                            0x01414822
                            0x01414827
                            0x01414827
                            0x00000000
                            0x01414827
                            0x014144c4
                            0x014144d3
                            0x014144d9
                            0x014144dc
                            0x014144de
                            0x014144e0
                            0x01414560
                            0x01414520
                            0x01414522
                            0x01414525
                            0x01414528
                            0x0141452b
                            0x0141452e
                            0x01414530
                            0x01414697
                            0x0141469d
                            0x014146a1
                            0x014146c0
                            0x014146c5
                            0x014146a3
                            0x014146b8
                            0x014146bd
                            0x014146cb
                            0x014146d4
                            0x01414677
                            0x01414677
                            0x01414679
                            0x0141467c
                            0x0141468a
                            0x01414690
                            0x01414690
                            0x014147f1
                            0x014147f1
                            0x014147f1
                            0x00000000
                            0x014147f1
                            0x01414536
                            0x01414539
                            0x0141453c
                            0x01414636
                            0x0141463c
                            0x01414640
                            0x0141465f
                            0x01414664
                            0x01414642
                            0x01414657
                            0x0141465c
                            0x01414670
                            0x00000000
                            0x01414542
                            0x01414542
                            0x01414546
                            0x01414548
                            0x0141454b
                            0x01414555
                            0x0141455b
                            0x0141455b
                            0x0141455b
                            0x0141455d
                            0x0141455d
                            0x0141455d
                            0x00000000
                            0x0141455d
                            0x0141453c
                            0x01414579
                            0x0141457c
                            0x01414587
                            0x01414589
                            0x01414591
                            0x01414592
                            0x01414597
                            0x01414598
                            0x014145a1
                            0x014145ab
                            0x014145ab
                            0x014145a1
                            0x014145ae
                            0x014145b4
                            0x014145b9
                            0x014145bd
                            0x01414759
                            0x01414759
                            0x0141475f
                            0x01414761
                            0x01414763
                            0x01414765
                            0x01414768
                            0x0141476b
                            0x0141476d
                            0x0141479c
                            0x0141479c
                            0x0141479f
                            0x014147a2
                            0x014147a4
                            0x01414830
                            0x01414833
                            0x01414879
                            0x0141487d
                            0x014148f1
                            0x014148f3
                            0x014148f3
                            0x00000000
                            0x014148f3
                            0x0141487f
                            0x01414885
                            0x01414887
                            0x014148a8
                            0x014148a8
                            0x014148ae
                            0x014148b0
                            0x014148dc
                            0x014148dc
                            0x014148dc
                            0x014148dc
                            0x014148ec
                            0x00000000
                            0x014148ec
                            0x014148b2
                            0x014148bc
                            0x014148be
                            0x014148c1
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x014148c3
                            0x014148c3
                            0x014148c6
                            0x014148c9
                            0x014148cc
                            0x014148d1
                            0x014148d4
                            0x00000000
                            0x00000000
                            0x014148d6
                            0x014148d7
                            0x014148da
                            0x00000000
                            0x00000000
                            0x00000000
                            0x014148da
                            0x0141494f
                            0x01414955
                            0x01414959
                            0x01414978
                            0x0141497d
                            0x0141495b
                            0x01414970
                            0x01414975
                            0x01414986
                            0x01414987
                            0x0141498a
                            0x0141498d
                            0x01414997
                            0x014147ef
                            0x014147ef
                            0x014147ef
                            0x00000000
                            0x014147ef
                            0x01414890
                            0x01414890
                            0x01414891
                            0x01414891
                            0x01414894
                            0x01414897
                            0x0141489d
                            0x014148a0
                            0x00000000
                            0x00000000
                            0x014148a2
                            0x014148a3
                            0x014148a6
                            0x00000000
                            0x00000000
                            0x00000000
                            0x014148a6
                            0x014148fb
                            0x01414901
                            0x01414905
                            0x01414924
                            0x01414929
                            0x01414907
                            0x0141491c
                            0x01414921
                            0x0141492f
                            0x01414935
                            0x01414936
                            0x01414939
                            0x01414942
                            0x00000000
                            0x01414947
                            0x01414835
                            0x0141483b
                            0x0141483f
                            0x0141485e
                            0x01414863
                            0x01414841
                            0x01414856
                            0x0141485b
                            0x01414869
                            0x0141486c
                            0x0141486f
                            0x014147e7
                            0x014147e7
                            0x00000000
                            0x014147ec
                            0x014147aa
                            0x014147b0
                            0x014147b4
                            0x014147d3
                            0x014147d8
                            0x014147b6
                            0x014147cb
                            0x014147d0
                            0x014147de
                            0x014147df
                            0x014147e2
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x0141476f
                            0x0141476f
                            0x01414778
                            0x01414785
                            0x01414787
                            0x0141478c
                            0x0141478e
                            0x00000000
                            0x00000000
                            0x01414790
                            0x01414792
                            0x01414794
                            0x00000000
                            0x00000000
                            0x01414796
                            0x01414799
                            0x00000000
                            0x01414799
                            0x00000000
                            0x014145c3
                            0x014145c3
                            0x014145c7
                            0x014145c7
                            0x014145ca
                            0x014145cf
                            0x014145d3
                            0x014145df
                            0x014145e4
                            0x014145e6
                            0x014145e8
                            0x014145ed
                            0x014145ed
                            0x014145f2
                            0x014145f2
                            0x014145f7
                            0x014145fc
                            0x01414602
                            0x01414606
                            0x01414609
                            0x0141460f
                            0x014146de
                            0x014146e3
                            0x014146e5
                            0x014146ec
                            0x014146ee
                            0x014146f6
                            0x014146f6
                            0x014146f6
                            0x014146f6
                            0x014146ec
                            0x01414615
                            0x01414615
                            0x0141461d
                            0x0141462e
                            0x0141462e
                            0x0141461d
                            0x0141460f
                            0x01414609
                            0x014146fd
                            0x00000000
                            0x00000000
                            0x01414710
                            0x0141471a
                            0x01414720
                            0x01414720
                            0x01414722
                            0x0141472c
                            0x00000000
                            0x0141472e
                            0x0141472e
                            0x00000000
                            0x0141472e
                            0x0141472c
                            0x01414738
                            0x0141473c
                            0x0141474b
                            0x01414751
                            0x01414751
                            0x00000000
                            0x0141473c
                            0x014148f4
                            0x014148f4
                            0x00000000
                            0x014148f4

                            Strings
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID: HEAP: $HEAP[%wZ]: $Non-Dedicated free list element %p is out of order$Number of free blocks in arena (%ld) does not match number in the free lists (%ld)$Pseudo Tag %04x size incorrect (%Ix != %Ix) %p$Tag %04x (%ws) size incorrect (%Ix != %Ix) %p$Total size of free blocks in arena (%Id) does not match number total in heap header (%Id)$dedicated (%04Ix) free list element %p is marked busy
                            • API String ID: 0-1357697941
                            • Opcode ID: 869c77dcc072d5ef3e9a913cd378806baed9bccadfeb16534c6c1f7543fbed26
                            • Instruction ID: aa4674f3042415e5eb132834a011baadad5e4734fb523b7610a880695cca41e9
                            • Opcode Fuzzy Hash: 869c77dcc072d5ef3e9a913cd378806baed9bccadfeb16534c6c1f7543fbed26
                            • Instruction Fuzzy Hash: 3EF12235600246EFDB21CF6DC440BAAFBF6FF45708F08802AE5469B7A5C734AA46CB50
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 014131DC Relevance: 10.2, Strings: 8, Instructions: 190COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID: HEAP: $HEAP[%wZ]: $Invalid CommitSize parameter - %Ix$Invalid ReserveSize parameter - %Ix$May not specify Lock parameter with HEAP_NO_SERIALIZE$Specified HeapBase (%p) != to BaseAddress (%p)$Specified HeapBase (%p) invalid, Status = %lx$Specified HeapBase (%p) is free or not writable
                            • API String ID: 0-2224505338
                            • Opcode ID: 6458e962e912aa0210de6be5e6b806b0d04848de1888438544591243c07fd80a
                            • Instruction ID: cbf84fa4764176bfbbd80e435a3da6f372b7821d5b47d4426fe0b06d659ba52e
                            • Opcode Fuzzy Hash: 6458e962e912aa0210de6be5e6b806b0d04848de1888438544591243c07fd80a
                            • Instruction Fuzzy Hash: D8510B32241245EFE751EFADC845E6AB7A9FF04E38F04842AF8059B365C670D941CB15
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 013806C0 Relevance: 9.7, APIs: 1, Strings: 4, Instructions: 901timeCOMMONCrypto
                            Download Yara Rule
                            C-Code - Quality: 80%
                            			E013806C0(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed short _t415;
				signed int _t419;
				void* _t426;
				signed int _t436;
				intOrPtr _t438;
				void* _t440;
				void* _t441;
				signed int _t442;
				void* _t445;
				unsigned int _t453;
				intOrPtr* _t473;
				intOrPtr* _t475;
				intOrPtr* _t477;
				intOrPtr* _t479;
				void* _t505;
				void* _t507;
				signed int _t513;
				void* _t520;
				intOrPtr _t521;
				void* _t522;
				void* _t525;
				char* _t532;
				intOrPtr _t543;
				void* _t550;
				void* _t553;
				intOrPtr _t554;
				void* _t557;
				void* _t558;
				signed int _t559;
				void* _t562;
				signed int _t564;
				void* _t565;
				signed int _t570;
				signed int _t571;
				intOrPtr _t593;
				void* _t602;
				void* _t603;
				unsigned int _t607;
				void* _t609;
				void* _t611;
				signed int _t616;
				intOrPtr _t617;
				void* _t620;
				void* _t621;
				signed char _t628;
				intOrPtr _t632;
				signed int _t647;
				signed int _t659;
				signed int _t660;
				signed int _t670;
				void* _t674;
				signed int _t679;
				signed char _t680;
				signed int _t681;
				void* _t689;
				void* _t690;
				signed short _t691;
				signed short _t693;
				signed char _t699;
				void* _t712;
				void* _t713;
				void* _t714;
				short _t715;
				void* _t716;
				signed int _t718;
				void* _t731;
				void* _t733;
				signed int _t734;
				signed int _t735;
				void* _t737;
				signed int _t738;
				intOrPtr* _t742;
				void* _t743;
				void* _t744;
				void* _t746;
				intOrPtr _t750;

				_push(0x114);
				_push(0x142fee0);
				E013AD0E8(__ebx, __edi, __esi);
				_t607 =  *(_t743 + 0x18);
				 *(_t743 - 0xb4) = _t607;
				_t679 =  *(_t743 + 8);
				 *(_t743 - 0xb0) = _t679;
				_t415 =  *(_t743 + 0xc);
				 *(_t743 - 0xb8) = _t415;
				 *(_t743 - 0xe8) = _t415;
				_t609 =  *(_t743 + 0x10);
				 *(_t743 - 0xc8) = _t609;
				_t731 =  *(_t743 + 0x14);
				 *(_t743 - 0xc4) = _t731;
				 *(_t743 - 0xf0) = _t607;
				_t712 =  *(_t743 + 0x1c);
				 *(_t743 - 0xd8) =  *( *[fs:0x30] + 0x68);
				 *(_t743 - 0xe4) = 0;
				 *(_t743 - 0xac) = 0;
				 *(_t743 - 0xbc) = 0;
				_t750 =  *0x14456fc; // 0x0
				if(_t750 != 0) {
					__eflags =  *(_t743 - 0xb8);
					if( *(_t743 - 0xb8) != 0) {
						goto L1;
					}
					__eflags =  *(_t743 - 0xb4);
					if( *(_t743 - 0xb4) != 0) {
						goto L1;
					}
					_t742 =  *0x1445714; // 0x0
					 *0x144b1e0(_t679, 0, _t609, _t731, 0, _t712);
					 *_t742();
					_t732 = 0;
					__eflags = 0;
					if(0 != 0) {
						L81:
						_t681 =  *(_t743 - 0xb4);
						L82:
						_t713 =  *(_t743 - 0xb8);
						_t419 = 0;
						L83:
						if(_t419 != 0) {
							__eflags = _t419 - _t681;
							if(__eflags != 0) {
								_push(_t419);
								E0138A080(0, _t713, _t732, __eflags);
							}
						}
						if( *(_t743 - 0xac) != 0) {
							__eflags = _t713;
							if(_t713 == 0) {
								 *(_t743 - 0xc0) = 0;
								E0138174B(_t743 - 0xac, _t743 - 0xc0, 0x8000);
							}
						}
						L86:
						return E013AD130(0, _t713, _t732);
					}
					__eflags = _t712 - 0xffffffff;
					if(_t712 != 0xffffffff) {
						L138:
						_t732 = 0;
						goto L81;
					}
					_t712 = 0;
					_t679 =  *(_t743 - 0xb0);
					_t609 =  *(_t743 - 0xc8);
				}
				L1:
				_t680 = _t679 & 0xf1ffffff;
				 *(_t743 - 0xb0) = _t680;
				_t732 = 0;
				if((_t680 & 0x00000100) != 0) {
					__eflags = _t680 & 0x00000002;
					if((_t680 & 0x00000002) == 0) {
						goto L81;
					}
					__eflags =  *(_t743 - 0xb8);
					if( *(_t743 - 0xb8) != 0) {
						goto L81;
					}
					__eflags = _t609;
					if(_t609 != 0) {
						goto L81;
					}
					__eflags =  *(_t743 - 0xc4);
					if( *(_t743 - 0xc4) != 0) {
						goto L81;
					}
					__eflags =  *(_t743 - 0xb4);
					if( *(_t743 - 0xb4) != 0) {
						goto L81;
					}
					__eflags = _t712;
					if(_t712 == 0) {
						L128:
						_t732 = _t743 - 0x4c;
						L3:
						if(_t732 != 0) {
							__eflags = _t732 - _t743 - 0x4c;
							if(_t732 == _t743 - 0x4c) {
								_t715 = 0x30;
								E0139FA60(_t732, 0, _t715);
								 *_t732 = 1;
								 *((short*)(_t732 + 2)) = _t715;
								 *((intOrPtr*)(_t732 + 0xc)) = 1;
								_t314 = _t732 + 0x10;
								 *_t314 =  *(_t732 + 0x10) | 0xffffffff;
								__eflags =  *_t314;
							}
							_t426 = E01415196(_t732);
							_t714 =  *(_t743 - 0xc8);
							_t611 =  *(_t743 - 0xc4);
							__eflags = _t714;
							if(_t714 == 0) {
								_t714 = _t611;
							}
							__eflags = _t611 - _t714;
							if(_t611 > _t714) {
								_t611 = _t714;
							}
							_t732 = E0141B2E8(E01402DE2(_t426,  *(_t743 - 0xb0),  *(_t743 - 0xd8)), _t714, _t611, _t426, _t680);
							__eflags = _t732;
							if(_t732 == 0) {
								goto L81;
							} else {
								E01381249(_t732, 0, 1, 0);
								__eflags =  *(_t732 + 0x24);
								if( *(_t732 + 0x24) != 0) {
									goto L81;
								}
								E0141B581(_t732);
								goto L138;
							}
						}
						if((_t680 & 0x10000000) != 0) {
							L7:
							_t733 = 0x30;
							E0139FA60(_t743 - 0xa8, 0, _t733);
							_t746 = _t744 + 0xc;
							if(_t712 != 0) {
								 *((intOrPtr*)(_t743 - 4)) = 0;
								__eflags =  *_t712 - _t733;
								if( *_t712 == _t733) {
									_t670 = 0xc;
									memcpy(_t743 - 0xa8, _t712, _t670 << 2);
									_t746 = _t746 + 0xc;
								}
								 *((intOrPtr*)(_t743 - 4)) = 0xfffffffe;
							}
							_t616 =  *(_t743 - 0xd8);
							_t436 =  *(_t743 - 0xb0);
							if((_t616 & 0x00000010) != 0) {
								_t436 = _t436 | 0x00000020;
								 *(_t743 - 0xb0) = _t436;
							}
							if((_t616 & 0x00000020) != 0) {
								_t436 = _t436 | 0x00000040;
								 *(_t743 - 0xb0) = _t436;
							}
							if((_t616 & 0x00200000) != 0) {
								_t436 = _t436 | 0x00000080;
								 *(_t743 - 0xb0) = _t436;
							}
							if((_t616 & 0x00000040) != 0) {
								_t436 = _t436 | 0x40000000;
								 *(_t743 - 0xb0) = _t436;
							}
							if((0x00000080 & _t616) != 0) {
								_t436 = _t436 | 0x20000000;
								 *(_t743 - 0xb0) = _t436;
							}
							_t687 = 0x1000;
							if((0x00001000 & _t616) != 0) {
								 *(_t743 - 0xb0) = _t436 | 0x08000000;
							}
							_t617 =  *[fs:0x30];
							if( *((intOrPtr*)(_t743 - 0xa4)) == 0) {
								 *((intOrPtr*)(_t743 - 0xa4)) =  *((intOrPtr*)(_t617 + 0x78));
							}
							if( *((intOrPtr*)(_t743 - 0xa0)) == 0) {
								 *((intOrPtr*)(_t743 - 0xa0)) =  *((intOrPtr*)(_t617 + 0x7c));
							}
							if( *(_t743 - 0x9c) == 0) {
								 *(_t743 - 0x9c) =  *(_t617 + 0x84);
							}
							if( *(_t743 - 0x98) == 0) {
								 *(_t743 - 0x98) =  *(_t617 + 0x80);
							}
							_t438 =  *0x1448728; // 0x7ffeffff
							if(_t438 == 0) {
								 *0x144872c = 0x10000;
								_push(0);
								_push(0x2c);
								_push(_t743 - 0x78);
								_push(0);
								_t440 = E01399860();
								__eflags = _t440;
								if(_t440 < 0) {
									goto L138;
								}
								_t438 =  *((intOrPtr*)(_t743 - 0x58));
								 *0x1448728 = _t438;
								_t687 = 0x1000;
								goto L23;
							} else {
								L23:
								if( *((intOrPtr*)(_t743 - 0x94)) == 0) {
									 *((intOrPtr*)(_t743 - 0x94)) = _t438 -  *0x144872c - _t687;
								}
								if( *((intOrPtr*)(_t743 - 0x90)) != 0) {
									__eflags =  *((intOrPtr*)(_t743 - 0x90)) - 0x7f000;
									if( *((intOrPtr*)(_t743 - 0x90)) <= 0x7f000) {
										goto L27;
									}
									goto L26;
								} else {
									L26:
									 *((intOrPtr*)(_t743 - 0x90)) = 0x7f000;
									L27:
									_t441 =  *(_t743 - 0xc4);
									if(_t441 != 0) {
										_t687 = _t441 + 0x00000fff & 0xfffff000;
									}
									 *(_t743 - 0xcc) = _t687;
									_t716 =  *(_t743 - 0xc8);
									if(_t716 != 0) {
										_t619 = _t716 + 0x00000fff & 0xfffff000;
									} else {
										_t62 = _t687 + 0xffff; // 0x10fff
										_t619 = _t62 & 0xffff0000;
									}
									 *(_t743 - 0xc0) = _t619;
									_t734 = _t687;
									if(_t687 > _t619) {
										_t687 = _t619;
										 *(_t743 - 0xcc) = _t619;
										_t734 = _t619;
									}
									_t713 = _t734;
									_t442 =  *(_t743 - 0xb0);
									if((_t442 & 0x00000002) == 0 ||  *(_t743 - 0xb8) != 0) {
										 *(_t743 - 0xec) = 0;
										_t734 = _t713;
									} else {
										 *(_t743 - 0xec) = 0x1000;
										 *(_t743 - 0xe4) = 2;
										_t70 = _t619 - 0x1000; // 0xffff
										if(_t70 < _t734) {
											_t619 = _t619 + 0x00010fff & 0xffff0000;
											 *(_t743 - 0xc0) = _t619;
										}
										_t442 =  *(_t743 - 0xb0);
									}
									if(_t734 == 0 || _t619 == 0) {
										goto L138;
									} else {
										if((_t442 & 0x61000000) != 0) {
											__eflags = _t442 & 0x10000000;
											if((_t442 & 0x10000000) != 0) {
												goto L38;
											}
											_t732 = _t743 - 0xa8;
											E014131DC(_t442,  *(_t743 - 0xb8), _t619, _t687,  *(_t743 - 0xb4), _t743 - 0xa8);
											goto L86;
										}
										L38:
										 *(_t743 - 0xc8) = 0x248;
										_t681 =  *(_t743 - 0xb4);
										if((_t442 & 0x00000001) != 0) {
											__eflags = _t681;
											if(_t681 == 0) {
												L41:
												_t713 =  *(_t743 - 0xb8);
												if(_t713 != 0) {
													__eflags =  *(_t743 - 0x84);
													if( *(_t743 - 0x84) != 0) {
														_t689 =  *(_t743 - 0x8c);
														__eflags = _t689;
														if(_t689 == 0) {
															L168:
															_t419 =  *(_t743 - 0xbc);
															_t732 = 0;
															_t681 =  *(_t743 - 0xb4);
															goto L83;
														}
														_t620 =  *(_t743 - 0x88);
														__eflags = _t620;
														if(_t620 == 0) {
															goto L168;
														}
														__eflags = _t689 - _t620;
														if(_t689 > _t620) {
															goto L168;
														}
														__eflags = _t442 & 0x00000002;
														if((_t442 & 0x00000002) != 0) {
															goto L168;
														}
														 *(_t743 - 0xd0) = _t713;
														 *(_t743 - 0xc4) = _t713 + _t689;
														 *(_t743 - 0xc0) = _t620;
														E0139FA60(_t713, 0, 0x1000);
														_t746 = _t746 + 0xc;
														L108:
														_t735 =  *(_t743 - 0xb0);
														L97:
														 *(_t743 - 0xe4) =  *(_t743 - 0xe4) | 0x00000001;
														_t690 = _t713;
														 *(_t743 - 0xac) = _t690;
														_t718 = _t735 & 0x00040000;
														_t621 =  *(_t743 - 0xc4);
														_t445 =  *(_t743 - 0xd0);
														L48:
														if(_t445 != _t621) {
															_t719 = 0x7ffe0380;
															L54:
															_t691 = _t690 + 0x248;
															 *(_t743 - 0xe8) = _t691;
															 *(_t743 - 0xd8) = _t691 & 0x0000ffff;
															if(( *( *[fs:0x30] + 0x68) & 0x00000800) != 0) {
																 *( *(_t743 - 0xac) + 0xbc) = _t691 + 0x00000007 & 0xfffffff8;
																 *(_t743 - 0xc8) =  *(_t743 - 0xc8) + 0x60c;
																_t693 =  *( *(_t743 - 0xac) + 0xbc) + 0x60c;
																 *(_t743 - 0xe8) = _t693;
																 *(_t743 - 0xb0) =  *(_t743 - 0xb0) | 0x04000000;
																 *(_t743 - 0xd8) = _t693 & 0x0000ffff;
																_t735 =  *(_t743 - 0xb0);
															}
															_t453 =  *(_t743 - 0xc8) + 0x00000007 & 0xfffffff8;
															 *(_t743 - 0xf0) = _t453;
															 *( *(_t743 - 0xac)) = _t453 >> 3;
															 *((char*)( *(_t743 - 0xac) + 2)) = 1;
															 *((char*)( *(_t743 - 0xac) + 7)) = 1;
															 *((intOrPtr*)( *(_t743 - 0xac) + 0x60)) = 0xeeffeeff;
															 *( *(_t743 - 0xac) + 0x40) = _t735 & 0xefffffff;
															 *((intOrPtr*)( *(_t743 - 0xac) + 0x58)) = 0;
															E0139FA60( *(_t743 - 0xac) + 0x1e4, 0, 0x5c);
															E013810D2( *(_t743 - 0xac));
															 *((intOrPtr*)( *(_t743 - 0xac) + 0x224)) = 1;
															_t737 =  *(_t743 - 0xac);
															if(( *(_t737 + 0x40) & 0x08000000) != 0) {
																 *(_t737 + 0x58) = E0140FD06(0x14120e0) & 0x0000ffff;
																 *( *(_t743 - 0xac) + 0x40) =  *( *(_t743 - 0xac) + 0x40) & 0xffffffbf;
																_t737 =  *(_t743 - 0xac);
															}
															_t628 =  *(_t743 - 0xb0);
															 *(_t737 + 0x44) = _t628 & 0x6001007d;
															 *((short*)( *(_t743 - 0xac) + 0x7e)) =  *(_t743 - 0xd8) -  *(_t743 - 0xac);
															 *((intOrPtr*)( *(_t743 - 0xac) + 0x80)) = 0;
															_t473 =  *(_t743 - 0xac) + 0xc0;
															 *((intOrPtr*)(_t473 + 4)) = _t473;
															 *_t473 = _t473;
															_t475 =  *(_t743 - 0xac) + 0x9c;
															 *((intOrPtr*)(_t475 + 4)) = _t475;
															 *_t475 = _t475;
															_t477 =  *(_t743 - 0xac) + 0xa4;
															 *((intOrPtr*)(_t477 + 4)) = _t477;
															 *_t477 = _t477;
															_t479 =  *(_t743 - 0xac) + 0x8c;
															 *((intOrPtr*)(_t479 + 4)) = _t479;
															 *_t479 = _t479;
															_t738 =  *(_t743 - 0xe8);
															if( *(_t743 - 0xbc) != 0 || (_t628 & 0x00000001) != 0) {
																L60:
																 *( *(_t743 - 0xac) + 0xc8) =  *(_t743 - 0xbc);
																 *( *(_t743 - 0xac) + 0x48) =  *( *(_t743 - 0xac) + 0x48) | 0x80000000;
																if(E0138138B( *(_t743 - 0xac),  *(_t743 - 0xac),  *(_t743 - 0xf0) + 0x238,  *(_t743 - 0xbc),  *(_t743 - 0xe4),  *(_t743 - 0xd0),  *(_t743 - 0xc4),  *(_t743 - 0xd0) -  *(_t743 - 0xec) +  *(_t743 - 0xc0)) == 0) {
																	L167:
																	_t713 =  *(_t743 - 0xb8);
																	goto L168;
																}
																if( *(_t743 - 0xb8) != 0) {
																	E0139FA60(_t738, 0, 0x80);
																}
																 *((intOrPtr*)(_t738 + 4)) = 0x80;
																_t632 = _t738 + 0x24;
																 *((intOrPtr*)(_t738 + 0x1c)) = _t632;
																 *(_t738 + 0x18) =  *(_t743 - 0xac) + 0xc0;
																 *((intOrPtr*)(_t738 + 0x20)) = _t632 + 0x10;
																E0137EB9A( *(_t743 - 0xac), _t738);
																 *((short*)( *(_t743 - 0xac) + 0x7c)) = 0;
																 *((intOrPtr*)( *(_t743 - 0xac) + 0x64)) =  *((intOrPtr*)(_t743 - 0xa4));
																 *((intOrPtr*)( *(_t743 - 0xac) + 0x68)) =  *((intOrPtr*)(_t743 - 0xa0));
																 *( *(_t743 - 0xac) + 0x6c) =  *(_t743 - 0x9c) >> 3;
																 *( *(_t743 - 0xac) + 0x70) =  *(_t743 - 0x98) >> 3;
																 *((intOrPtr*)( *(_t743 - 0xac) + 0x78)) =  *((intOrPtr*)(_t743 - 0x94));
																 *( *(_t743 - 0xac) + 0x5c) =  *((intOrPtr*)(_t743 - 0x90)) + 7 >> 3;
																 *( *(_t743 - 0xac) + 0xcc) =  *(_t743 - 0x84) ^  *0x1448a68;
																 *((intOrPtr*)( *(_t743 - 0xac) + 0x240)) = 4;
																 *((intOrPtr*)( *(_t743 - 0xac) + 0x244)) = 0xfe000;
																_t699 = 1;
																if(( *0x1448720 & 1) != 0) {
																	 *( *(_t743 - 0xac) + 0x48) = 1;
																}
																_t647 =  *(_t743 - 0xb0);
																_t505 =  *(_t743 - 0xac);
																if((_t647 & 0x00010000) != 0) {
																	 *((intOrPtr*)(_t505 + 0x94)) = 0x17;
																	 *((intOrPtr*)( *(_t743 - 0xac) + 0x98)) = 0xfffffff0;
																} else {
																	 *((intOrPtr*)(_t505 + 0x94)) = 0xf;
																	 *((intOrPtr*)( *(_t743 - 0xac) + 0x98)) = 0xfffffff8;
																}
																_t507 =  *(_t743 - 0xac);
																if(( *(_t507 + 0x40) & 0x00000020) != 0) {
																	 *((intOrPtr*)(_t507 + 0x94)) =  *((intOrPtr*)(_t507 + 0x94)) + 8;
																	_t507 =  *(_t743 - 0xac);
																}
																 *((intOrPtr*)(_t507 + 0xd4)) = 0;
																 *((short*)( *(_t743 - 0xac) + 0xd8)) = 0;
																 *((char*)( *(_t743 - 0xac) + 0xda)) = 0;
																 *((char*)( *(_t743 - 0xac) + 0xdb)) = 0;
																 *((intOrPtr*)( *(_t743 - 0xac) + 0xb8)) = 0;
																_t513 = _t647 & 0x00000003;
																_t648 = _t647 & 0xffffff00 | _t513 == 0x00000002;
																if(((_t513 & 0xffffff00 | ( *0x1448720 & _t699) == 0x00000000) & (_t647 & 0xffffff00 | _t513 == 0x00000002)) == 0) {
																	L69:
																	E01381249( *(_t743 - 0xac), 0, _t699, 0);
																	if( *((intOrPtr*)( *(_t743 - 0xac) + 0x7c)) == 0) {
																		goto L167;
																	}
																	if(E01377D50() != 0) {
																		_t520 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
																	} else {
																		_t520 = _t719;
																	}
																	if( *_t520 != 0) {
																		_t521 =  *[fs:0x30];
																		__eflags =  *(_t521 + 0x240) & 0x00000001;
																		if(( *(_t521 + 0x240) & 0x00000001) == 0) {
																			goto L73;
																		}
																		__eflags = E01377D50();
																		if(__eflags != 0) {
																			_t719 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
																			__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
																		}
																		_t740 =  *(_t743 - 0xb0);
																		E014114A0(0,  *(_t743 - 0xac),  *(_t743 - 0xb0), _t719, __eflags,  *(_t743 - 0xc0),  *(_t743 - 0xcc),  *_t719 & 0x000000ff);
																		goto L74;
																	} else {
																		L73:
																		_t740 =  *(_t743 - 0xb0);
																		L74:
																		_t522 = E01377D50();
																		_t720 = 0x7ffe038a;
																		if(_t522 != 0) {
																			_t525 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
																		} else {
																			_t525 = 0x7ffe038a;
																		}
																		if( *_t525 != 0) {
																			__eflags = E01377D50();
																			if(__eflags != 0) {
																				_t720 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
																				__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
																			}
																			E014114A0(0,  *(_t743 - 0xac), _t740, _t720, __eflags,  *(_t743 - 0xc0),  *(_t743 - 0xcc),  *_t720 & 0x000000ff);
																		}
																		if(E01377D50() != 0) {
																			_t532 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
																		} else {
																			_t532 = 0x7ffe0388;
																		}
																		if( *_t532 != 0) {
																			E0140FD52(0,  *(_t743 - 0xac),  *(_t743 - 0xc0), _t740);
																		}
																		 *( *(_t743 - 0xac) + 0x48) =  *( *(_t743 - 0xac) + 0x48) & 0x7fffffff;
																		 *((intOrPtr*)( *(_t743 - 0xac) + 0xd0)) = 0;
																		_t732 =  *(_t743 - 0xac);
																		 *(_t743 - 0xac) = 0;
																		goto L81;
																	}
																} else {
																	 *((intOrPtr*)( *(_t743 - 0xac) + 0xdc)) = E01374620(_t648,  *(_t743 - 0xac), 0x80000a, 0x100);
																	_t543 =  *((intOrPtr*)( *(_t743 - 0xac) + 0xdc));
																	if(_t543 == 0) {
																		goto L167;
																	}
																	_t699 = 1;
																	 *((char*)(_t543 - 1)) = 1;
																	_t246 = _t699 + 0x7f; // 0x80
																	 *((short*)( *(_t743 - 0xac) + 0xe0)) = _t246;
																	goto L69;
																}
															} else {
																if(L01381520(_t738, 0, 0x10000000) < 0) {
																	goto L138;
																}
																 *(_t743 - 0xbc) = _t738;
																_t738 = _t738 + 0x18;
																goto L60;
															}
														}
														asm("sbb edi, edi");
														_push(( ~_t718 & 0x0000003c) + 4);
														_push(0x1000);
														_push(_t743 - 0xcc);
														_push(0);
														_push(_t743 - 0xd0);
														_push(0xffffffff);
														if(E01399660() < 0) {
															goto L167;
														}
														_t550 = E01377D50();
														_t719 = 0x7ffe0380;
														if(_t550 != 0) {
															_t553 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
														} else {
															_t553 = 0x7ffe0380;
														}
														if( *_t553 != 0) {
															_t554 =  *[fs:0x30];
															__eflags =  *(_t554 + 0x240) & 0x00000001;
															if(( *(_t554 + 0x240) & 0x00000001) != 0) {
																E0141138A(0,  *(_t743 - 0xac),  *(_t743 - 0xd0),  *(_t743 - 0xcc), 1);
															}
														}
														 *(_t743 - 0xc4) =  *(_t743 - 0xc4) +  *(_t743 - 0xcc);
														_t690 =  *(_t743 - 0xac);
														goto L54;
													}
													_push(0);
													_push(0x1c);
													_push(_t743 - 0x110);
													_push(0);
													_push(_t713);
													_push(0xffffffff);
													_t557 = E01399730();
													__eflags = _t557;
													if(_t557 < 0) {
														goto L168;
													}
													_t558 =  *(_t743 - 0x110);
													 *(_t743 - 0xc4) = _t558;
													__eflags = _t558 - _t713;
													if(_t558 != _t713) {
														goto L168;
													}
													__eflags =  *((intOrPtr*)(_t743 - 0x100)) - 0x10000;
													if( *((intOrPtr*)(_t743 - 0x100)) == 0x10000) {
														goto L168;
													}
													 *(_t743 - 0xd0) = _t558;
													__eflags =  *((intOrPtr*)(_t743 - 0x100)) - 0x1000;
													if( *((intOrPtr*)(_t743 - 0x100)) != 0x1000) {
														_t659 =  *(_t743 - 0x104);
														 *(_t743 - 0xc0) = _t659;
														_t559 =  *(_t743 - 0xcc);
														__eflags = _t559 - _t659;
														if(_t559 > _t659) {
															_t559 = _t659;
															 *(_t743 - 0xcc) = _t559;
														}
														__eflags = _t559 - 0x1000;
														if(_t559 < 0x1000) {
															goto L168;
														} else {
															goto L108;
														}
													}
													_t735 =  *(_t743 - 0xb0);
													__eflags = _t735 & 0x00040000;
													if((_t735 & 0x00040000) != 0) {
														__eflags =  *(_t743 - 0xfc) & 0x00000040;
														if(( *(_t743 - 0xfc) & 0x00000040) == 0) {
															goto L168;
														}
													}
													E0139FA60(_t558, 0, 0x1000);
													_t746 = _t746 + 0xc;
													_push(0);
													_push(0x14);
													_push(_t743 - 0x124);
													_push(3);
													_push(_t713);
													_push(0xffffffff);
													_t562 = E01399730();
													__eflags = _t562;
													if(_t562 < 0) {
														goto L168;
													}
													 *(_t743 - 0xc0) =  *(_t743 - 0x118);
													_t564 =  *(_t743 - 0x104);
													 *(_t743 - 0xcc) = _t564;
													_t565 =  *(_t743 - 0xd0) + _t564;
													__eflags = _t565;
													 *(_t743 - 0xc4) = _t565;
													goto L97;
												}
												 *(_t743 - 0xdc) = 0;
												 *(_t743 - 0xd4) = 0;
												if( *(_t743 - 0x84) != _t713) {
													_t732 = 0;
													_t419 =  *(_t743 - 0xbc);
													goto L83;
												}
												 *(_t743 - 0xf0) = E01381164(_t619);
												_t570 = (E01381164(_t619) & 0x0000001f) << 0x10;
												 *(_t743 - 0xd4) = _t570;
												_t660 =  *(_t743 - 0xc0);
												_t571 = _t570 + _t660;
												 *(_t743 - 0xe0) = _t571;
												if(_t571 < _t660) {
													 *(_t743 - 0xe0) = _t660;
													 *(_t743 - 0xd4) = 0;
												}
												_t735 =  *(_t743 - 0xb0);
												_t718 = _t735 & 0x00040000;
												asm("sbb eax, eax");
												_push(( ~_t718 & 0x0000003c) + 4);
												_push(0x2000);
												_push(_t743 - 0xe0);
												_push(0);
												_push(_t743 - 0xdc);
												_push(0xffffffff);
												if(E01399660() < 0) {
													goto L167;
												} else {
													_t690 =  *(_t743 - 0xdc);
													 *(_t743 - 0xac) = _t690;
													 *(_t743 - 0xc0) =  *(_t743 - 0xe0);
													if( *(_t743 - 0xd4) != 0) {
														E0138174B(_t743 - 0xdc, _t743 - 0xd4, 0x8000);
														_t690 =  *(_t743 - 0xdc) +  *(_t743 - 0xd4);
														 *(_t743 - 0xac) = _t690;
														 *(_t743 - 0xc0) =  *(_t743 - 0xe0) -  *(_t743 - 0xd4);
													}
													_t445 = _t690;
													 *(_t743 - 0xd0) = _t445;
													_t621 = _t690;
													 *(_t743 - 0xc4) = _t621;
													goto L48;
												}
											}
											_t732 = 0;
											goto L82;
										}
										if(_t681 != 0) {
											_t442 = _t442 | 0x80000000;
											 *(_t743 - 0xb0) = _t442;
										}
										asm("sbb ecx, ecx");
										 *(_t743 - 0xbc) =  ~_t681 & _t681;
										asm("sbb ecx, ecx");
										_t619 = ( ~_t681 & 0xffffffe8) + 0x260;
										 *(_t743 - 0xc8) = ( ~_t681 & 0xffffffe8) + 0x260;
										goto L41;
									}
								}
							}
						}
						if( *0x1448748 >= 2) {
							__eflags = _t680 & 0xfff80c00;
							if((_t680 & 0xfff80c00) == 0) {
								goto L7;
							}
							_t593 =  *[fs:0x30];
							__eflags =  *(_t593 + 0xc);
							if( *(_t593 + 0xc) == 0) {
								_push("HEAP: ");
								E0135B150();
							} else {
								E0135B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push("!(CheckedFlags & ~HEAP_CREATE_VALID_MASK)");
							E0135B150();
							__eflags =  *0x1447bc8; // 0x0
							if(__eflags == 0) {
								_t674 = 2;
								E01412073(0, _t674, _t712, __eflags);
							}
							_t680 =  *(_t743 - 0xb0);
						}
						if((_t680 & 0xfff80c00) != 0) {
							 *(_t743 - 0xb0) = _t680 & 0x0007f3ff;
						}
						goto L7;
					}
					_t732 = _t712;
					_t602 = E014151E2(_t712);
					__eflags = _t602;
					if(_t602 == 0) {
						goto L138;
					}
					_t680 =  *(_t743 - 0xb0);
					goto L3;
				}
				if(( *0x1448724 & 0x00000001) != 0) {
					__eflags = _t680 & 0x00000002;
					if((_t680 & 0x00000002) == 0) {
						goto L3;
					}
					__eflags =  *(_t743 - 0xb8);
					if( *(_t743 - 0xb8) != 0) {
						goto L3;
					}
					__eflags = _t712;
					if(_t712 == 0) {
						L127:
						__eflags =  *(_t743 - 0xb4);
						if( *(_t743 - 0xb4) != 0) {
							goto L3;
						}
						goto L128;
					}
					_t603 = E014151C7(_t712);
					__eflags = _t603;
					if(_t603 == 0) {
						goto L3;
					}
					goto L127;
				}
				goto L3;
			}















































































                            0x013806c0
                            0x013806c5
                            0x013806ca
                            0x013806cf
                            0x013806d2
                            0x013806d8
                            0x013806db
                            0x013806e1
                            0x013806e4
                            0x013806ea
                            0x013806f0
                            0x013806f3
                            0x013806f9
                            0x013806fc
                            0x01380702
                            0x01380708
                            0x01380714
                            0x0138071c
                            0x01380722
                            0x0138072a
                            0x01380730
                            0x01380736
                            0x013c4eda
                            0x013c4ee0
                            0x00000000
                            0x00000000
                            0x013c4ee6
                            0x013c4eec
                            0x00000000
                            0x00000000
                            0x013c4ef8
                            0x013c4f00
                            0x013c4f06
                            0x013c4f08
                            0x013c4f0a
                            0x013c4f0c
                            0x01380f0b
                            0x01380f0b
                            0x01380f11
                            0x01380f11
                            0x01380f17
                            0x01380f19
                            0x01380f1b
                            0x013c5453
                            0x013c5455
                            0x013c545b
                            0x013c545c
                            0x013c545c
                            0x013c5455
                            0x01380f28
                            0x013c5466
                            0x013c5468
                            0x013c546e
                            0x013c5486
                            0x013c5486
                            0x013c5468
                            0x01380f30
                            0x01380f35
                            0x01380f35
                            0x013c4f12
                            0x013c4f15
                            0x013c5048
                            0x013c5048
                            0x00000000
                            0x013c5048
                            0x013c4f1b
                            0x013c4f1d
                            0x013c4f23
                            0x013c4f23
                            0x0138073c
                            0x0138073c
                            0x01380742
                            0x01380748
                            0x01380750
                            0x013c4f2e
                            0x013c4f31
                            0x00000000
                            0x00000000
                            0x013c4f37
                            0x013c4f3d
                            0x00000000
                            0x00000000
                            0x013c4f43
                            0x013c4f45
                            0x00000000
                            0x00000000
                            0x013c4f4b
                            0x013c4f51
                            0x00000000
                            0x00000000
                            0x013c4f57
                            0x013c4f5d
                            0x00000000
                            0x00000000
                            0x013c4f63
                            0x013c4f65
                            0x013c4fb7
                            0x013c4fb7
                            0x01380763
                            0x01380765
                            0x013c4fc2
                            0x013c4fc4
                            0x013c4fc8
                            0x013c4fcc
                            0x013c4fd7
                            0x013c4fda
                            0x013c4fde
                            0x013c4fe1
                            0x013c4fe1
                            0x013c4fe1
                            0x013c4fe1
                            0x013c4fe7
                            0x013c4fec
                            0x013c4ff2
                            0x013c4ff8
                            0x013c4ffa
                            0x013c4ffc
                            0x013c4ffc
                            0x013c4ffe
                            0x013c5000
                            0x013c5002
                            0x013c5002
                            0x013c5021
                            0x013c5023
                            0x013c5025
                            0x00000000
                            0x013c502b
                            0x013c5032
                            0x013c5037
                            0x013c503b
                            0x00000000
                            0x00000000
                            0x013c5043
                            0x00000000
                            0x013c5043
                            0x013c5025
                            0x01380771
                            0x0138078c
                            0x0138078e
                            0x01380798
                            0x0138079d
                            0x013807a2
                            0x01381064
                            0x01381067
                            0x01381069
                            0x0138106d
                            0x01381076
                            0x01381076
                            0x01381076
                            0x01381078
                            0x01381078
                            0x013807a8
                            0x013807ae
                            0x013807b7
                            0x013c50f1
                            0x013c50f4
                            0x013c50f4
                            0x013807c0
                            0x013c50ff
                            0x013c5102
                            0x013c5102
                            0x013807d1
                            0x013c510d
                            0x013c510f
                            0x013c510f
                            0x013807da
                            0x013c511a
                            0x013c511f
                            0x013c511f
                            0x013807e2
                            0x013c512a
                            0x013c512f
                            0x013c512f
                            0x013807e8
                            0x013807ef
                            0x013c513f
                            0x013c513f
                            0x013807f5
                            0x01380803
                            0x01380808
                            0x01380808
                            0x01380815
                            0x0138081a
                            0x0138081a
                            0x01380827
                            0x0138082f
                            0x0138082f
                            0x0138083c
                            0x01380844
                            0x01380844
                            0x0138084a
                            0x01380851
                            0x013c514a
                            0x013c5154
                            0x013c5155
                            0x013c515a
                            0x013c515b
                            0x013c515c
                            0x013c5161
                            0x013c5163
                            0x00000000
                            0x00000000
                            0x013c5169
                            0x013c516c
                            0x013c5171
                            0x00000000
                            0x01380857
                            0x01380857
                            0x0138085e
                            0x01380868
                            0x01380868
                            0x01380875
                            0x013c517b
                            0x013c5185
                            0x00000000
                            0x00000000
                            0x00000000
                            0x0138087b
                            0x0138087b
                            0x0138087b
                            0x01380885
                            0x01380885
                            0x0138088d
                            0x01380f3e
                            0x01380f3e
                            0x01380893
                            0x01380899
                            0x013808a1
                            0x0138108a
                            0x013808a7
                            0x013808a7
                            0x013808ad
                            0x013808ad
                            0x013808b3
                            0x013808b9
                            0x013808bd
                            0x013c5190
                            0x013c5192
                            0x013c5198
                            0x013c5198
                            0x013808c3
                            0x013808c5
                            0x013808cd
                            0x01380f49
                            0x01380f4f
                            0x013808e0
                            0x013808e0
                            0x013808ea
                            0x013808f4
                            0x013808fc
                            0x013c51a5
                            0x013c51ab
                            0x013c51ab
                            0x01380902
                            0x01380902
                            0x0138090a
                            0x00000000
                            0x01380918
                            0x0138091d
                            0x013c51b6
                            0x013c51bb
                            0x00000000
                            0x00000000
                            0x013c51c1
                            0x013c51d8
                            0x00000000
                            0x013c51d8
                            0x01380923
                            0x01380923
                            0x0138092d
                            0x01380935
                            0x01381055
                            0x01381057
                            0x01380966
                            0x01380966
                            0x0138096e
                            0x01380f56
                            0x01380f5d
                            0x013c51f2
                            0x013c51f8
                            0x013c51fa
                            0x013c523d
                            0x013c523d
                            0x013c5243
                            0x013c5245
                            0x00000000
                            0x013c5245
                            0x013c51fc
                            0x013c5202
                            0x013c5204
                            0x00000000
                            0x00000000
                            0x013c5206
                            0x013c5208
                            0x00000000
                            0x00000000
                            0x013c520a
                            0x013c520c
                            0x00000000
                            0x00000000
                            0x013c520e
                            0x013c5217
                            0x013c521d
                            0x013c522a
                            0x013c522f
                            0x013810bd
                            0x013810bd
                            0x01381018
                            0x01381018
                            0x0138101f
                            0x01381021
                            0x01381029
                            0x0138102f
                            0x01381035
                            0x01380a6a
                            0x01380a6c
                            0x01381095
                            0x01380ad5
                            0x01380ad5
                            0x01380adb
                            0x01380ae4
                            0x01380af7
                            0x013c52cc
                            0x013c52d2
                            0x013c52e8
                            0x013c52ee
                            0x013c52f4
                            0x013c5301
                            0x013c5307
                            0x013c5307
                            0x01380b06
                            0x01380b09
                            0x01380b1a
                            0x01380b23
                            0x01380b2d
                            0x01380b37
                            0x01380b4a
                            0x01380b53
                            0x01380b65
                            0x01380b73
                            0x01380b7e
                            0x01380b88
                            0x01380b95
                            0x013c531f
                            0x013c5328
                            0x013c532c
                            0x013c532c
                            0x01380b9b
                            0x01380ba8
                            0x01380bb9
                            0x01380bc3
                            0x01380bcf
                            0x01380bd4
                            0x01380bd7
                            0x01380bdf
                            0x01380be4
                            0x01380be7
                            0x01380bef
                            0x01380bf4
                            0x01380bf7
                            0x01380bff
                            0x01380c04
                            0x01380c07
                            0x01380c09
                            0x01380c16
                            0x01380c3a
                            0x01380c46
                            0x01380c52
                            0x01380c9b
                            0x013c5237
                            0x013c5237
                            0x00000000
                            0x013c5237
                            0x01380ca8
                            0x01381048
                            0x0138104d
                            0x01380cae
                            0x01380cb5
                            0x01380cb8
                            0x01380cc6
                            0x01380ccc
                            0x01380cd7
                            0x01380ce4
                            0x01380cf4
                            0x01380d03
                            0x01380d15
                            0x01380d27
                            0x01380d36
                            0x01380d4b
                            0x01380d60
                            0x01380d6c
                            0x01380d7c
                            0x01380d88
                            0x01380d8f
                            0x013c533d
                            0x013c533d
                            0x01380d95
                            0x01380d9b
                            0x01380da7
                            0x013c5345
                            0x013c5355
                            0x01380dad
                            0x01380dad
                            0x01380dbd
                            0x01380dbd
                            0x01380dc7
                            0x01380dd1
                            0x013c5364
                            0x013c536b
                            0x013c536b
                            0x01380dd7
                            0x01380de5
                            0x01380df2
                            0x01380dfe
                            0x01380e0a
                            0x01380e12
                            0x01380e16
                            0x01380e24
                            0x01380e71
                            0x01380e7b
                            0x01380e8a
                            0x00000000
                            0x00000000
                            0x01380e97
                            0x013c537f
                            0x01380e9d
                            0x01380e9d
                            0x01380e9d
                            0x01380ea2
                            0x013c5389
                            0x013c538f
                            0x013c5396
                            0x00000000
                            0x00000000
                            0x013c53a1
                            0x013c53a3
                            0x013c53ae
                            0x013c53ae
                            0x013c53ae
                            0x013c53c4
                            0x013c53d2
                            0x00000000
                            0x01380ea8
                            0x01380ea8
                            0x01380ea8
                            0x01380eae
                            0x01380eae
                            0x01380eb3
                            0x01380eba
                            0x013c53e5
                            0x01380ec0
                            0x01380ec0
                            0x01380ec0
                            0x01380ec5
                            0x013c53f4
                            0x013c53f6
                            0x013c5401
                            0x013c5401
                            0x013c5401
                            0x013c541f
                            0x013c541f
                            0x01380ed2
                            0x013c5432
                            0x01380ed8
                            0x01380ed8
                            0x01380ed8
                            0x01380ee0
                            0x013c5449
                            0x013c5449
                            0x01380eec
                            0x01380ef9
                            0x01380eff
                            0x01380f05
                            0x00000000
                            0x01380f05
                            0x01380e26
                            0x01380e41
                            0x01380e4d
                            0x01380e55
                            0x00000000
                            0x00000000
                            0x01380e5d
                            0x01380e5e
                            0x01380e67
                            0x01380e6a
                            0x00000000
                            0x01380e6a
                            0x01380c1d
                            0x01380c2b
                            0x00000000
                            0x00000000
                            0x01380c31
                            0x01380c37
                            0x00000000
                            0x01380c37
                            0x01380c16
                            0x01380a74
                            0x01380a7c
                            0x01380a7d
                            0x01380a88
                            0x01380a89
                            0x01380a90
                            0x01380a91
                            0x01380a9a
                            0x00000000
                            0x00000000
                            0x01380aa0
                            0x01380aa5
                            0x01380aac
                            0x013c5285
                            0x01380ab2
                            0x01380ab2
                            0x01380ab2
                            0x01380ab7
                            0x013c528f
                            0x013c5295
                            0x013c529c
                            0x013c52b6
                            0x013c52b6
                            0x013c529c
                            0x01380ac9
                            0x01380acf
                            0x00000000
                            0x01380acf
                            0x01380f63
                            0x01380f64
                            0x01380f6c
                            0x01380f6d
                            0x01380f6e
                            0x01380f6f
                            0x01380f71
                            0x01380f76
                            0x01380f78
                            0x00000000
                            0x00000000
                            0x01380f7e
                            0x01380f84
                            0x01380f8a
                            0x01380f8c
                            0x00000000
                            0x00000000
                            0x01380f92
                            0x01380f9c
                            0x00000000
                            0x00000000
                            0x01380fa4
                            0x01380faf
                            0x01380fb5
                            0x0138109f
                            0x013810a5
                            0x013810ab
                            0x013810b1
                            0x013810b3
                            0x013810c8
                            0x013810ca
                            0x013810ca
                            0x013810b5
                            0x013810b7
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x013810b7
                            0x01380fbb
                            0x01380fc1
                            0x01380fc7
                            0x013c5250
                            0x013c5257
                            0x00000000
                            0x00000000
                            0x013c5259
                            0x01380fd0
                            0x01380fd5
                            0x01380fd8
                            0x01380fd9
                            0x01380fe1
                            0x01380fe2
                            0x01380fe4
                            0x01380fe5
                            0x01380fe7
                            0x01380fec
                            0x01380fee
                            0x00000000
                            0x00000000
                            0x01380ffa
                            0x01381000
                            0x01381006
                            0x0138100c
                            0x0138100c
                            0x01381012
                            0x00000000
                            0x01381012
                            0x01380974
                            0x0138097a
                            0x01380986
                            0x013c525e
                            0x013c5260
                            0x00000000
                            0x013c5260
                            0x01380991
                            0x013809a1
                            0x013809a4
                            0x013809aa
                            0x013809b0
                            0x013809b2
                            0x013809ba
                            0x013c526b
                            0x013c5271
                            0x013c5271
                            0x013809c0
                            0x013809c8
                            0x013809d2
                            0x013809da
                            0x013809db
                            0x013809e6
                            0x013809e7
                            0x013809ee
                            0x013809ef
                            0x013809f8
                            0x00000000
                            0x013809fe
                            0x013809fe
                            0x01380a04
                            0x01380a10
                            0x01380a1d
                            0x01380a31
                            0x01380a3c
                            0x01380a42
                            0x01380a54
                            0x01380a54
                            0x01380a5a
                            0x01380a5c
                            0x01380a62
                            0x01380a64
                            0x00000000
                            0x01380a64
                            0x013809f8
                            0x0138105d
                            0x00000000
                            0x0138105d
                            0x0138093d
                            0x013c51e2
                            0x013c51e7
                            0x013c51e7
                            0x01380947
                            0x0138094b
                            0x01380955
                            0x0138095a
                            0x01380960
                            0x00000000
                            0x01380960
                            0x0138090a
                            0x01380875
                            0x01380851
                            0x0138077a
                            0x013c504f
                            0x013c5055
                            0x00000000
                            0x00000000
                            0x013c505b
                            0x013c5061
                            0x013c5064
                            0x013c5083
                            0x013c5088
                            0x013c5066
                            0x013c507b
                            0x013c5080
                            0x013c508e
                            0x013c5093
                            0x013c5099
                            0x013c509f
                            0x013c50a3
                            0x013c50a4
                            0x013c50a4
                            0x013c50a9
                            0x013c50a9
                            0x01380786
                            0x013c50ba
                            0x013c50ba
                            0x00000000
                            0x01380786
                            0x013c4f67
                            0x013c4f6b
                            0x013c4f70
                            0x013c4f72
                            0x00000000
                            0x00000000
                            0x013c4f78
                            0x00000000
                            0x013c4f78
                            0x0138075d
                            0x013c4f83
                            0x013c4f86
                            0x00000000
                            0x00000000
                            0x013c4f8c
                            0x013c4f92
                            0x00000000
                            0x00000000
                            0x013c4f98
                            0x013c4f9a
                            0x013c4fab
                            0x013c4fab
                            0x013c4fb1
                            0x00000000
                            0x00000000
                            0x00000000
                            0x013c4fb1
                            0x013c4f9e
                            0x013c4fa3
                            0x013c4fa5
                            0x00000000
                            0x00000000
                            0x00000000
                            0x013c4fa5
                            0x00000000

                            APIs
                            • RtlDebugPrintTimes.NTDLL ref: 013C4F00
                              • Part of subcall function 01399660: LdrInitializeThunk.NTDLL ref: 0139966A
                            Strings
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID: DebugInitializePrintThunkTimes
                            • String ID: !(CheckedFlags & ~HEAP_CREATE_VALID_MASK)$@$HEAP: $HEAP[%wZ]:
                            • API String ID: 3681346633-3570731704
                            • Opcode ID: 770a99dad8ec9ef4b5b237f3b910e1d42004f0b6706227ae14452e6d940e5f8a
                            • Instruction ID: ed046b6aa4c037130abac978c08a9a937b8feb50a52f07b56cf24bf3bc728c49
                            • Opcode Fuzzy Hash: 770a99dad8ec9ef4b5b237f3b910e1d42004f0b6706227ae14452e6d940e5f8a
                            • Instruction Fuzzy Hash: 26825B71A01329CFEB25DF28CC80BA9B7B5BF44718F0581E9E949A7291D730AE85CF51
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 013878A0 Relevance: 8.5, Strings: 6, Instructions: 989COMMON
                            Download Yara Rule
                            C-Code - Quality: 97%
                            			E013878A0(signed int __ecx, signed int __edx, signed int _a4, signed int _a8, intOrPtr _a12, signed int _a16, intOrPtr* _a20, intOrPtr _a24, signed int _a28, signed int _a32, signed int* _a36, signed int _a40, signed int _a44) {
				signed int _v8;
				signed int _v12;
				char _v20;
				intOrPtr _v28;
				signed int _v32;
				signed short _v34;
				signed short _v36;
				char _v48;
				char _v64;
				signed int _v68;
				signed int _v72;
				char _v73;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed short _v112;
				signed int _v116;
				intOrPtr _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				short _v148;
				signed int _v152;
				intOrPtr _v156;
				intOrPtr* _v160;
				signed int _v164;
				signed int _v168;
				signed short _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				intOrPtr _v204;
				intOrPtr _v208;
				signed int _v212;
				intOrPtr _v216;
				signed int* _v220;
				char* _v228;
				char _v232;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t462;
				signed int _t463;
				signed int* _t473;
				signed char* _t474;
				signed int _t475;
				signed char* _t476;
				signed int _t478;
				signed int _t480;
				intOrPtr _t484;
				signed int _t488;
				signed char* _t489;
				signed int _t490;
				signed char* _t491;
				signed int _t499;
				signed int _t501;
				signed int _t504;
				void* _t505;
				signed int _t506;
				signed int _t508;
				void* _t512;
				signed int _t514;
				signed int _t520;
				signed int _t524;
				signed int _t525;
				signed int _t530;
				signed int _t532;
				signed int _t533;
				signed int _t535;
				signed int _t537;
				signed int _t539;
				signed int _t541;
				signed int _t546;
				intOrPtr _t555;
				signed short _t557;
				signed int _t560;
				signed int _t562;
				signed int _t565;
				signed int _t567;
				signed int _t568;
				signed int _t571;
				signed int _t572;
				signed int _t573;
				signed int _t575;
				signed int _t577;
				signed int _t578;
				signed int _t580;
				signed int _t583;
				signed int _t587;
				signed int _t589;
				signed int _t591;
				signed int _t597;
				signed char _t601;
				signed int _t609;
				void* _t610;
				intOrPtr _t611;
				void* _t612;
				signed int _t613;
				signed int _t615;
				signed int _t616;
				signed int _t619;
				signed int _t620;
				signed int* _t621;
				signed int _t622;
				intOrPtr _t626;
				void* _t632;
				signed int _t634;
				signed int _t637;
				intOrPtr _t638;
				signed int _t641;
				signed int _t647;
				signed int _t649;
				signed int _t653;
				signed int _t667;
				signed int _t669;
				intOrPtr _t671;
				signed int _t672;
				signed int _t674;
				signed int _t689;
				signed int _t698;
				signed char _t702;
				intOrPtr _t708;
				void* _t712;
				signed int _t714;
				signed int _t716;
				signed int _t717;
				signed int _t719;
				void* _t720;
				signed int _t721;
				signed int _t723;
				signed int _t724;
				signed int _t725;
				intOrPtr* _t727;
				void* _t728;
				signed int _t729;
				signed int _t730;
				signed int _t731;
				signed int _t732;
				signed int _t733;
				signed int _t734;
				signed int _t743;
				void* _t744;
				signed int _t752;
				signed int _t775;
				void* _t783;

				_t699 = __edx;
				_push(0xfffffffe);
				_push(0x14300b0);
				_push(0x13a17f0);
				_push( *[fs:0x0]);
				_t462 =  *0x144d360;
				_v12 = _v12 ^ _t462;
				_t463 = _t462 ^ _t743;
				_v32 = _t463;
				_push(_t463);
				 *[fs:0x0] =  &_v20;
				_v28 = _t744 - 0xd4;
				_v140 = __edx;
				_v100 = __ecx;
				_t609 = _a8;
				_v92 = _t609;
				_t626 = _a12;
				_v156 = _t626;
				_v164 = _a16;
				_t727 = _a20;
				_v160 = _t727;
				_v176 = _a28;
				_v200 = _a32;
				_v220 = _a36;
				_v108 = _a44;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v148 = 0;
				_v128 = 0;
				_v72 = 0;
				_v112 = 0;
				_v184 = 0x560054;
				_v180 = L"LdrpResSearchResourceInsideDirectory Enter";
				_v232 = 0x540052;
				_v228 = L"LdrpResSearchResourceInsideDirectory Exit";
				_t473 =  *( *[fs:0x30] + 0x50);
				if(_t473 != 0) {
					__eflags =  *_t473;
					if( *_t473 == 0) {
						goto L1;
					}
					_t474 =  *( *[fs:0x30] + 0x50) + 0x22b;
					L2:
					if(( *_t474 & 0x00000001) != 0) {
						_t475 = E01377D50();
						__eflags = _t475;
						if(_t475 == 0) {
							_t476 = 0x7ffe0384;
						} else {
							_t476 =  *( *[fs:0x30] + 0x50) + 0x22a;
						}
						_t699 =  *_t476 & 0x000000ff;
						E013E6715( &_v184,  *_t476 & 0x000000ff);
						_t626 = _v156;
					}
					if(_t609 == 0 || _t626 == 0 || _t727 == 0) {
						L196:
						_t478 = 0xc000000d;
						goto L70;
					} else {
						_t611 = _a24;
						_t37 = _t611 - 1; // 0x1334f83
						_t480 = _t37;
						if(_t480 > 3) {
							goto L196;
						}
						_t699 = _a40;
						_v104 = _t699;
						_t752 = _t699 & 0x00008000;
						if(_t752 != 0) {
							_t480 = _v140;
							__eflags = _t480;
							if(_t480 == 0) {
								goto L196;
							}
							__eflags = _t480 - 0xffffffff;
							if(_t480 == 0xffffffff) {
								goto L196;
							}
							__eflags = _v164;
							if(_v164 != 0) {
								goto L8;
							}
							goto L196;
						}
						L8:
						_t714 = _t699 & 0x00001000;
						_v84 = _t714;
						_v144 = _t480 & 0xffffff00 | _t752 != 0x00000000;
						if((_t699 & 0x00008800) == 0x8800) {
							_t632 = 1;
						} else {
							_t632 = 0;
						}
						_v73 = _t632;
						if(_t714 == 0 || _a4 != 0) {
							if(_t632 != 0 || _v100 != 0) {
								if(_t632 == 1) {
									__eflags = _v140;
									if(_v140 == 0) {
										goto L196;
									}
								}
								_v208 = _t727;
								_t484 = _t611;
								_v120 = _t484;
								_t729 = _v92;
								_v88 = 0;
								_v96 = 0;
								_v136 = 0;
								if(_v108 != 0) {
									 *_v108 = 0;
									_t611 = _t484;
									_t699 = _v104;
								}
								_v8 = 0;
								_v172 = _v112;
								while(1) {
									L18:
									_t716 = _v84;
									if(_t729 == 0) {
										break;
									}
									_t708 = _v120 - 1;
									_v120 = _t708;
									_v216 = _t708;
									_t699 = _v104;
									if(_t484 == 0) {
										L59:
										_t484 = _v120;
										break;
									}
									_v128 =  *_v160;
									if(_v120 == 0) {
										__eflags = _t611 - 3;
										if(_t611 != 3) {
											goto L21;
										}
										_v136 = _t729;
										_t597 = _v176;
										__eflags = _t597;
										if(_t597 == 0) {
											_v68 = 0xc000000d;
											L64:
											_t717 = _v72;
											L65:
											__eflags = _t717;
											if(_t717 != 0) {
												L013777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t717);
												_v72 = 0;
											}
											_t488 =  *( *[fs:0x30] + 0x50);
											__eflags = _t488;
											if(_t488 != 0) {
												__eflags =  *_t488;
												if( *_t488 == 0) {
													goto L67;
												}
												_t489 =  *( *[fs:0x30] + 0x50) + 0x22b;
												goto L68;
											} else {
												L67:
												_t489 = 0x7ffe0385;
												L68:
												__eflags =  *_t489 & 0x00000001;
												if(( *_t489 & 0x00000001) != 0) {
													_t490 = E01377D50();
													__eflags = _t490;
													if(_t490 == 0) {
														_t491 = 0x7ffe0384;
													} else {
														_t491 =  *( *[fs:0x30] + 0x50) + 0x22a;
													}
													_t699 =  *_t491 & 0x000000ff;
													E013E6715( &_v232,  *_t491 & 0x000000ff);
												}
												_v8 = 0xfffffffe;
												_t478 = _v68;
												L70:
												 *[fs:0x0] = _v20;
												_pop(_t712);
												_pop(_t728);
												_pop(_t610);
												__eflags = _v32 ^ _t743;
												return E0139B640(_t478, _t610, _v32 ^ _t743, _t699, _t712, _t728);
											}
										}
										_v148 =  *_t597;
										_v172 = 0;
										_v112 = 0;
										_t601 =  !_t699;
										__eflags = _t601 & 0x00000004;
										if((_t601 & 0x00000004) != 0) {
											_v128 =  *(_v176 + 4) & 0x0000ffff;
										}
									}
									L21:
									if(_t632 != 0) {
										_t699 = _t729;
										_t478 = E013E94CA(_v140,  &_v48, 0x10);
										_v68 = _t478;
										__eflags = _t478;
										if(_t478 < 0) {
											L270:
											_v8 = 0xfffffffe;
											goto L70;
										}
										_t632 = _v73;
										__eflags = _t632;
										if(_t632 == 0) {
											goto L22;
										}
										L203:
										_t546 = _v36 & 0x0000ffff;
										L28:
										_v116 = _t546;
										_v132 = _t546;
										if(_t546 != 0) {
											__eflags = _t716;
											if(_t716 == 0) {
												goto L29;
											}
											_t699 = _t546 * 8 >> 0x20;
											_t589 = E0138F3D5( &_v196, _t546 * 8, _t546 * 8 >> 0x20);
											__eflags = _t589;
											if(_t589 < 0) {
												_v68 = 0xc000007b;
												goto L64;
											}
											_t725 = _v196;
											_t699 = _t725 + 0x10;
											_t591 = E01351C45(_t729, _t725 + 0x10,  &_v80);
											__eflags = _t591;
											if(_t591 < 0) {
												_v68 = 0xc000007b;
												goto L64;
											}
											__eflags = _t725 + 0x10 + _t729 - (_v100 & 0xfffffffc) + _a4;
											if(_t725 + 0x10 + _t729 > (_v100 & 0xfffffffc) + _a4) {
												_v68 = 0xc000007b;
												goto L64;
											}
											_t546 = _v116;
											_t632 = _v73;
										}
										L29:
										_t77 = _t729 + 0x10; // 0x10
										_t721 = _t77;
										_v188 = _t721;
										_v152 = _t721;
										if((_v128 & 0xffff0000) != 0) {
											L40:
											L41:
											if(_t546 == 0) {
												_v124 = 0;
												_t484 = _v120;
												L62:
												_t612 = _t611 - _t484;
												__eflags = _t612 - 1;
												if(_t612 != 1) {
													_t613 = _t612 - 2;
													__eflags = _t613;
													if(_t613 != 0) {
														__eflags = _t613 == 1;
														if(_t613 == 1) {
															_v68 = 0xc0000204;
														} else {
															_v68 = 0xc000000d;
														}
													} else {
														_v68 = 0xc000008b;
													}
												} else {
													_v68 = 0xc000008a;
												}
												goto L64;
											}
											if(_v73 != 0) {
												_t667 = _v72;
												__eflags = _t667;
												if(_t667 != 0) {
													L013777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t667);
													_v72 = 0;
													_t546 = _v132;
												}
												_t738 = _t546 * 8;
												_t717 = E01374620(_t667,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t546 * 8);
												_v72 = _t717;
												__eflags = _t717;
												if(_t717 != 0) {
													_t699 = _v152;
													_t478 = E013E94CA(_v140, _t717, _t738);
													_v68 = _t478;
													__eflags = _t478;
													if(_t478 < 0) {
														goto L270;
													}
													_v188 = _t717;
													_v152 = _t717;
													_v104 = _a40;
													_v172 = _v112;
													_v160 = _v208;
													_v120 = _v216;
													_v88 = _v96;
													_t546 = _v132;
													_v116 = _t546;
													_t669 = _v84;
													goto L43;
												} else {
													_v68 = 0xc0000017;
													goto L65;
												}
											}
											L43:
											_t699 = _v104;
											L44:
											while(1) {
												L44:
												if(_v136 != 0) {
													__eflags = _t699 & 0x00000020;
													if((_t699 & 0x00000020) == 0) {
														while(1) {
															L46:
															_t729 = 0;
															_v124 = 0;
															_t622 = _t717;
															_v152 = _t622;
															_t105 = _t546 - 1; // 0x0
															_t671 = _t717 + _t105 * 8;
															_v204 = _t671;
															_v132 = _t546;
															while(1) {
																L47:
																_t783 = _t622 - _t671;
																if(_t783 > 0) {
																	break;
																}
																_t723 = _t546 >> 1;
																if(_t783 != 0) {
																	_t567 = _t546 & 0x00000001;
																	__eflags = _t567;
																	_v180 = _t567;
																	_t568 = _t622 + _t723 * 8;
																	_v168 = _t568;
																	if(_t567 == 0) {
																		_t568 = _t568 + 0xfffffff8;
																		__eflags = _t568;
																		_v168 = _t568;
																	}
																	_t699 = _v140;
																	_t478 = E01388379(_v100, _v140, _a4, _v128, _v92, _t568, _v140,  &_v192);
																	_v68 = _t478;
																	__eflags = _t478;
																	if(_t478 < 0) {
																		goto L270;
																	} else {
																		__eflags = _v192;
																		if(__eflags == 0) {
																			_t571 =  *(_v168 + 4);
																			__eflags = _t571;
																			if(_t571 >= 0) {
																				_t729 = 0;
																				_v124 = 0;
																				__eflags = _v84;
																				if(_v84 == 0) {
																					_t572 = _t571 + _v92;
																					L137:
																					_v96 = _t572;
																					_v88 = _t572;
																					break;
																				}
																				__eflags = _v136;
																				if(_v136 != 0) {
																					_t699 = _t571;
																					_t573 = E01351C45(_v92, _t571,  &_v80);
																					__eflags = _t573;
																					if(_t573 >= 0) {
																						L136:
																						_t572 = _v80;
																						goto L137;
																					}
																					_v68 = 0xc000007b;
																					goto L64;
																				}
																				_v68 = 0xc000007b;
																				goto L64;
																			}
																			__eflags = _v84 - _t729;
																			if(_v84 == _t729) {
																				_t729 = (_t571 & 0x7fffffff) + _v92;
																				_v124 = _t729;
																				break;
																			}
																			__eflags = _v136 - _t729;
																			if(_v136 != _t729) {
																				_v68 = 0xc000007b;
																				goto L64;
																			}
																			_t699 = _t571 & 0x7fffffff;
																			_t575 = E01351C45(_v92, _t571 & 0x7fffffff,  &_v80);
																			__eflags = _t575;
																			if(_t575 >= 0) {
																				L75:
																				_t729 = _v80;
																				_v124 = _t729;
																				break;
																			}
																			_v68 = 0xc000007b;
																			goto L64;
																		}
																		if(__eflags < 0) {
																			_t671 = _v168 + 0xfffffff8;
																			_v204 = _t671;
																			__eflags = _v180;
																			if(_v180 == 0) {
																				_t546 = _t723 - 1;
																				_v132 = _t546;
																				_t699 = _v104;
																			} else {
																				_v132 = _t723;
																				_t546 = _t723;
																				_t699 = _v104;
																			}
																		} else {
																			_t622 = _v168 + 8;
																			_v152 = _t622;
																			_v132 = _t723;
																			_t671 = _v204;
																			_t546 = _t723;
																			_t699 = _v104;
																		}
																		continue;
																	}
																}
																if(_t546 == 0) {
																	break;
																}
																_t724 = _v92;
																_t699 = _v140;
																_t478 = E01388379(_v100, _v140, _a4, _v128, _t724, _t622, _v140,  &_v192);
																_v68 = _t478;
																if(_t478 < 0) {
																	goto L270;
																}
																if(_v192 == _t729) {
																	_t577 =  *(_t622 + 4);
																	__eflags = _t577;
																	if(_t577 >= 0) {
																		__eflags = _v84 - _t729;
																		if(_v84 == _t729) {
																			_t572 = _t577 + _t724;
																			goto L137;
																		}
																		__eflags = _v136 - _t729;
																		if(_v136 == _t729) {
																			_v68 = 0xc000007b;
																			goto L64;
																		}
																		_t699 = _t577;
																		_t578 = E01351C45(_t724, _t577,  &_v80);
																		__eflags = _t578;
																		if(_t578 < 0) {
																			_v68 = 0xc000007b;
																			goto L64;
																		}
																		goto L136;
																	}
																	__eflags = _v84 - _t729;
																	if(_v84 == _t729) {
																		_t729 = (_t577 & 0x7fffffff) + _t724;
																		_v124 = _t729;
																		break;
																	}
																	__eflags = _v136 - _t729;
																	if(_v136 != _t729) {
																		_v68 = 0xc000007b;
																		goto L64;
																	}
																	_t699 = _t577 & 0x7fffffff;
																	_t580 = E01351C45(_t724, _t577 & 0x7fffffff,  &_v80);
																	__eflags = _t580;
																	if(_t580 < 0) {
																		_v68 = 0xc000007b;
																		goto L64;
																	}
																	goto L75;
																}
																break;
															}
															_t699 = _v104;
															if(_v136 != 0) {
																__eflags = _v88;
																if(_v88 != 0) {
																	goto L53;
																}
																__eflags = _t699 & 0x00000004;
																if((_t699 & 0x00000004) != 0) {
																	L58:
																	_t716 = _v84;
																	_t611 = _a24;
																	goto L59;
																}
																_t557 = _v172 + 1;
																_v172 = _t557;
																_v112 = _t557;
																_t672 = _t557 & 0x0000ffff;
																__eflags = _t672 - _v148;
																_t560 = _v176;
																if(_t672 >= _v148) {
																	__eflags =  *((char*)(_t560 + 0x204));
																	if( *((char*)(_t560 + 0x204)) != 0) {
																		goto L53;
																	}
																	_t699 = _t699 | 0x00000020;
																	_v104 = _t699;
																	_a40 = _t699;
																	_t546 = _v116;
																	_t717 = _v188;
																	_t669 = _v84;
																	goto L44;
																}
																_v128 =  *(_t560 + 4 + _t672 * 8) & 0x0000ffff;
																_t546 = _v116;
																_t717 = _v188;
																L46:
																_t729 = 0;
																_v124 = 0;
																_t622 = _t717;
																_v152 = _t622;
																_t105 = _t546 - 1; // 0x0
																_t671 = _t717 + _t105 * 8;
																_v204 = _t671;
																_v132 = _t546;
																goto L47;
															}
															L53:
															_t555 = _v160 + 4;
															_v160 = _t555;
															_v208 = _t555;
															_t611 = _a24;
															_t632 = _v73;
															_t484 = _v120;
															goto L18;
														}
													}
													_t729 = 0;
													_v124 = 0;
													__eflags = _t669;
													if(_t669 == 0) {
														_t562 =  *(_t717 + 4) + _v92;
														_v88 = _t562;
														_v96 = _t562;
														goto L57;
													} else {
														_t699 =  *(_t717 + 4);
														_t565 = E01351C45(_v92,  *(_t717 + 4),  &_v80);
														__eflags = _t565;
														if(_t565 < 0) {
															_v68 = 0xc000007b;
															goto L64;
														}
														_t674 = _v80;
														_v88 = _t674;
														_v96 = _t674;
														_t699 = _v104;
														L57:
														_v128 =  *_t717;
														goto L58;
													}
													L101:
													__eflags = _t699;
													if(_t699 != 0) {
														L61:
														__eflags = _t729;
														if(_t729 != 0) {
															__eflags = _t699;
															if(_t699 == 0) {
																goto L62;
															}
															__eflags = _t716;
															if(_t716 == 0) {
																_t699 = _v100 & 0xfffffffc;
																_t615 = _a4;
																L173:
																_t634 = _v200;
																__eflags = _t634;
																if(_t634 == 0) {
																	L178:
																	_v68 = 0;
																	goto L64;
																}
																__eflags = _t716;
																if(_t716 == 0) {
																	L177:
																	 *_t634 = _t729;
																	goto L178;
																}
																__eflags = _t729 - _t699;
																if(_t729 < _t699) {
																	L204:
																	_v68 = 0xc000007b;
																	goto L64;
																}
																__eflags = _t729 - _t699 + _t615;
																if(_t729 > _t699 + _t615) {
																	_v68 = 0xc000007b;
																	goto L64;
																}
																goto L177;
															}
															_t699 = 0x18;
															_t499 = E01351C45(_t729, 0x18,  &_v80);
															__eflags = _t499;
															if(_t499 < 0) {
																_v124 = 0;
																_v68 = 0xc000007b;
																goto L64;
															}
															_t699 = _v100 & 0xfffffffc;
															_t615 = _a4;
															__eflags = _t729 + 0x18 - _t699 + _t615;
															if(_t729 + 0x18 > _t699 + _t615) {
																_v124 = 0;
																_v68 = 0xc000007b;
																goto L64;
															}
															goto L173;
														}
														goto L62;
													}
													_t616 = _v92;
													__eflags = _t716;
													if(_t716 == 0) {
														_t702 = _v100;
														L105:
														_t637 = _v108;
														__eflags = _t637;
														if(_t637 != 0) {
															 *_t637 = _v128;
														}
														_t719 = _t702 & 0xfffffffc;
														__eflags = _t702 & 0x00000001;
														if((_t702 & 0x00000001) != 0) {
															L145:
															_t638 = _v156;
															_t501 =  *(_t638 + 0x18) & 0x0000ffff;
															_t699 = 0x10b;
															__eflags = _t501 - 0x10b;
															if(_t501 != 0x10b) {
																_t699 = 0x20b;
																__eflags = _t501 - 0x20b;
																if(_t501 != 0x20b) {
																	L255:
																	_v96 = 0;
																	_v68 = 0xc0000089;
																	goto L64;
																}
																_t730 =  *(_t638 + 0x98);
																L147:
																__eflags = _t730;
																if(_t730 == 0) {
																	goto L255;
																}
																__eflags = _v84;
																if(_v84 == 0) {
																	L152:
																	_t619 = _t730 - _v92 + _t719;
																	_v108 = _t619;
																	_v212 = _t619;
																	_t699 = _a4;
																	_t731 = E013547A3(_t719, _a4, _t638, _v164, _t730, _v144);
																	__eflags = _t731;
																	if(_t731 == 0) {
																		_v96 = 0;
																		_v68 = 0xc000007b;
																		goto L64;
																	}
																	__eflags = _v73;
																	if(_v73 != 0) {
																		_t699 = _v88;
																		_t478 = E013E94CA(_v140,  &_v64, 0x10);
																		_v68 = _t478;
																		__eflags = _t478;
																		if(_t478 < 0) {
																			goto L270;
																		}
																		_t504 =  &_v64;
																		_v88 = _t504;
																		_v96 = _t504;
																		L155:
																		_t505 =  *_t504;
																		__eflags = _t505 -  *((intOrPtr*)(_t731 + 8));
																		if(_t505 <=  *((intOrPtr*)(_t731 + 8))) {
																			goto L111;
																		}
																		_v108 =  *((intOrPtr*)(_t731 + 0xc));
																		_t699 = _a4;
																		_t524 = E013547A3(_t719, _a4, _v156, _v164, _t505, _v144);
																		__eflags = _t524;
																		if(_t524 == 0) {
																			_v96 = 0;
																			_v68 = 0xc000007b;
																			goto L64;
																		}
																		_t733 =  *((intOrPtr*)(_t524 + 0xc));
																		_v180 = _t733;
																		_t525 = E013547A3(_t719, _a4, _v156, _v164, _t733, _v144);
																		_v144 = _t525;
																		_t653 = _v84;
																		__eflags = _t525;
																		if(_t525 == 0) {
																			_t734 = 0;
																			L163:
																			__eflags = _t653;
																			if(_t653 == 0) {
																				L167:
																				_t619 = _t619 +  *((intOrPtr*)(_t525 + 0xc)) - _t734 - _v108 + _v92;
																				goto L110;
																			}
																			_t699 = _v108;
																			_t530 = E0138865D(_t525,  *((intOrPtr*)(_t525 + 0xc)), _v108,  &_v80);
																			__eflags = _t530;
																			if(_t530 < 0) {
																				_v68 = 0xc000007b;
																				goto L64;
																			}
																			_t699 = _t734 - _v92;
																			_t532 = E0138865D( &_v80, _v80, _t734 - _v92,  &_v80);
																			__eflags = _t532;
																			if(_t532 < 0) {
																				_v68 = 0xc000007b;
																				goto L64;
																			}
																			_t525 = _v144;
																			goto L167;
																		}
																		__eflags = _t653;
																		if(_t653 == 0) {
																			L162:
																			_t734 =  *((intOrPtr*)(_t525 + 0x14)) -  *((intOrPtr*)(_t525 + 0xc)) + _v180 + _t719;
																			__eflags = _t734;
																			goto L163;
																		}
																		_t699 = _t733 -  *((intOrPtr*)(_t525 + 0xc));
																		_t533 = E01351C45(_t719, _t733 -  *((intOrPtr*)(_t525 + 0xc)),  &_v80);
																		__eflags = _t533;
																		if(_t533 < 0) {
																			_v68 = 0xc000007b;
																			goto L64;
																		}
																		_t699 =  *(_v144 + 0x14);
																		_t535 = E01351C45(_v80,  *(_v144 + 0x14),  &_v80);
																		__eflags = _t535;
																		if(_t535 < 0) {
																			_v68 = 0xc000007b;
																			goto L64;
																		}
																		_t525 = _v144;
																		_t653 = _v84;
																		goto L162;
																	}
																	_t504 = _v88;
																	goto L155;
																}
																_t699 = _t730;
																_t537 = E01351C45(_t719, _t730,  &_v80);
																__eflags = _t537;
																if(_t537 < 0) {
																	_v68 = 0xc000007b;
																	goto L64;
																}
																_t699 = _t616;
																_t539 = E0138865D( &_v80, _v80, _t616,  &_v80);
																__eflags = _t539;
																if(_t539 < 0) {
																	_v68 = 0xc000007b;
																	goto L64;
																}
																_t638 = _v156;
																goto L152;
															}
															_t730 =  *(_t638 + 0x88);
															goto L147;
														} else {
															__eflags = _v73;
															if(_v73 != 0) {
																goto L145;
															}
															_t619 = 0;
															__eflags = 0;
															L110:
															_v212 = _t619;
															_v108 = _t619;
															L111:
															_t699 = _v88;
															_t732 =  *(_t699 + 4);
															_t506 = _v84;
															__eflags = _t506;
															if(_t506 == 0) {
																_t620 = 0;
																L119:
																_t641 = _v200;
																__eflags = _t641;
																if(_t641 == 0) {
																	L126:
																	_t621 = _v220;
																	__eflags = _t621;
																	if(_t621 == 0) {
																		L132:
																		_v68 = 0;
																		goto L64;
																	}
																	__eflags = _v84;
																	if(_v84 == 0) {
																		L131:
																		 *_t621 = _t732;
																		goto L132;
																	}
																	__eflags = _t641;
																	if(_t641 == 0) {
																		goto L131;
																	}
																	_t720 =  *_t641;
																	_t699 = _t732;
																	_t508 = E01351C45(_t720, _t732,  &_v80);
																	__eflags = _t508;
																	if(_t508 < 0) {
																		_v68 = 0xc000007b;
																		goto L64;
																	}
																	__eflags = _t732 + _t720 - (_v100 & 0xfffffffc) + _a4;
																	if(_t732 + _t720 > (_v100 & 0xfffffffc) + _a4) {
																		_v68 = 0xc000007b;
																		goto L64;
																	}
																	goto L131;
																}
																__eflags = _t506;
																if(_t506 == 0) {
																	_t512 =  *_t699 - _v108 + _t719;
																	L125:
																	 *_t641 = _t512;
																	goto L126;
																}
																_t699 = _t620;
																_t514 = E01351C45(_t719, _t620,  &_v80);
																__eflags = _t514;
																if(_t514 < 0) {
																	_v68 = 0xc000007b;
																	goto L64;
																}
																_t647 = _v80;
																__eflags = _t647 - _t719;
																if(_t647 < _t719) {
																	goto L204;
																}
																__eflags = _t647 - (_t719 & 0xfffffffc) + _a4;
																if(_t647 > (_t719 & 0xfffffffc) + _a4) {
																	goto L204;
																}
																_t512 = _t620 + _t719;
																_t641 = _v200;
																goto L125;
															}
															_t699 = _t619;
															_t520 = E0138865D(_v88,  *_v88, _t619,  &_v80);
															__eflags = _t520;
															if(_t520 < 0) {
																_v68 = 0xc000007b;
																goto L64;
															}
															_t620 = _v80;
															__eflags = _t620 - _v92 - _v100;
															if(_t620 < _v92 - _v100) {
																L236:
																_v96 = 0;
																_v68 = 0xc000007b;
																goto L64;
															}
															_t649 = _a4;
															__eflags = _t620 - _t649;
															if(_t620 > _t649) {
																goto L236;
															}
															__eflags = _t732;
															if(_t732 == 0) {
																goto L236;
															}
															__eflags = _t732 - _t649;
															if(_t732 > _t649) {
																goto L236;
															}
															__eflags = _t732 + _t620 - _t649;
															if(_t732 + _t620 > _t649) {
																_v96 = 0;
																_v68 = 0xc000007b;
																goto L64;
															}
															_t506 = _v84;
															_t699 = _v88;
															goto L119;
														}
													}
													_t541 = _v88;
													__eflags = _t541 - _t616;
													if(_t541 <= _t616) {
														goto L236;
													}
													_t699 = _v100;
													__eflags = _t541 + 0x10 - (_v100 & 0xfffffffc) + _a4;
													if(_t541 + 0x10 > (_v100 & 0xfffffffc) + _a4) {
														goto L236;
													}
													goto L105;
												}
												goto L46;
											}
										}
										if(_t546 != 0) {
											__eflags = _v84;
											if(_v84 == 0) {
												L98:
												_t717 = _t721 + _t546 * 8;
												_v188 = _t717;
												_v152 = _t717;
												_t632 = _v73;
												goto L31;
											}
											_t699 = _t546;
											_t587 = E01351C45(_t721, _t546,  &_v80);
											__eflags = _t587;
											if(_t587 < 0) {
												_v68 = 0xc000007b;
												goto L64;
											}
											_t546 = _v116;
											goto L98;
										}
										L31:
										if(_t632 != 0) {
											_t546 = _v34 & 0x0000ffff;
										} else {
											_t546 =  *(_t729 + 0xe) & 0x0000ffff;
										}
										_v116 = _t546;
										_v132 = _t546;
										_t669 = _v84;
										if(_t669 == 0) {
											goto L41;
										} else {
											_t699 = _t546 * 8 >> 0x20;
											_t583 = _t546 * 8;
											_v184 = _t583;
											_v180 = _t699;
											_t775 = _t699;
											if(_t775 < 0 || _t775 <= 0 && _t583 <= 0xffffffff) {
												_v196 = _t583;
												_t689 = _t583 + _t717;
												if(_t689 < _t717) {
													L205:
													_v80 = 0xffffffff;
													_v68 = 0xc000007b;
													goto L64;
												}
												_v80 = _t689;
												if(_t689 > (_v100 & 0xfffffffc) + _a4) {
													_v68 = 0xc000007b;
													goto L64;
												}
												_t546 = _v116;
												goto L40;
											} else {
												_v196 = 0xffffffff;
												_v68 = 0xc000007b;
												goto L64;
											}
										}
									}
									L22:
									if(_t716 == 0) {
										L26:
										if(_t632 != 0) {
											goto L203;
										}
										_t546 =  *(_t729 + 0xc) & 0x0000ffff;
										goto L28;
									}
									_t69 = _t729 + 0x18; // 0x18
									_t698 = _t69;
									if(_t698 < _t729) {
										goto L205;
									}
									_v80 = _t698;
									if(_t698 > (_v100 & 0xfffffffc) + _a4) {
										goto L204;
									} else {
										_t632 = _v73;
										goto L26;
									}
								}
								_t699 = _t699 & 0x00000002;
								__eflags = _v88;
								if(_v88 != 0) {
									goto L101;
								}
								goto L61;
							} else {
								goto L196;
							}
						} else {
							goto L196;
						}
					}
				}
				L1:
				_t474 = 0x7ffe0385;
				goto L2;
			}
































































































































































                            0x013878a0
                            0x013878a5
                            0x013878a7
                            0x013878ac
                            0x013878b7
                            0x013878be
                            0x013878c3
                            0x013878c6
                            0x013878c8
                            0x013878ce
                            0x013878d2
                            0x013878d8
                            0x013878db
                            0x013878e1
                            0x013878e4
                            0x013878e7
                            0x013878ea
                            0x013878ed
                            0x013878f6
                            0x013878fc
                            0x013878ff
                            0x01387908
                            0x01387911
                            0x0138791a
                            0x01387923
                            0x0138792b
                            0x0138792c
                            0x0138792d
                            0x0138792e
                            0x01387931
                            0x01387938
                            0x0138793b
                            0x0138793e
                            0x01387942
                            0x0138794c
                            0x01387956
                            0x01387960
                            0x01387970
                            0x01387975
                            0x013c88bf
                            0x013c88c2
                            0x00000000
                            0x00000000
                            0x013c88d1
                            0x01387980
                            0x01387983
                            0x013c88db
                            0x013c88e0
                            0x013c88e2
                            0x013c88f4
                            0x013c88e4
                            0x013c88ed
                            0x013c88ed
                            0x013c88f9
                            0x013c8902
                            0x013c8907
                            0x013c8907
                            0x0138798b
                            0x013c892e
                            0x013c892e
                            0x00000000
                            0x013879a1
                            0x013879a1
                            0x013879a4
                            0x013879a4
                            0x013879aa
                            0x00000000
                            0x00000000
                            0x013879b0
                            0x013879b3
                            0x013879b6
                            0x013879bc
                            0x013c8912
                            0x013c8918
                            0x013c891a
                            0x00000000
                            0x00000000
                            0x013c891c
                            0x013c891f
                            0x00000000
                            0x00000000
                            0x013c8921
                            0x013c8928
                            0x00000000
                            0x00000000
                            0x00000000
                            0x013c8928
                            0x013879c2
                            0x013879c4
                            0x013879ca
                            0x013879d0
                            0x013879e2
                            0x013c8938
                            0x013879e8
                            0x013879e8
                            0x013879e8
                            0x013879ea
                            0x013879ef
                            0x013879fd
                            0x01387a0c
                            0x013c893f
                            0x013c8946
                            0x00000000
                            0x00000000
                            0x013c8948
                            0x01387a12
                            0x01387a18
                            0x01387a1a
                            0x01387a1d
                            0x01387a20
                            0x01387a27
                            0x01387a2e
                            0x01387a3c
                            0x01387a43
                            0x01387a46
                            0x01387a48
                            0x01387a48
                            0x01387a4b
                            0x01387a56
                            0x01387a5c
                            0x01387a5c
                            0x01387a5c
                            0x01387a61
                            0x00000000
                            0x00000000
                            0x01387a6a
                            0x01387a6b
                            0x01387a6e
                            0x01387a76
                            0x01387a79
                            0x01387c68
                            0x01387c68
                            0x00000000
                            0x01387c68
                            0x01387a87
                            0x01387a8e
                            0x01387e5b
                            0x01387e5e
                            0x00000000
                            0x00000000
                            0x01387e64
                            0x01387e6a
                            0x01387e70
                            0x01387e72
                            0x013c894d
                            0x01387c92
                            0x01387c92
                            0x01387c95
                            0x01387c95
                            0x01387c97
                            0x013c8d23
                            0x013c8d28
                            0x013c8d28
                            0x01387ca3
                            0x01387ca6
                            0x01387ca8
                            0x013c8d34
                            0x013c8d37
                            0x00000000
                            0x00000000
                            0x013c8d46
                            0x00000000
                            0x01387cae
                            0x01387cae
                            0x01387cae
                            0x01387cb3
                            0x01387cb3
                            0x01387cb6
                            0x013c8d50
                            0x013c8d55
                            0x013c8d57
                            0x013c8d69
                            0x013c8d59
                            0x013c8d62
                            0x013c8d62
                            0x013c8d6e
                            0x013c8d77
                            0x013c8d77
                            0x01387cbc
                            0x01387cc3
                            0x01387cc6
                            0x01387cc9
                            0x01387cd1
                            0x01387cd2
                            0x01387cd3
                            0x01387cd7
                            0x01387ce1
                            0x01387ce1
                            0x01387ca8
                            0x01387e7b
                            0x01387e84
                            0x01387e8a
                            0x01387e90
                            0x01387e92
                            0x01387e94
                            0x01387ea4
                            0x01387ea4
                            0x01387e94
                            0x01387a94
                            0x01387a96
                            0x013c895f
                            0x013c8967
                            0x013c896c
                            0x013c896f
                            0x013c8971
                            0x013c8da0
                            0x013c8da0
                            0x00000000
                            0x013c8da0
                            0x013c8977
                            0x013c897a
                            0x013c897c
                            0x00000000
                            0x00000000
                            0x013c8982
                            0x013c8982
                            0x01387ace
                            0x01387ace
                            0x01387ad1
                            0x01387ad6
                            0x01387dfa
                            0x01387dfc
                            0x00000000
                            0x00000000
                            0x01387e07
                            0x01387e11
                            0x01387e16
                            0x01387e18
                            0x013c89aa
                            0x00000000
                            0x013c89aa
                            0x01387e22
                            0x01387e28
                            0x01387e2d
                            0x01387e32
                            0x01387e34
                            0x013c89b6
                            0x00000000
                            0x013c89b6
                            0x01387e48
                            0x01387e4a
                            0x013c89c2
                            0x00000000
                            0x013c89c2
                            0x01387e50
                            0x01387e53
                            0x01387e53
                            0x01387adc
                            0x01387adc
                            0x01387adc
                            0x01387adf
                            0x01387ae5
                            0x01387af2
                            0x01387b63
                            0x01387b66
                            0x01387b68
                            0x0138828b
                            0x01388292
                            0x01387c80
                            0x01387c80
                            0x01387c82
                            0x01387c85
                            0x013880d1
                            0x013880d1
                            0x013880d4
                            0x013c8cfa
                            0x013c8cfd
                            0x013c8d0b
                            0x013c8cff
                            0x013c8cff
                            0x013c8cff
                            0x013880da
                            0x013880da
                            0x013880da
                            0x01387c8b
                            0x01387c8b
                            0x01387c8b
                            0x00000000
                            0x01387c85
                            0x01387b72
                            0x013c8a05
                            0x013c8a08
                            0x013c8a0a
                            0x013c8a18
                            0x013c8a1d
                            0x013c8a24
                            0x013c8a24
                            0x013c8a27
                            0x013c8a3f
                            0x013c8a41
                            0x013c8a44
                            0x013c8a46
                            0x013c8a56
                            0x013c8a62
                            0x013c8a67
                            0x013c8a6a
                            0x013c8a6c
                            0x00000000
                            0x00000000
                            0x013c8a72
                            0x013c8a78
                            0x013c8a81
                            0x013c8a88
                            0x013c8a94
                            0x013c8aa0
                            0x013c8aa6
                            0x013c8aa9
                            0x013c8aac
                            0x013c8aaf
                            0x00000000
                            0x013c8a48
                            0x013c8a48
                            0x00000000
                            0x013c8a48
                            0x013c8a46
                            0x01387b78
                            0x01387b78
                            0x00000000
                            0x01387b80
                            0x01387b80
                            0x01387b87
                            0x01387ee1
                            0x01387ee4
                            0x01387b90
                            0x01387b90
                            0x01387b90
                            0x01387b92
                            0x01387b95
                            0x01387b97
                            0x01387b9d
                            0x01387ba0
                            0x01387ba3
                            0x01387ba9
                            0x01387bb0
                            0x01387bb0
                            0x01387bb0
                            0x01387bb2
                            0x00000000
                            0x00000000
                            0x01387bb6
                            0x01387bb8
                            0x01387d29
                            0x01387d29
                            0x01387d2b
                            0x01387d31
                            0x01387d34
                            0x01387d3a
                            0x01387d3c
                            0x01387d3c
                            0x01387d3f
                            0x01387d3f
                            0x01387d57
                            0x01387d60
                            0x01387d65
                            0x01387d68
                            0x01387d6a
                            0x00000000
                            0x01387d70
                            0x01387d76
                            0x01387d78
                            0x01388091
                            0x01388094
                            0x01388096
                            0x013c8aee
                            0x013c8af0
                            0x013c8af3
                            0x013c8af6
                            0x013c8b31
                            0x01388080
                            0x01388080
                            0x01388083
                            0x00000000
                            0x01388083
                            0x013c8af8
                            0x013c8afe
                            0x013c8b10
                            0x013c8b15
                            0x013c8b1a
                            0x013c8b1c
                            0x0138807d
                            0x0138807d
                            0x00000000
                            0x0138807d
                            0x013c8b22
                            0x00000000
                            0x013c8b22
                            0x013c8b00
                            0x00000000
                            0x013c8b00
                            0x0138809c
                            0x0138809f
                            0x013c8ae3
                            0x013c8ae6
                            0x00000000
                            0x013c8ae6
                            0x013880a5
                            0x013880ab
                            0x013c8ac3
                            0x00000000
                            0x013c8ac3
                            0x013880ba
                            0x013880bf
                            0x013880c4
                            0x013880c6
                            0x01387d1e
                            0x01387d1e
                            0x01387d21
                            0x00000000
                            0x01387d21
                            0x013c8acf
                            0x00000000
                            0x013c8acf
                            0x01387d7e
                            0x0138830e
                            0x01388311
                            0x01388317
                            0x0138831e
                            0x0138832d
                            0x01388330
                            0x01388333
                            0x01388320
                            0x01388320
                            0x01388323
                            0x01388325
                            0x01388325
                            0x01387d84
                            0x01387d8a
                            0x01387d8d
                            0x01387d93
                            0x01387d96
                            0x01387d9c
                            0x01387d9e
                            0x01387d9e
                            0x00000000
                            0x01387d7e
                            0x01387d6a
                            0x01387bc0
                            0x00000000
                            0x00000000
                            0x01387bcb
                            0x01387bd5
                            0x01387bde
                            0x01387be3
                            0x01387be8
                            0x00000000
                            0x00000000
                            0x01387bf4
                            0x01387ce4
                            0x01387ce7
                            0x01387ce9
                            0x01388053
                            0x01388056
                            0x013c8b68
                            0x00000000
                            0x013c8b68
                            0x0138805c
                            0x01388062
                            0x013c8b50
                            0x00000000
                            0x013c8b50
                            0x0138806c
                            0x01388070
                            0x01388075
                            0x01388077
                            0x013c8b5c
                            0x00000000
                            0x013c8b5c
                            0x00000000
                            0x01388077
                            0x01387cef
                            0x01387cf2
                            0x01388343
                            0x01388345
                            0x00000000
                            0x01388345
                            0x01387cf8
                            0x01387cfe
                            0x013c8b38
                            0x00000000
                            0x013c8b38
                            0x01387d0d
                            0x01387d11
                            0x01387d16
                            0x01387d18
                            0x013c8b44
                            0x00000000
                            0x013c8b44
                            0x00000000
                            0x01387d18
                            0x00000000
                            0x01387bf4
                            0x01387bfa
                            0x01387c04
                            0x01387da6
                            0x01387daa
                            0x00000000
                            0x00000000
                            0x01387db0
                            0x01387db3
                            0x01387c62
                            0x01387c62
                            0x01387c65
                            0x00000000
                            0x01387c65
                            0x01387dbf
                            0x01387dc1
                            0x01387dc7
                            0x01387dcb
                            0x01387dd6
                            0x01387dd8
                            0x01387dde
                            0x013c8b6f
                            0x013c8b76
                            0x00000000
                            0x00000000
                            0x013c8b7c
                            0x013c8b7f
                            0x013c8b82
                            0x013c8b85
                            0x013c8b88
                            0x013c8b8e
                            0x00000000
                            0x013c8b8e
                            0x01387de9
                            0x01387dec
                            0x01387def
                            0x01387b90
                            0x01387b90
                            0x01387b92
                            0x01387b95
                            0x01387b97
                            0x01387b9d
                            0x01387ba0
                            0x01387ba3
                            0x01387ba9
                            0x00000000
                            0x01387ba9
                            0x01387c0a
                            0x01387c10
                            0x01387c13
                            0x01387c19
                            0x01387c1f
                            0x01387c22
                            0x01387c25
                            0x00000000
                            0x01387c25
                            0x01387b90
                            0x01387c2d
                            0x01387c2f
                            0x01387c32
                            0x01387c34
                            0x01388350
                            0x01388353
                            0x01388356
                            0x00000000
                            0x01387c3a
                            0x01387c3e
                            0x01387c44
                            0x01387c49
                            0x01387c4b
                            0x013c8ab7
                            0x00000000
                            0x013c8ab7
                            0x01387c51
                            0x01387c54
                            0x01387c57
                            0x01387c5a
                            0x01387c5d
                            0x01387c5f
                            0x00000000
                            0x01387c5f
                            0x01387eef
                            0x01387eef
                            0x01387ef1
                            0x01387c78
                            0x01387c78
                            0x01387c7a
                            0x0138829a
                            0x0138829c
                            0x00000000
                            0x00000000
                            0x013882a2
                            0x013882a4
                            0x013c8ce3
                            0x013c8ce6
                            0x013882d9
                            0x013882d9
                            0x013882df
                            0x013882e1
                            0x013882fc
                            0x013882fc
                            0x00000000
                            0x013882fc
                            0x013882e3
                            0x013882e5
                            0x013882fa
                            0x013882fa
                            0x00000000
                            0x013882fa
                            0x013882e7
                            0x013882e9
                            0x013c898b
                            0x013c898b
                            0x00000000
                            0x013c898b
                            0x013882f2
                            0x013882f4
                            0x013c8cee
                            0x00000000
                            0x013c8cee
                            0x00000000
                            0x013882f4
                            0x013882ae
                            0x013882b5
                            0x013882ba
                            0x013882bc
                            0x013c8cba
                            0x013c8cc1
                            0x00000000
                            0x013c8cc1
                            0x013882c5
                            0x013882c8
                            0x013882d1
                            0x013882d3
                            0x013c8ccd
                            0x013c8cd4
                            0x00000000
                            0x013c8cd4
                            0x00000000
                            0x013882d3
                            0x00000000
                            0x01387c7a
                            0x01387ef7
                            0x01387efa
                            0x01387efc
                            0x0138835e
                            0x01387f23
                            0x01387f23
                            0x01387f26
                            0x01387f28
                            0x01387f2d
                            0x01387f2d
                            0x01387f32
                            0x01387f35
                            0x01387f38
                            0x013880e6
                            0x013880e6
                            0x013880ec
                            0x013880f0
                            0x013880f5
                            0x013880f8
                            0x013c8ba9
                            0x013c8bae
                            0x013c8bb1
                            0x013c8ca7
                            0x013c8ca7
                            0x013c8cae
                            0x00000000
                            0x013c8cae
                            0x013c8bb7
                            0x01388104
                            0x01388104
                            0x01388106
                            0x00000000
                            0x00000000
                            0x0138810c
                            0x01388110
                            0x01388143
                            0x01388148
                            0x0138814a
                            0x0138814d
                            0x01388161
                            0x0138816b
                            0x0138816d
                            0x0138816f
                            0x013c8bda
                            0x013c8be1
                            0x00000000
                            0x013c8be1
                            0x01388175
                            0x01388179
                            0x013c8bf3
                            0x013c8bfc
                            0x013c8c01
                            0x013c8c04
                            0x013c8c06
                            0x00000000
                            0x00000000
                            0x013c8c0c
                            0x013c8c0f
                            0x013c8c12
                            0x01388182
                            0x01388182
                            0x01388184
                            0x01388187
                            0x00000000
                            0x00000000
                            0x01388190
                            0x013881a6
                            0x013881ab
                            0x013881b0
                            0x013881b2
                            0x013c8c1a
                            0x013c8c21
                            0x00000000
                            0x013c8c21
                            0x013881b8
                            0x013881bb
                            0x013881d9
                            0x013881de
                            0x013881e4
                            0x013881e7
                            0x013881e9
                            0x013c8c45
                            0x0138823f
                            0x0138823f
                            0x01388241
                            0x01388279
                            0x01388284
                            0x00000000
                            0x01388284
                            0x01388247
                            0x0138824d
                            0x01388252
                            0x01388254
                            0x013c8c4c
                            0x00000000
                            0x013c8c4c
                            0x01388260
                            0x01388266
                            0x0138826b
                            0x0138826d
                            0x013c8c58
                            0x00000000
                            0x013c8c58
                            0x01388273
                            0x00000000
                            0x01388273
                            0x013881ef
                            0x013881f1
                            0x01388231
                            0x0138823d
                            0x0138823d
                            0x00000000
                            0x0138823d
                            0x013881f9
                            0x013881fe
                            0x01388203
                            0x01388205
                            0x013c8c2d
                            0x00000000
                            0x013c8c2d
                            0x01388215
                            0x0138821b
                            0x01388220
                            0x01388222
                            0x013c8c39
                            0x00000000
                            0x013c8c39
                            0x01388228
                            0x0138822e
                            0x00000000
                            0x0138822e
                            0x0138817f
                            0x00000000
                            0x0138817f
                            0x01388116
                            0x0138811a
                            0x0138811f
                            0x01388121
                            0x013c8bc2
                            0x00000000
                            0x013c8bc2
                            0x0138812b
                            0x01388130
                            0x01388135
                            0x01388137
                            0x013c8bce
                            0x00000000
                            0x013c8bce
                            0x0138813d
                            0x00000000
                            0x0138813d
                            0x013880fe
                            0x00000000
                            0x01387f3e
                            0x01387f3e
                            0x01387f42
                            0x00000000
                            0x00000000
                            0x01387f48
                            0x01387f48
                            0x01387f4a
                            0x01387f4a
                            0x01387f50
                            0x01387f53
                            0x01387f53
                            0x01387f56
                            0x01387f59
                            0x01387f5c
                            0x01387f5e
                            0x01388366
                            0x01387fb9
                            0x01387fb9
                            0x01387fbf
                            0x01387fc1
                            0x01388006
                            0x01388006
                            0x0138800c
                            0x0138800e
                            0x01388047
                            0x01388047
                            0x00000000
                            0x01388047
                            0x01388010
                            0x01388014
                            0x01388045
                            0x01388045
                            0x00000000
                            0x01388045
                            0x01388016
                            0x01388018
                            0x00000000
                            0x00000000
                            0x0138801a
                            0x01388020
                            0x01388024
                            0x01388029
                            0x0138802b
                            0x013c8c8f
                            0x00000000
                            0x013c8c8f
                            0x0138803d
                            0x0138803f
                            0x013c8c9b
                            0x00000000
                            0x013c8c9b
                            0x00000000
                            0x0138803f
                            0x01387fc3
                            0x01387fc5
                            0x01388372
                            0x01388004
                            0x01388004
                            0x00000000
                            0x01388004
                            0x01387fcf
                            0x01387fd3
                            0x01387fd8
                            0x01387fda
                            0x013c8c83
                            0x00000000
                            0x013c8c83
                            0x01387fe0
                            0x01387fe3
                            0x01387fe5
                            0x00000000
                            0x00000000
                            0x01387ff3
                            0x01387ff5
                            0x00000000
                            0x00000000
                            0x01387ffb
                            0x01387ffe
                            0x00000000
                            0x01387ffe
                            0x01387f68
                            0x01387f6f
                            0x01387f74
                            0x01387f76
                            0x013c8c64
                            0x00000000
                            0x013c8c64
                            0x01387f7c
                            0x01387f85
                            0x01387f87
                            0x013c8b96
                            0x013c8b96
                            0x013c8b9d
                            0x00000000
                            0x013c8b9d
                            0x01387f8d
                            0x01387f90
                            0x01387f92
                            0x00000000
                            0x00000000
                            0x01387f98
                            0x01387f9a
                            0x00000000
                            0x00000000
                            0x01387fa0
                            0x01387fa2
                            0x00000000
                            0x00000000
                            0x01387fab
                            0x01387fad
                            0x013c8c70
                            0x013c8c77
                            0x00000000
                            0x013c8c77
                            0x01387fb3
                            0x01387fb6
                            0x00000000
                            0x01387fb6
                            0x01387f38
                            0x01387f02
                            0x01387f05
                            0x01387f07
                            0x00000000
                            0x00000000
                            0x01387f0d
                            0x01387f1b
                            0x01387f1d
                            0x00000000
                            0x00000000
                            0x00000000
                            0x01387f1d
                            0x00000000
                            0x01387b87
                            0x01387b80
                            0x01387af6
                            0x01387eac
                            0x01387eb0
                            0x01387eca
                            0x01387eca
                            0x01387ecd
                            0x01387ed3
                            0x01387ed9
                            0x00000000
                            0x01387ed9
                            0x01387eb6
                            0x01387eba
                            0x01387ebf
                            0x01387ec1
                            0x013c89ce
                            0x00000000
                            0x013c89ce
                            0x01387ec7
                            0x00000000
                            0x01387ec7
                            0x01387afc
                            0x01387afe
                            0x013c89da
                            0x01387b04
                            0x01387b04
                            0x01387b04
                            0x01387b08
                            0x01387b0b
                            0x01387b0e
                            0x01387b13
                            0x00000000
                            0x01387b15
                            0x01387b1a
                            0x01387b1a
                            0x01387b1c
                            0x01387b22
                            0x01387b28
                            0x01387b2a
                            0x01387b3b
                            0x01387b41
                            0x01387b46
                            0x013c8997
                            0x013c8997
                            0x013c899e
                            0x00000000
                            0x013c899e
                            0x01387b4c
                            0x01387b5a
                            0x013c89e3
                            0x00000000
                            0x013c89e3
                            0x01387b60
                            0x00000000
                            0x013c89ef
                            0x013c89ef
                            0x013c89f9
                            0x00000000
                            0x013c89f9
                            0x01387b2a
                            0x01387b13
                            0x01387a9c
                            0x01387a9e
                            0x01387ac2
                            0x01387ac4
                            0x00000000
                            0x00000000
                            0x01387aca
                            0x00000000
                            0x01387aca
                            0x01387aa0
                            0x01387aa0
                            0x01387aa5
                            0x00000000
                            0x00000000
                            0x01387aab
                            0x01387ab9
                            0x00000000
                            0x01387abf
                            0x01387abf
                            0x00000000
                            0x01387abf
                            0x01387ab9
                            0x01387c6b
                            0x01387c6e
                            0x01387c72
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x013879ef
                            0x0138798b
                            0x0138797b
                            0x0138797b
                            0x00000000

                            Strings
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID: LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$MUI$R$T${
                            • API String ID: 0-2515562510
                            • Opcode ID: b966b75f4a8095752a543edbb60ebf175b29af3ff3a8f6ff3542bd5e9f50c55b
                            • Instruction ID: c566a06edc253cdb9a44bad9dd40a10f12a643912e994a758a08cc49c2003a44
                            • Opcode Fuzzy Hash: b966b75f4a8095752a543edbb60ebf175b29af3ff3a8f6ff3542bd5e9f50c55b
                            • Instruction Fuzzy Hash: 42923771E04319CFDF65DF98C880BADBBB6BF44708F248299D959AB241D774AE81CB40
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0137A309 Relevance: 8.2, Strings: 6, Instructions: 687COMMONCrypto
                            Download Yara Rule
                            C-Code - Quality: 72%
                            			E0137A309(signed int __ecx, signed int __edx, signed int _a4, char _a8) {
				char _v8;
				signed short _v12;
				signed short _v16;
				signed int _v20;
				signed int _v24;
				signed short _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				unsigned int _v52;
				signed int _v56;
				void* _v60;
				intOrPtr _v64;
				void* _v72;
				void* __ebx;
				void* __edi;
				void* __ebp;
				unsigned int _t246;
				signed char _t247;
				signed short _t249;
				unsigned int _t256;
				signed int _t262;
				signed int _t265;
				signed int _t266;
				signed int _t267;
				intOrPtr _t270;
				signed int _t280;
				signed int _t286;
				signed int _t289;
				intOrPtr _t290;
				signed int _t291;
				signed int _t317;
				signed short _t320;
				intOrPtr _t327;
				signed int _t339;
				signed int _t344;
				signed int _t347;
				intOrPtr _t348;
				signed int _t350;
				signed int _t352;
				signed int _t353;
				signed int _t356;
				intOrPtr _t357;
				intOrPtr _t366;
				signed int _t367;
				signed int _t370;
				intOrPtr _t371;
				signed int _t372;
				signed int _t394;
				signed short _t402;
				intOrPtr _t404;
				intOrPtr _t415;
				signed int _t430;
				signed int _t433;
				signed int _t437;
				signed int _t445;
				signed short _t446;
				signed short _t449;
				signed short _t452;
				signed int _t455;
				signed int _t460;
				signed short* _t468;
				signed int _t480;
				signed int _t481;
				signed int _t483;
				intOrPtr _t484;
				signed int _t491;
				unsigned int _t506;
				unsigned int _t508;
				signed int _t513;
				signed int _t514;
				signed int _t521;
				signed short* _t533;
				signed int _t541;
				signed int _t543;
				signed int _t546;
				unsigned int _t551;
				signed int _t553;

				_t450 = __ecx;
				_t553 = __ecx;
				_t539 = __edx;
				_v28 = 0;
				_v40 = 0;
				if(( *(__ecx + 0xcc) ^  *0x1448a68) != 0) {
					_push(_a4);
					_t513 = __edx;
					L11:
					_t246 = E0137A830(_t450, _t513);
					L7:
					return _t246;
				}
				if(_a8 != 0) {
					__eflags =  *(__edx + 2) & 0x00000008;
					if(( *(__edx + 2) & 0x00000008) != 0) {
						 *((intOrPtr*)(__ecx + 0x230)) =  *((intOrPtr*)(__ecx + 0x230)) - 1;
						_t430 = E0137DF24(__edx,  &_v12,  &_v16);
						__eflags = _t430;
						if(_t430 != 0) {
							_t157 = _t553 + 0x234;
							 *_t157 =  *(_t553 + 0x234) - _v16;
							__eflags =  *_t157;
						}
					}
					_t445 = _a4;
					_t514 = _t539;
					_v48 = _t539;
					L14:
					_t247 =  *((intOrPtr*)(_t539 + 6));
					__eflags = _t247;
					if(_t247 == 0) {
						_t541 = _t553;
					} else {
						_t541 = (_t539 & 0xffff0000) - ((_t247 & 0x000000ff) << 0x10) + 0x10000;
						__eflags = _t541;
					}
					_t249 = 7 + _t445 * 8 + _t514;
					_v12 = _t249;
					__eflags =  *_t249 - 3;
					if( *_t249 == 3) {
						_v16 = _t514 + _t445 * 8 + 8;
						E01359373(_t553, _t514 + _t445 * 8 + 8);
						_t452 = _v16;
						_v28 =  *(_t452 + 0x10);
						 *((intOrPtr*)(_t541 + 0x30)) =  *((intOrPtr*)(_t541 + 0x30)) - 1;
						_v36 =  *(_t452 + 0x14);
						 *((intOrPtr*)(_t541 + 0x2c)) =  *((intOrPtr*)(_t541 + 0x2c)) - ( *(_t452 + 0x14) >> 0xc);
						 *((intOrPtr*)(_t553 + 0x1e8)) =  *((intOrPtr*)(_t553 + 0x1e8)) +  *(_t452 + 0x14);
						 *((intOrPtr*)(_t553 + 0x1f8)) =  *((intOrPtr*)(_t553 + 0x1f8)) - 1;
						_t256 =  *(_t452 + 0x14);
						__eflags = _t256 - 0x7f000;
						if(_t256 >= 0x7f000) {
							_t142 = _t553 + 0x1ec;
							 *_t142 =  *(_t553 + 0x1ec) - _t256;
							__eflags =  *_t142;
							_t256 =  *(_t452 + 0x14);
						}
						_t513 = _v48;
						_t445 = _t445 + (_t256 >> 3) + 0x20;
						_a4 = _t445;
						_v40 = 1;
					} else {
						_t27 =  &_v36;
						 *_t27 = _v36 & 0x00000000;
						__eflags =  *_t27;
					}
					__eflags =  *((intOrPtr*)(_t553 + 0x54)) -  *((intOrPtr*)(_t513 + 4));
					if( *((intOrPtr*)(_t553 + 0x54)) ==  *((intOrPtr*)(_t513 + 4))) {
						_v44 = _t513;
						_t262 = E0135A9EF(_t541, _t513);
						__eflags = _a8;
						_v32 = _t262;
						if(_a8 != 0) {
							__eflags = _t262;
							if(_t262 == 0) {
								goto L19;
							}
						}
						__eflags =  *0x1448748 - 1;
						if( *0x1448748 >= 1) {
							__eflags = _t262;
							if(_t262 == 0) {
								_t415 =  *[fs:0x30];
								__eflags =  *(_t415 + 0xc);
								if( *(_t415 + 0xc) == 0) {
									_push("HEAP: ");
									E0135B150();
								} else {
									E0135B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push("(UCRBlock != NULL)");
								E0135B150();
								__eflags =  *0x1447bc8;
								if( *0x1447bc8 == 0) {
									__eflags = 1;
									E01412073(_t445, 1, _t541, 1);
								}
								_t513 = _v48;
								_t445 = _a4;
							}
						}
						_t350 = _v40;
						_t480 = _t445 << 3;
						_v20 = _t480;
						_t481 = _t480 + _t513;
						_v24 = _t481;
						__eflags = _t350;
						if(_t350 == 0) {
							_t481 = _t481 + 0xfffffff0;
							__eflags = _t481;
						}
						_t483 = (_t481 & 0xfffff000) - _v44;
						__eflags = _t483;
						_v52 = _t483;
						if(_t483 == 0) {
							__eflags =  *0x1448748 - 1;
							if( *0x1448748 < 1) {
								goto L9;
							}
							__eflags = _t350;
							goto L146;
						} else {
							_t352 = E0138174B( &_v44,  &_v52, 0x4000);
							__eflags = _t352;
							if(_t352 < 0) {
								goto L94;
							}
							_t353 = E01377D50();
							_t447 = 0x7ffe0380;
							__eflags = _t353;
							if(_t353 != 0) {
								_t356 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							} else {
								_t356 = 0x7ffe0380;
							}
							__eflags =  *_t356;
							if( *_t356 != 0) {
								_t357 =  *[fs:0x30];
								__eflags =  *(_t357 + 0x240) & 0x00000001;
								if(( *(_t357 + 0x240) & 0x00000001) != 0) {
									E014114FB(_t447, _t553, _v44, _v52, 5);
								}
							}
							_t358 = _v32;
							 *((intOrPtr*)(_t553 + 0x200)) =  *((intOrPtr*)(_t553 + 0x200)) + 1;
							_t484 =  *((intOrPtr*)(_v32 + 0x14));
							__eflags = _t484 - 0x7f000;
							if(_t484 >= 0x7f000) {
								_t90 = _t553 + 0x1ec;
								 *_t90 =  *(_t553 + 0x1ec) - _t484;
								__eflags =  *_t90;
							}
							E01359373(_t553, _t358);
							_t486 = _v32;
							 *((intOrPtr*)(_v32 + 0x14)) =  *((intOrPtr*)(_v32 + 0x14)) + _v52;
							E01359819(_t486);
							 *((intOrPtr*)(_t541 + 0x2c)) =  *((intOrPtr*)(_t541 + 0x2c)) + (_v52 >> 0xc);
							 *((intOrPtr*)(_t553 + 0x1e8)) =  *((intOrPtr*)(_t553 + 0x1e8)) - _v52;
							_t366 =  *((intOrPtr*)(_v32 + 0x14));
							__eflags = _t366 - 0x7f000;
							if(_t366 >= 0x7f000) {
								_t104 = _t553 + 0x1ec;
								 *_t104 =  *(_t553 + 0x1ec) + _t366;
								__eflags =  *_t104;
							}
							__eflags = _v40;
							if(_v40 == 0) {
								_t533 = _v52 + _v44;
								_v32 = _t533;
								_t533[2] =  *((intOrPtr*)(_t553 + 0x54));
								__eflags = _v24 - _v52 + _v44;
								if(_v24 == _v52 + _v44) {
									__eflags =  *(_t553 + 0x4c);
									if( *(_t553 + 0x4c) != 0) {
										_t533[1] = _t533[1] ^ _t533[0] ^  *_t533;
										 *_t533 =  *_t533 ^  *(_t553 + 0x50);
									}
								} else {
									_t449 = 0;
									_t533[3] = 0;
									_t533[1] = 0;
									_t394 = _v20 - _v52 >> 0x00000003 & 0x0000ffff;
									_t491 = _t394;
									 *_t533 = _t394;
									__eflags =  *0x1448748 - 1; // 0x0
									if(__eflags >= 0) {
										__eflags = _t491 - 1;
										if(_t491 <= 1) {
											_t404 =  *[fs:0x30];
											__eflags =  *(_t404 + 0xc);
											if( *(_t404 + 0xc) == 0) {
												_push("HEAP: ");
												E0135B150();
											} else {
												E0135B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
											}
											_push("((LONG)FreeEntry->Size > 1)");
											E0135B150();
											_pop(_t491);
											__eflags =  *0x1447bc8 - _t449; // 0x0
											if(__eflags == 0) {
												__eflags = 0;
												_t491 = 1;
												E01412073(_t449, 1, _t541, 0);
											}
											_t533 = _v32;
										}
									}
									_t533[1] = _t449;
									__eflags =  *((intOrPtr*)(_t541 + 0x18)) - _t541;
									if( *((intOrPtr*)(_t541 + 0x18)) != _t541) {
										_t402 = (_t533 - _t541 >> 0x10) + 1;
										_v16 = _t402;
										__eflags = _t402 - 0xfe;
										if(_t402 >= 0xfe) {
											_push(_t491);
											_push(_t449);
											E0141A80D( *((intOrPtr*)(_t541 + 0x18)), 3, _t533, _t541);
											_t533 = _v48;
											_t402 = _v32;
										}
										_t449 = _t402;
									}
									_t533[3] = _t449;
									E0137A830(_t553, _t533,  *_t533 & 0x0000ffff);
									_t447 = 0x7ffe0380;
								}
							}
							_t367 = E01377D50();
							__eflags = _t367;
							if(_t367 != 0) {
								_t370 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							} else {
								_t370 = _t447;
							}
							__eflags =  *_t370;
							if( *_t370 != 0) {
								_t371 =  *[fs:0x30];
								__eflags =  *(_t371 + 0x240) & 1;
								if(( *(_t371 + 0x240) & 1) != 0) {
									__eflags = E01377D50();
									if(__eflags != 0) {
										_t447 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
										__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
									}
									E01411411(_t447, _t553, _v44, __eflags, _v52,  *(_t553 + 0x74) << 3, _v40, _v36,  *_t447 & 0x000000ff);
								}
							}
							_t372 = E01377D50();
							_t546 = 0x7ffe038a;
							_t446 = 0x230;
							__eflags = _t372;
							if(_t372 != 0) {
								_t246 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
							} else {
								_t246 = 0x7ffe038a;
							}
							__eflags =  *_t246;
							if( *_t246 == 0) {
								goto L7;
							} else {
								__eflags = E01377D50();
								if(__eflags != 0) {
									_t546 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + _t446;
									__eflags = _t546;
								}
								_push( *_t546 & 0x000000ff);
								_push(_v36);
								_push(_v40);
								goto L120;
							}
						}
					} else {
						L19:
						_t31 = _t513 + 0x101f; // 0x101f
						_t455 = _t31 & 0xfffff000;
						_t32 = _t513 + 0x28; // 0x28
						_v44 = _t455;
						__eflags = _t455 - _t32;
						if(_t455 == _t32) {
							_t455 = _t455 + 0x1000;
							_v44 = _t455;
						}
						_t265 = _t445 << 3;
						_v24 = _t265;
						_t266 = _t265 + _t513;
						__eflags = _v40;
						_v20 = _t266;
						if(_v40 == 0) {
							_t266 = _t266 + 0xfffffff0;
							__eflags = _t266;
						}
						_t267 = _t266 & 0xfffff000;
						_v52 = _t267;
						__eflags = _t267 - _t455;
						if(_t267 < _t455) {
							__eflags =  *0x1448748 - 1; // 0x0
							if(__eflags < 0) {
								L9:
								_t450 = _t553;
								L10:
								_push(_t445);
								goto L11;
							}
							__eflags = _v40;
							L146:
							if(__eflags == 0) {
								goto L9;
							}
							_t270 =  *[fs:0x30];
							__eflags =  *(_t270 + 0xc);
							if( *(_t270 + 0xc) == 0) {
								_push("HEAP: ");
								E0135B150();
							} else {
								E0135B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push("(!TrailingUCR)");
							E0135B150();
							__eflags =  *0x1447bc8;
							if( *0x1447bc8 == 0) {
								__eflags = 0;
								E01412073(_t445, 1, _t541, 0);
							}
							L152:
							_t445 = _a4;
							L153:
							_t513 = _v48;
							goto L9;
						}
						_v32 = _t267;
						_t280 = _t267 - _t455;
						_v32 = _v32 - _t455;
						__eflags = _a8;
						_t460 = _v32;
						_v52 = _t460;
						if(_a8 != 0) {
							L27:
							__eflags = _t280;
							if(_t280 == 0) {
								L33:
								_t446 = 0;
								__eflags = _v40;
								if(_v40 == 0) {
									_t468 = _v44 + _v52;
									_v36 = _t468;
									_t468[2] =  *((intOrPtr*)(_t553 + 0x54));
									__eflags = _v20 - _v52 + _v44;
									if(_v20 == _v52 + _v44) {
										__eflags =  *(_t553 + 0x4c);
										if( *(_t553 + 0x4c) != 0) {
											_t468[1] = _t468[1] ^ _t468[0] ^  *_t468;
											 *_t468 =  *_t468 ^  *(_t553 + 0x50);
										}
									} else {
										_t468[3] = 0;
										_t468[1] = 0;
										_t317 = _v24 - _v52 - _v44 + _t513 >> 0x00000003 & 0x0000ffff;
										_t521 = _t317;
										 *_t468 = _t317;
										__eflags =  *0x1448748 - 1; // 0x0
										if(__eflags >= 0) {
											__eflags = _t521 - 1;
											if(_t521 <= 1) {
												_t327 =  *[fs:0x30];
												__eflags =  *(_t327 + 0xc);
												if( *(_t327 + 0xc) == 0) {
													_push("HEAP: ");
													E0135B150();
												} else {
													E0135B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
												}
												_push("(LONG)FreeEntry->Size > 1");
												E0135B150();
												__eflags =  *0x1447bc8 - _t446; // 0x0
												if(__eflags == 0) {
													__eflags = 1;
													E01412073(_t446, 1, _t541, 1);
												}
												_t468 = _v36;
											}
										}
										_t468[1] = _t446;
										_t522 =  *((intOrPtr*)(_t541 + 0x18));
										__eflags =  *((intOrPtr*)(_t541 + 0x18)) - _t541;
										if( *((intOrPtr*)(_t541 + 0x18)) == _t541) {
											_t320 = _t446;
										} else {
											_t320 = (_t468 - _t541 >> 0x10) + 1;
											_v12 = _t320;
											__eflags = _t320 - 0xfe;
											if(_t320 >= 0xfe) {
												_push(_t468);
												_push(_t446);
												E0141A80D(_t522, 3, _t468, _t541);
												_t468 = _v52;
												_t320 = _v28;
											}
										}
										_t468[3] = _t320;
										E0137A830(_t553, _t468,  *_t468 & 0x0000ffff);
									}
								}
								E0137B73D(_t553, _t541, _v44 + 0xffffffe8, _v52, _v48,  &_v8);
								E0137A830(_t553, _v64, _v24);
								_t286 = E01377D50();
								_t542 = 0x7ffe0380;
								__eflags = _t286;
								if(_t286 != 0) {
									_t289 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
								} else {
									_t289 = 0x7ffe0380;
								}
								__eflags =  *_t289;
								if( *_t289 != 0) {
									_t290 =  *[fs:0x30];
									__eflags =  *(_t290 + 0x240) & 1;
									if(( *(_t290 + 0x240) & 1) != 0) {
										__eflags = E01377D50();
										if(__eflags != 0) {
											_t542 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
											__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
										}
										E01411411(_t446, _t553, _v44, __eflags, _v52,  *(_t553 + 0x74) << 3, _t446, _t446,  *_t542 & 0x000000ff);
									}
								}
								_t291 = E01377D50();
								_t543 = 0x7ffe038a;
								__eflags = _t291;
								if(_t291 != 0) {
									_t246 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
								} else {
									_t246 = 0x7ffe038a;
								}
								__eflags =  *_t246;
								if( *_t246 != 0) {
									__eflags = E01377D50();
									if(__eflags != 0) {
										_t543 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
										__eflags = _t543;
									}
									_push( *_t543 & 0x000000ff);
									_push(_t446);
									_push(_t446);
									L120:
									_push( *(_t553 + 0x74) << 3);
									_push(_v52);
									_t246 = E01411411(_t446, _t553, _v44, __eflags);
								}
								goto L7;
							}
							 *((intOrPtr*)(_t553 + 0x200)) =  *((intOrPtr*)(_t553 + 0x200)) + 1;
							_t339 = E0138174B( &_v44,  &_v52, 0x4000);
							__eflags = _t339;
							if(_t339 < 0) {
								L94:
								 *((intOrPtr*)(_t553 + 0x210)) =  *((intOrPtr*)(_t553 + 0x210)) + 1;
								__eflags = _v40;
								if(_v40 == 0) {
									goto L153;
								}
								E0137B73D(_t553, _t541, _v28 + 0xffffffe8, _v36, _v48,  &_a4);
								goto L152;
							}
							_t344 = E01377D50();
							__eflags = _t344;
							if(_t344 != 0) {
								_t347 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							} else {
								_t347 = 0x7ffe0380;
							}
							__eflags =  *_t347;
							if( *_t347 != 0) {
								_t348 =  *[fs:0x30];
								__eflags =  *(_t348 + 0x240) & 1;
								if(( *(_t348 + 0x240) & 1) != 0) {
									E014114FB(_t445, _t553, _v44, _v52, 6);
								}
							}
							_t513 = _v48;
							goto L33;
						}
						__eflags =  *_v12 - 3;
						_t513 = _v48;
						if( *_v12 == 3) {
							goto L27;
						}
						__eflags = _t460;
						if(_t460 == 0) {
							goto L9;
						}
						__eflags = _t460 -  *((intOrPtr*)(_t553 + 0x6c));
						if(_t460 <  *((intOrPtr*)(_t553 + 0x6c))) {
							goto L9;
						}
						goto L27;
					}
				}
				_t445 = _a4;
				if(_t445 <  *((intOrPtr*)(__ecx + 0x6c))) {
					_t513 = __edx;
					goto L10;
				}
				_t433 =  *((intOrPtr*)(__ecx + 0x74)) + _t445;
				_v20 = _t433;
				if(_t433 <  *((intOrPtr*)(__ecx + 0x70)) || _v20 <  *(__ecx + 0x1e8) >>  *((intOrPtr*)(__ecx + 0x240)) + 3) {
					_t513 = _t539;
					goto L9;
				} else {
					_t437 = E013799BF(__ecx, __edx,  &_a4, 0);
					_t445 = _a4;
					_t514 = _t437;
					_v56 = _t514;
					if(_t445 - 0x201 > 0xfbff) {
						goto L14;
					} else {
						E0137A830(__ecx, _t514, _t445);
						_t506 =  *(_t553 + 0x238);
						_t551 =  *((intOrPtr*)(_t553 + 0x1e8)) - ( *(_t553 + 0x74) << 3);
						_t246 = _t506 >> 4;
						if(_t551 < _t506 - _t246) {
							_t508 =  *(_t553 + 0x23c);
							_t246 = _t508 >> 2;
							__eflags = _t551 - _t508 - _t246;
							if(_t551 > _t508 - _t246) {
								_t246 = E0138ABD8(_t553);
								 *(_t553 + 0x23c) = _t551;
								 *(_t553 + 0x238) = _t551;
							}
						}
						goto L7;
					}
				}
			}



















































































                            0x0137a309
                            0x0137a316
                            0x0137a319
                            0x0137a31d
                            0x0137a32d
                            0x0137a331
                            0x013c1e0d
                            0x013c1e10
                            0x0137a3cb
                            0x0137a3cb
                            0x0137a3bd
                            0x0137a3c3
                            0x0137a3c3
                            0x0137a33a
                            0x013c1e17
                            0x013c1e1b
                            0x013c1e1d
                            0x013c1e2f
                            0x013c1e34
                            0x013c1e36
                            0x013c1e3c
                            0x013c1e3c
                            0x013c1e3c
                            0x013c1e3c
                            0x013c1e36
                            0x013c1e42
                            0x013c1e45
                            0x013c1e47
                            0x0137a3f8
                            0x0137a3f8
                            0x0137a3fb
                            0x0137a3fd
                            0x013c1e50
                            0x0137a403
                            0x0137a411
                            0x0137a411
                            0x0137a411
                            0x0137a41e
                            0x0137a420
                            0x0137a424
                            0x0137a427
                            0x0137a7c9
                            0x0137a7cd
                            0x0137a7d2
                            0x0137a7d9
                            0x0137a7e0
                            0x0137a7e3
                            0x0137a7ed
                            0x0137a7f3
                            0x0137a7f9
                            0x0137a7ff
                            0x0137a802
                            0x0137a807
                            0x0137a809
                            0x0137a809
                            0x0137a809
                            0x0137a80f
                            0x0137a80f
                            0x0137a812
                            0x0137a81c
                            0x0137a821
                            0x0137a824
                            0x0137a42d
                            0x0137a42d
                            0x0137a42d
                            0x0137a42d
                            0x0137a42d
                            0x0137a436
                            0x0137a43a
                            0x0137a609
                            0x0137a60d
                            0x0137a612
                            0x0137a616
                            0x0137a61a
                            0x013c1e57
                            0x013c1e59
                            0x00000000
                            0x00000000
                            0x013c1e5f
                            0x0137a620
                            0x0137a627
                            0x013c1e64
                            0x013c1e66
                            0x013c1e6c
                            0x013c1e72
                            0x013c1e76
                            0x013c1e95
                            0x013c1e9a
                            0x013c1e78
                            0x013c1e8d
                            0x013c1e92
                            0x013c1ea0
                            0x013c1ea5
                            0x013c1eaa
                            0x013c1eb2
                            0x013c1eb6
                            0x013c1eb9
                            0x013c1eb9
                            0x013c1ebe
                            0x013c1ec2
                            0x013c1ec2
                            0x013c1e66
                            0x0137a62d
                            0x0137a633
                            0x0137a636
                            0x0137a63a
                            0x0137a63c
                            0x0137a640
                            0x0137a642
                            0x0137a644
                            0x0137a644
                            0x0137a644
                            0x0137a64d
                            0x0137a64d
                            0x0137a651
                            0x0137a655
                            0x013c1eca
                            0x013c1ed1
                            0x00000000
                            0x00000000
                            0x013c1ed7
                            0x00000000
                            0x0137a65b
                            0x0137a669
                            0x0137a66e
                            0x0137a670
                            0x00000000
                            0x00000000
                            0x0137a676
                            0x0137a67b
                            0x0137a680
                            0x0137a682
                            0x013c1f1a
                            0x0137a688
                            0x0137a688
                            0x0137a688
                            0x0137a68a
                            0x0137a68d
                            0x013c1f24
                            0x013c1f2a
                            0x013c1f31
                            0x013c1f43
                            0x013c1f43
                            0x013c1f31
                            0x0137a693
                            0x0137a697
                            0x0137a69d
                            0x0137a6a0
                            0x0137a6a6
                            0x0137a6a8
                            0x0137a6a8
                            0x0137a6a8
                            0x0137a6a8
                            0x0137a6b2
                            0x0137a6b7
                            0x0137a6c1
                            0x0137a6c6
                            0x0137a6d2
                            0x0137a6d9
                            0x0137a6e3
                            0x0137a6e6
                            0x0137a6eb
                            0x0137a6ed
                            0x0137a6ed
                            0x0137a6ed
                            0x0137a6ed
                            0x0137a6f3
                            0x0137a6f8
                            0x0137a702
                            0x0137a70a
                            0x0137a70e
                            0x0137a71a
                            0x0137a71e
                            0x013c1fcb
                            0x013c1fcf
                            0x013c1fdd
                            0x013c1fe3
                            0x013c1fe3
                            0x0137a724
                            0x0137a728
                            0x0137a72a
                            0x0137a72d
                            0x0137a737
                            0x0137a73a
                            0x0137a73c
                            0x0137a742
                            0x0137a748
                            0x013c1f4d
                            0x013c1f50
                            0x013c1f56
                            0x013c1f5c
                            0x013c1f5f
                            0x013c1f7e
                            0x013c1f83
                            0x013c1f61
                            0x013c1f76
                            0x013c1f7b
                            0x013c1f89
                            0x013c1f8e
                            0x013c1f93
                            0x013c1f94
                            0x013c1f9a
                            0x013c1f9c
                            0x013c1f9e
                            0x013c1fa1
                            0x013c1fa1
                            0x013c1fa6
                            0x013c1fa6
                            0x013c1f50
                            0x0137a74e
                            0x0137a751
                            0x0137a754
                            0x0137a75d
                            0x0137a75e
                            0x0137a762
                            0x0137a767
                            0x013c1faf
                            0x013c1fb0
                            0x013c1fb9
                            0x013c1fbe
                            0x013c1fc2
                            0x013c1fc2
                            0x0137a76d
                            0x0137a76d
                            0x0137a775
                            0x0137a778
                            0x0137a77d
                            0x0137a77d
                            0x0137a71e
                            0x0137a782
                            0x0137a787
                            0x0137a789
                            0x013c1ff3
                            0x0137a78f
                            0x0137a78f
                            0x0137a78f
                            0x0137a791
                            0x0137a794
                            0x013c1ffd
                            0x013c2006
                            0x013c200c
                            0x013c2017
                            0x013c2019
                            0x013c2024
                            0x013c2024
                            0x013c2024
                            0x013c2047
                            0x013c2047
                            0x013c200c
                            0x0137a79a
                            0x0137a79f
                            0x0137a7a4
                            0x0137a7a9
                            0x0137a7ab
                            0x013c205a
                            0x0137a7b1
                            0x0137a7b1
                            0x0137a7b1
                            0x0137a7b3
                            0x0137a7b6
                            0x00000000
                            0x0137a7bc
                            0x013c2066
                            0x013c2068
                            0x013c2073
                            0x013c2073
                            0x013c2073
                            0x013c2078
                            0x013c2079
                            0x013c207d
                            0x00000000
                            0x013c207d
                            0x0137a7b6
                            0x0137a440
                            0x0137a440
                            0x0137a440
                            0x0137a446
                            0x0137a44c
                            0x0137a44f
                            0x0137a453
                            0x0137a455
                            0x013c20b3
                            0x013c20b9
                            0x013c20b9
                            0x0137a45d
                            0x0137a460
                            0x0137a464
                            0x0137a466
                            0x0137a46b
                            0x0137a46f
                            0x0137a471
                            0x0137a471
                            0x0137a471
                            0x0137a474
                            0x0137a479
                            0x0137a47d
                            0x0137a47f
                            0x013c2229
                            0x013c222f
                            0x0137a3c8
                            0x0137a3c8
                            0x0137a3ca
                            0x0137a3ca
                            0x00000000
                            0x0137a3ca
                            0x013c2235
                            0x013c223a
                            0x013c223a
                            0x00000000
                            0x00000000
                            0x013c2240
                            0x013c2246
                            0x013c224a
                            0x013c2269
                            0x013c226e
                            0x013c224c
                            0x013c2261
                            0x013c2266
                            0x013c2274
                            0x013c2279
                            0x013c227e
                            0x013c2286
                            0x013c2288
                            0x013c228d
                            0x013c228d
                            0x013c2292
                            0x013c2292
                            0x013c2295
                            0x013c2295
                            0x00000000
                            0x013c2295
                            0x0137a485
                            0x0137a489
                            0x0137a48b
                            0x0137a48f
                            0x0137a493
                            0x0137a497
                            0x0137a49b
                            0x0137a4bb
                            0x0137a4bb
                            0x0137a4bd
                            0x0137a4ff
                            0x0137a4ff
                            0x0137a501
                            0x0137a505
                            0x0137a50f
                            0x0137a517
                            0x0137a51b
                            0x0137a527
                            0x0137a52b
                            0x013c2182
                            0x013c2185
                            0x013c2193
                            0x013c2199
                            0x013c2199
                            0x0137a531
                            0x0137a535
                            0x0137a538
                            0x0137a548
                            0x0137a54b
                            0x0137a54d
                            0x0137a553
                            0x0137a559
                            0x013c2100
                            0x013c2103
                            0x013c2109
                            0x013c210f
                            0x013c2112
                            0x013c2131
                            0x013c2136
                            0x013c2114
                            0x013c2129
                            0x013c212e
                            0x013c213c
                            0x013c2141
                            0x013c2147
                            0x013c214d
                            0x013c2151
                            0x013c2154
                            0x013c2154
                            0x013c2159
                            0x013c2159
                            0x013c2103
                            0x0137a55f
                            0x0137a562
                            0x0137a565
                            0x0137a567
                            0x013c2162
                            0x0137a56d
                            0x0137a574
                            0x0137a575
                            0x0137a579
                            0x0137a57e
                            0x013c2169
                            0x013c216a
                            0x013c2170
                            0x013c2175
                            0x013c2179
                            0x013c2179
                            0x0137a57e
                            0x0137a584
                            0x0137a58f
                            0x0137a58f
                            0x0137a52b
                            0x0137a5ad
                            0x0137a5bc
                            0x0137a5c1
                            0x0137a5c6
                            0x0137a5cb
                            0x0137a5cd
                            0x013c21a9
                            0x0137a5d3
                            0x0137a5d3
                            0x0137a5d3
                            0x0137a5d5
                            0x0137a5d8
                            0x013c21b3
                            0x013c21bc
                            0x013c21c2
                            0x013c21cd
                            0x013c21cf
                            0x013c21da
                            0x013c21da
                            0x013c21da
                            0x013c21f7
                            0x013c21f7
                            0x013c21c2
                            0x0137a5de
                            0x0137a5e3
                            0x0137a5e8
                            0x0137a5ea
                            0x013c220a
                            0x0137a5f0
                            0x0137a5f0
                            0x0137a5f0
                            0x0137a5f2
                            0x0137a5f5
                            0x013c2219
                            0x013c221b
                            0x013c208c
                            0x013c208c
                            0x013c208c
                            0x013c2095
                            0x013c2096
                            0x013c2097
                            0x013c2098
                            0x013c20a4
                            0x013c20a5
                            0x013c20a9
                            0x013c20a9
                            0x00000000
                            0x0137a5f5
                            0x0137a4bf
                            0x0137a4d3
                            0x0137a4d8
                            0x0137a4da
                            0x013c1ede
                            0x013c1ede
                            0x013c1ee4
                            0x013c1ee9
                            0x00000000
                            0x00000000
                            0x013c1f07
                            0x00000000
                            0x013c1f07
                            0x0137a4e0
                            0x0137a4e5
                            0x0137a4e7
                            0x013c20cb
                            0x0137a4ed
                            0x0137a4ed
                            0x0137a4ed
                            0x0137a4f2
                            0x0137a4f5
                            0x013c20d5
                            0x013c20de
                            0x013c20e4
                            0x013c20f6
                            0x013c20f6
                            0x013c20e4
                            0x0137a4fb
                            0x00000000
                            0x0137a4fb
                            0x0137a4a1
                            0x0137a4a4
                            0x0137a4a8
                            0x00000000
                            0x00000000
                            0x0137a4aa
                            0x0137a4ac
                            0x00000000
                            0x00000000
                            0x0137a4b2
                            0x0137a4b5
                            0x00000000
                            0x00000000
                            0x00000000
                            0x0137a4b5
                            0x0137a43a
                            0x0137a340
                            0x0137a346
                            0x0137a600
                            0x00000000
                            0x0137a600
                            0x0137a34f
                            0x0137a351
                            0x0137a358
                            0x0137a3c6
                            0x00000000
                            0x0137a371
                            0x0137a37a
                            0x0137a37f
                            0x0137a382
                            0x0137a384
                            0x0137a394
                            0x00000000
                            0x0137a396
                            0x0137a399
                            0x0137a3a7
                            0x0137a3b0
                            0x0137a3b4
                            0x0137a3bb
                            0x0137a3d2
                            0x0137a3da
                            0x0137a3df
                            0x0137a3e1
                            0x0137a3e5
                            0x0137a3ea
                            0x0137a3f0
                            0x0137a3f0
                            0x0137a3e1
                            0x00000000
                            0x0137a3bb
                            0x0137a394

                            Strings
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
                            • API String ID: 0-523794902
                            • Opcode ID: e126be151f37f5e5d5eeabfb4c9604408ff8e162c9d01aa4eec5781482d32810
                            • Instruction ID: 8821fb2089388c38a5ebe0219e2057a33e654bbfc614e258265c1807058e25d5
                            • Opcode Fuzzy Hash: e126be151f37f5e5d5eeabfb4c9604408ff8e162c9d01aa4eec5781482d32810
                            • Instruction Fuzzy Hash: 7D42E071208382DFD725DF38C884B2ABBE5FF98A18F08496DE5868B352D738D941CB51
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0138C63D Relevance: 7.6, Strings: 6, Instructions: 111COMMON
                            Download Yara Rule
                            C-Code - Quality: 53%
                            			E0138C63D(signed int __ecx, void* __edx, signed int _a4, intOrPtr* _a8, intOrPtr _a16) {
				void* _v8;
				void* _v12;
				char _v16;
				intOrPtr _t21;
				intOrPtr _t27;
				intOrPtr _t32;
				intOrPtr* _t34;
				signed int _t35;
				void* _t38;
				signed int _t41;
				void* _t43;

				_t38 = __edx;
				_t35 = __ecx;
				_t21 =  *[fs:0x30];
				_v12 = 0;
				_v16 = 0;
				_v8 = 0;
				if(__edx == 0x133127c) {
					E013E5720(0x33, 0, "SXS: %s() passed the empty activation context\n", "RtlGetAssemblyStorageRoot");
					goto L23;
				} else {
					_t34 = _a8;
					if(_t34 != 0) {
						 *_t34 = 0;
					}
					_t41 = _a4;
					if((_t35 & 0xfffffffc) != 0 || _t41 < 1 || _t34 == 0) {
						_push(E0138CCC0);
						_push(_t34);
						_push(_t41);
						_push(_t35);
						E013E5720(0x33, 0, "SXS: %s() bad parameters:\nSXS:    Flags              : 0x%lx\nSXS:    AssemblyRosterIndex: 0x%lx\nSXS:    AssemblyStorageRoot: %p\nSXS:    Callback           : %p\n", "RtlGetAssemblyStorageRoot");
						goto L23;
					} else {
						_t43 = E0138C707(_t35 & 0x00000003, _t21, _t38,  &_v12,  &_v8,  &_v16);
						if(_t43 < 0) {
							_push(_t43);
							_push("SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header.  Status = 0x%08lx\n");
							goto L20;
						} else {
							_t40 = _v12;
							if(_v12 == 0) {
								L14:
								_t43 = 0;
							} else {
								_t27 = _v16;
								if(_t27 == 0) {
									L16:
									_t43 = 0xc00000e5;
								} else {
									_t37 = _v8;
									if(_v8 == 0) {
										goto L16;
									} else {
										if(_t41 >=  *((intOrPtr*)(_t27 + 8))) {
											_push( *((intOrPtr*)(_t27 + 8)));
											_push(_t41);
											E013E5720(0x33, 0, "SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx\n", "RtlGetAssemblyStorageRoot");
											L23:
											_t43 = 0xc000000d;
										} else {
											_t43 = E0138C9BF(_t37, _t40, _t41, _t37, _a16);
											if(_t43 < 0) {
												_push(_t43);
												_push("SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry.  Status = 0x%08lx\n");
												L20:
												_push(0);
												_push(0x33);
												E013E5720();
											} else {
												_t32 =  *((intOrPtr*)( *((intOrPtr*)(_v8 + 8)) + _t41 * 4));
												if(_t32 == 0) {
													goto L16;
												} else {
													 *_t34 = _t32 + 4;
													goto L14;
												}
											}
										}
									}
								}
							}
						}
					}
				}
				return _t43;
			}














                            0x0138c63d
                            0x0138c63d
                            0x0138c645
                            0x0138c64f
                            0x0138c652
                            0x0138c655
                            0x0138c65f
                            0x013ca775
                            0x00000000
                            0x0138c665
                            0x0138c665
                            0x0138c66a
                            0x0138c66c
                            0x0138c66c
                            0x0138c66e
                            0x0138c677
                            0x013ca7ba
                            0x013ca7bf
                            0x013ca7c0
                            0x013ca7c1
                            0x013ca7cf
                            0x00000000
                            0x0138c68e
                            0x0138c6a5
                            0x0138c6a9
                            0x013ca77f
                            0x013ca780
                            0x00000000
                            0x0138c6af
                            0x0138c6af
                            0x0138c6b4
                            0x0138c6f3
                            0x0138c6f3
                            0x0138c6b6
                            0x0138c6b6
                            0x0138c6bb
                            0x0138c700
                            0x0138c700
                            0x0138c6bd
                            0x0138c6bd
                            0x0138c6c2
                            0x00000000
                            0x0138c6c4
                            0x0138c6c7
                            0x013ca79e
                            0x013ca7a1
                            0x013ca7b0
                            0x013ca7d7
                            0x013ca7d7
                            0x0138c6cd
                            0x0138c6d7
                            0x0138c6db
                            0x013ca787
                            0x013ca788
                            0x013ca78d
                            0x013ca78d
                            0x013ca78f
                            0x013ca791
                            0x0138c6e1
                            0x0138c6e7
                            0x0138c6ec
                            0x00000000
                            0x0138c6ee
                            0x0138c6f1
                            0x00000000
                            0x0138c6f1
                            0x0138c6ec
                            0x0138c6db
                            0x0138c6c7
                            0x0138c6c2
                            0x0138c6bb
                            0x0138c6b4
                            0x0138c6a9
                            0x0138c677
                            0x0138c6fd

                            Strings
                            • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 013CA7A7
                            • RtlGetAssemblyStorageRoot, xrefs: 013CA768, 013CA7A2, 013CA7C2
                            • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 013CA7C7
                            • SXS: %s() passed the empty activation context, xrefs: 013CA76D
                            • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 013CA788
                            • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 013CA780
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                            • API String ID: 0-861424205
                            • Opcode ID: 30508609e5da7259182343ce23e775073a172b673ef776b916030be8518ad321
                            • Instruction ID: 858ec3440214252de124b14b71a64c2fadab9fc1ae308bf25433e350d1fa1f96
                            • Opcode Fuzzy Hash: 30508609e5da7259182343ce23e775073a172b673ef776b916030be8518ad321
                            • Instruction Fuzzy Hash: 8031E876A40329BBEB20AB9A9C45F9B7AB9EF51E5CF05015DFA0177240D660AD0087B1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0137B477 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 405COMMONCrypto
                            Download Yara Rule
                            C-Code - Quality: 67%
                            			E0137B477(signed int __ecx, signed int* __edx) {
				signed int _v8;
				signed int _v12;
				intOrPtr* _v16;
				signed int* _v20;
				signed int _v24;
				char _v28;
				signed int _v44;
				char _v48;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t131;
				signed char _t134;
				signed int _t139;
				void* _t141;
				signed int* _t143;
				signed int* _t144;
				intOrPtr* _t147;
				char _t160;
				signed int* _t163;
				signed char* _t164;
				intOrPtr _t165;
				signed int* _t167;
				signed char* _t168;
				intOrPtr _t193;
				intOrPtr* _t195;
				signed int _t203;
				signed int _t209;
				signed int _t211;
				intOrPtr _t214;
				intOrPtr* _t231;
				intOrPtr* _t236;
				signed int _t237;
				intOrPtr* _t238;
				signed int _t240;
				intOrPtr _t241;
				char _t243;
				signed int _t252;
				signed int _t254;
				signed char _t259;
				signed int _t264;
				signed int _t268;
				intOrPtr _t277;
				unsigned int _t279;
				signed int* _t283;
				intOrPtr* _t284;
				unsigned int _t287;
				signed int _t291;
				signed int _t293;

				_v8 =  *0x144d360 ^ _t293;
				_t223 = __edx;
				_v20 = __edx;
				_t291 = __ecx;
				_t276 =  *__edx;
				_t231 = E0137B8E4( *__edx);
				_t292 = __ecx + 0x8c;
				_v16 = _t231;
				if(_t231 == __ecx + 0x8c) {
					L38:
					_t131 = 0;
					L34:
					return E0139B640(_t131, _t223, _v8 ^ _t293, _t276, _t291, _t292);
				}
				if( *0x1448748 >= 1) {
					__eflags =  *((intOrPtr*)(_t231 + 0x14)) -  *__edx;
					if(__eflags < 0) {
						_t214 =  *[fs:0x30];
						__eflags =  *(_t214 + 0xc);
						if( *(_t214 + 0xc) == 0) {
							_push("HEAP: ");
							E0135B150();
						} else {
							E0135B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push("(UCRBlock->Size >= *Size)");
						E0135B150();
						__eflags =  *0x1447bc8;
						if(__eflags == 0) {
							__eflags = 1;
							E01412073(_t223, 1, _t291, 1);
						}
						_t231 = _v16;
					}
				}
				_t5 = _t231 - 8; // -8
				_t292 = _t5;
				_t134 =  *((intOrPtr*)(_t292 + 6));
				if(_t134 != 0) {
					_t223 = (_t292 & 0xffff0000) - ((_t134 & 0x000000ff) << 0x10) + 0x10000;
				} else {
					_t223 = _t291;
				}
				_t276 = _v20;
				_v28 =  *((intOrPtr*)(_t231 + 0x10));
				_t139 =  *(_t291 + 0xcc) ^  *0x1448a68;
				_v12 = _t139;
				if(_t139 != 0) {
					 *0x144b1e0(_t291,  &_v28, _t276);
					_t141 = _v12();
					goto L8;
				} else {
					_t203 =  *((intOrPtr*)(_t231 + 0x14));
					_v12 = _t203;
					if(_t203 -  *_t276 <=  *(_t291 + 0x6c) << 3) {
						_t264 = _v12;
						__eflags = _t264 -  *(_t291 + 0x5c) << 3;
						if(__eflags < 0) {
							 *_t276 = _t264;
						}
					}
					_t209 =  *(_t291 + 0x40) & 0x00040000;
					asm("sbb ecx, ecx");
					_t268 = ( ~_t209 & 0x0000003c) + 4;
					_v12 = _t268;
					if(_t209 != 0) {
						_push(0);
						_push(0x14);
						_push( &_v48);
						_push(3);
						_push(_t291);
						_push(0xffffffff);
						_t211 = E01399730();
						__eflags = _t211;
						if(_t211 < 0) {
							L56:
							_push(_t268);
							_t276 = _t291;
							E0141A80D(_t291, 1, _v44, 0);
							_t268 = 4;
							goto L7;
						}
						__eflags = _v44 & 0x00000060;
						if((_v44 & 0x00000060) == 0) {
							goto L56;
						}
						__eflags = _v48 - _t291;
						if(__eflags != 0) {
							goto L56;
						}
						_t268 = _v12;
					}
					L7:
					_push(_t268);
					_push(0x1000);
					_push(_v20);
					_push(0);
					_push( &_v28);
					_push(0xffffffff);
					_t141 = E01399660();
					 *((intOrPtr*)(_t291 + 0x20c)) =  *((intOrPtr*)(_t291 + 0x20c)) + 1;
					L8:
					if(_t141 < 0) {
						 *((intOrPtr*)(_t291 + 0x214)) =  *((intOrPtr*)(_t291 + 0x214)) + 1;
						goto L38;
					}
					_t143 =  *( *[fs:0x30] + 0x50);
					if(_t143 != 0) {
						__eflags =  *_t143;
						if(__eflags == 0) {
							goto L10;
						}
						_t144 =  &(( *( *[fs:0x30] + 0x50))[0x89]);
						L11:
						if( *_t144 != 0) {
							__eflags =  *( *[fs:0x30] + 0x240) & 0x00000001;
							if(__eflags != 0) {
								E0141138A(_t223, _t291, _v28,  *_v20, 2);
							}
						}
						if( *((intOrPtr*)(_t291 + 0x4c)) != 0) {
							_t287 =  *(_t291 + 0x50) ^  *_t292;
							 *_t292 = _t287;
							_t259 = _t287 >> 0x00000010 ^ _t287 >> 0x00000008 ^ _t287;
							if(_t287 >> 0x18 != _t259) {
								_push(_t259);
								E0140FA2B(_t223, _t291, _t292, _t291, _t292, __eflags);
							}
						}
						_t147 = _v16 + 8;
						 *((char*)(_t292 + 2)) = 0;
						 *((char*)(_t292 + 7)) = 0;
						_t236 =  *((intOrPtr*)(_t147 + 4));
						_t277 =  *_t147;
						_v24 = _t236;
						_t237 =  *_t236;
						_v12 = _t237;
						_t238 = _v16;
						if(_t237 !=  *((intOrPtr*)(_t277 + 4)) || _v12 != _t147) {
							_push(_t238);
							_push(_v12);
							E0141A80D(0, 0xd, _t147,  *((intOrPtr*)(_t277 + 4)));
							_t238 = _v16;
						} else {
							_t195 = _v24;
							 *_t195 = _t277;
							 *((intOrPtr*)(_t277 + 4)) = _t195;
						}
						if( *(_t238 + 0x14) == 0) {
							L22:
							_t223[0x30] = _t223[0x30] - 1;
							_t223[0x2c] = _t223[0x2c] - ( *(_t238 + 0x14) >> 0xc);
							 *((intOrPtr*)(_t291 + 0x1e8)) =  *((intOrPtr*)(_t291 + 0x1e8)) +  *(_t238 + 0x14);
							 *((intOrPtr*)(_t291 + 0x1fc)) =  *((intOrPtr*)(_t291 + 0x1fc)) + 1;
							 *((intOrPtr*)(_t291 + 0x1f8)) =  *((intOrPtr*)(_t291 + 0x1f8)) - 1;
							_t279 =  *(_t238 + 0x14);
							if(_t279 >= 0x7f000) {
								 *((intOrPtr*)(_t291 + 0x1ec)) =  *((intOrPtr*)(_t291 + 0x1ec)) - _t279;
								_t279 =  *(_t238 + 0x14);
							}
							_t152 = _v20;
							_t240 =  *_v20;
							_v12 = _t240;
							_t241 = _v16;
							if(_t279 <= _t240) {
								__eflags =  *((intOrPtr*)(_t241 + 0x10)) + _t279 - _t223[0x28];
								if( *((intOrPtr*)(_t241 + 0x10)) + _t279 != _t223[0x28]) {
									 *_v20 = _v12 + ( *_t292 & 0x0000ffff) * 8;
									L26:
									_t243 = 0;
									 *((char*)(_t292 + 3)) = 0;
									_t276 = _t223[0x18];
									if(_t223[0x18] != _t223) {
										_t160 = (_t292 - _t223 >> 0x10) + 1;
										_v24 = _t160;
										__eflags = _t160 - 0xfe;
										if(_t160 >= 0xfe) {
											_push(0);
											_push(0);
											E0141A80D(_t276, 3, _t292, _t223);
											_t160 = _v24;
										}
										_t243 = _t160;
									}
									 *((char*)(_t292 + 6)) = _t243;
									_t163 =  *( *[fs:0x30] + 0x50);
									if(_t163 != 0) {
										__eflags =  *_t163;
										if( *_t163 == 0) {
											goto L28;
										}
										_t227 = 0x7ffe0380;
										_t164 =  &(( *( *[fs:0x30] + 0x50))[0x89]);
										goto L29;
									} else {
										L28:
										_t227 = 0x7ffe0380;
										_t164 = 0x7ffe0380;
										L29:
										if( *_t164 != 0) {
											_t165 =  *[fs:0x30];
											__eflags =  *(_t165 + 0x240) & 0x00000001;
											if(( *(_t165 + 0x240) & 0x00000001) != 0) {
												__eflags = E01377D50();
												if(__eflags != 0) {
													_t227 =  &(( *( *[fs:0x30] + 0x50))[0x89]);
													__eflags =  &(( *( *[fs:0x30] + 0x50))[0x89]);
												}
												_t276 = _t292;
												E01411582(_t227, _t291, _t292, __eflags,  *_v20,  *(_t291 + 0x74) << 3,  *_t227 & 0x000000ff);
											}
										}
										_t223 = 0x7ffe038a;
										_t167 =  *( *[fs:0x30] + 0x50);
										if(_t167 != 0) {
											__eflags =  *_t167;
											if( *_t167 == 0) {
												goto L31;
											}
											_t168 =  &(( *( *[fs:0x30] + 0x50))[0x8c]);
											goto L32;
										} else {
											L31:
											_t168 = _t223;
											L32:
											if( *_t168 != 0) {
												__eflags = E01377D50();
												if(__eflags != 0) {
													_t223 =  &(( *( *[fs:0x30] + 0x50))[0x8c]);
													__eflags =  &(( *( *[fs:0x30] + 0x50))[0x8c]);
												}
												_t276 = _t292;
												E01411582(_t223, _t291, _t292, __eflags,  *_v20,  *(_t291 + 0x74) << 3,  *_t223 & 0x000000ff);
											}
											_t131 = _t292;
											goto L34;
										}
									}
								}
								_t152 = _v20;
							}
							E0137B73D(_t291, _t223,  *((intOrPtr*)(_t241 + 0x10)) + _v12 + 0xffffffe8, _t279 - _v12, _t292, _t152);
							 *_v20 =  *_v20 << 3;
							goto L26;
						} else {
							_t283 =  *(_t291 + 0xb8);
							if(_t283 != 0) {
								_t190 =  *(_t238 + 0x14) >> 0xc;
								while(1) {
									__eflags = _t190 - _t283[1];
									if(_t190 < _t283[1]) {
										break;
									}
									_t252 =  *_t283;
									__eflags = _t252;
									_v24 = _t252;
									_t238 = _v16;
									if(_t252 == 0) {
										_t190 = _t283[1] - 1;
										__eflags = _t283[1] - 1;
										L70:
										E0137BC04(_t291, _t283, 0, _t238, _t190,  *(_t238 + 0x14));
										_t238 = _v16;
										goto L19;
									}
									_t283 = _v24;
								}
								goto L70;
							}
							L19:
							_t193 =  *_t238;
							_t284 =  *((intOrPtr*)(_t238 + 4));
							_t254 =  *((intOrPtr*)(_t193 + 4));
							_v24 = _t254;
							_t238 = _v16;
							if( *_t284 != _t254 ||  *_t284 != _t238) {
								_push(_t238);
								_push( *_t284);
								E0141A80D(0, 0xd, _t238, _v24);
								_t238 = _v16;
							} else {
								 *_t284 = _t193;
								 *((intOrPtr*)(_t193 + 4)) = _t284;
							}
							goto L22;
						}
					}
					L10:
					_t144 = 0x7ffe0380;
					goto L11;
				}
			}





















































                            0x0137b486
                            0x0137b48a
                            0x0137b48e
                            0x0137b491
                            0x0137b493
                            0x0137b49a
                            0x0137b49c
                            0x0137b4a2
                            0x0137b4a7
                            0x0137b6fc
                            0x0137b6fc
                            0x0137b6b3
                            0x0137b6c3
                            0x0137b6c3
                            0x0137b4b4
                            0x013c294f
                            0x013c2951
                            0x013c2957
                            0x013c295d
                            0x013c2961
                            0x013c2980
                            0x013c2985
                            0x013c2963
                            0x013c2978
                            0x013c297d
                            0x013c298b
                            0x013c2990
                            0x013c2995
                            0x013c299d
                            0x013c29a1
                            0x013c29a2
                            0x013c29a2
                            0x013c29a7
                            0x013c29a7
                            0x013c2951
                            0x0137b4ba
                            0x0137b4ba
                            0x0137b4bd
                            0x0137b4c2
                            0x0137b6d4
                            0x0137b4c8
                            0x0137b4c8
                            0x0137b4c8
                            0x0137b4cd
                            0x0137b4d0
                            0x0137b4d9
                            0x0137b4df
                            0x0137b4e2
                            0x013c29b7
                            0x013c29bd
                            0x00000000
                            0x0137b4e8
                            0x0137b4e8
                            0x0137b4ef
                            0x0137b4fa
                            0x0137b703
                            0x0137b709
                            0x0137b70b
                            0x0137b711
                            0x0137b711
                            0x0137b70b
                            0x0137b503
                            0x0137b50c
                            0x0137b511
                            0x0137b514
                            0x0137b519
                            0x013c29c5
                            0x013c29c7
                            0x013c29cc
                            0x013c29cd
                            0x013c29cf
                            0x013c29d0
                            0x013c29d2
                            0x013c29d7
                            0x013c29d9
                            0x013c29ee
                            0x013c29ee
                            0x013c29f4
                            0x013c29fa
                            0x013c2a01
                            0x00000000
                            0x013c2a01
                            0x013c29db
                            0x013c29df
                            0x00000000
                            0x00000000
                            0x013c29e1
                            0x013c29e4
                            0x00000000
                            0x00000000
                            0x013c29e6
                            0x013c29e6
                            0x0137b51f
                            0x0137b51f
                            0x0137b520
                            0x0137b525
                            0x0137b52b
                            0x0137b52d
                            0x0137b52e
                            0x0137b530
                            0x0137b535
                            0x0137b53b
                            0x0137b53d
                            0x013c2a07
                            0x00000000
                            0x013c2a07
                            0x0137b549
                            0x0137b54e
                            0x013c2a12
                            0x013c2a15
                            0x00000000
                            0x00000000
                            0x013c2a24
                            0x0137b559
                            0x0137b55c
                            0x013c2a34
                            0x013c2a3b
                            0x013c2a4d
                            0x013c2a4d
                            0x013c2a3b
                            0x0137b566
                            0x0137b56b
                            0x0137b56f
                            0x0137b57b
                            0x0137b582
                            0x013c2a57
                            0x013c2a5c
                            0x013c2a5c
                            0x0137b582
                            0x0137b58b
                            0x0137b58e
                            0x0137b592
                            0x0137b596
                            0x0137b599
                            0x0137b59b
                            0x0137b59e
                            0x0137b5a3
                            0x0137b5a6
                            0x0137b5a9
                            0x013c2a66
                            0x013c2a67
                            0x013c2a73
                            0x013c2a78
                            0x0137b5b8
                            0x0137b5b8
                            0x0137b5bb
                            0x0137b5bd
                            0x0137b5bd
                            0x0137b5c4
                            0x0137b5f7
                            0x0137b5f7
                            0x0137b600
                            0x0137b606
                            0x0137b60c
                            0x0137b612
                            0x0137b618
                            0x0137b621
                            0x0137b623
                            0x0137b629
                            0x0137b629
                            0x0137b62c
                            0x0137b62f
                            0x0137b633
                            0x0137b636
                            0x0137b639
                            0x0137b71d
                            0x0137b720
                            0x0137b736
                            0x0137b660
                            0x0137b660
                            0x0137b662
                            0x0137b665
                            0x0137b66a
                            0x0137b6e6
                            0x0137b6e7
                            0x0137b6ea
                            0x0137b6ef
                            0x013c2ad1
                            0x013c2ad2
                            0x013c2ad8
                            0x013c2add
                            0x013c2add
                            0x0137b6f5
                            0x0137b6f5
                            0x0137b672
                            0x0137b675
                            0x0137b67a
                            0x013c2ae5
                            0x013c2ae8
                            0x00000000
                            0x00000000
                            0x013c2af4
                            0x013c2afc
                            0x00000000
                            0x0137b680
                            0x0137b680
                            0x0137b680
                            0x0137b685
                            0x0137b687
                            0x0137b68a
                            0x013c2b06
                            0x013c2b0c
                            0x013c2b13
                            0x013c2b1e
                            0x013c2b20
                            0x013c2b2b
                            0x013c2b2b
                            0x013c2b2b
                            0x013c2b34
                            0x013c2b45
                            0x013c2b45
                            0x013c2b13
                            0x0137b696
                            0x0137b69b
                            0x0137b6a0
                            0x013c2b4f
                            0x013c2b52
                            0x00000000
                            0x00000000
                            0x013c2b61
                            0x00000000
                            0x0137b6a6
                            0x0137b6a6
                            0x0137b6a6
                            0x0137b6a8
                            0x0137b6ab
                            0x013c2b70
                            0x013c2b72
                            0x013c2b7d
                            0x013c2b7d
                            0x013c2b7d
                            0x013c2b86
                            0x013c2b97
                            0x013c2b97
                            0x0137b6b1
                            0x00000000
                            0x0137b6b1
                            0x0137b6a0
                            0x0137b67a
                            0x0137b722
                            0x0137b722
                            0x0137b655
                            0x0137b65d
                            0x00000000
                            0x0137b5c6
                            0x0137b5c6
                            0x0137b5ce
                            0x013c2a83
                            0x013c2a97
                            0x013c2a97
                            0x013c2a9a
                            0x00000000
                            0x00000000
                            0x013c2a88
                            0x013c2a8a
                            0x013c2a8c
                            0x013c2a8f
                            0x013c2a92
                            0x013c2aa1
                            0x013c2aa1
                            0x013c2aa2
                            0x013c2aab
                            0x013c2ab0
                            0x00000000
                            0x013c2ab0
                            0x013c2a94
                            0x013c2a94
                            0x00000000
                            0x013c2a9c
                            0x0137b5d4
                            0x0137b5d4
                            0x0137b5d6
                            0x0137b5d9
                            0x0137b5de
                            0x0137b5e1
                            0x0137b5e4
                            0x013c2ab8
                            0x013c2ab9
                            0x013c2ac4
                            0x013c2ac9
                            0x0137b5f2
                            0x0137b5f2
                            0x0137b5f4
                            0x0137b5f4
                            0x00000000
                            0x0137b5e4
                            0x0137b5c4
                            0x0137b554
                            0x0137b554
                            0x00000000
                            0x0137b554

                            Strings
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                            • API String ID: 0-4253913091
                            • Opcode ID: 72fa01435d7277b082e9099f376c00b915e72244d2df9a3957968b810ea652c7
                            • Instruction ID: aa7a6e7a90f48a78720d9eb3cac2499698a828e5bb53ef625aa1ae5b768b9d0b
                            • Opcode Fuzzy Hash: 72fa01435d7277b082e9099f376c00b915e72244d2df9a3957968b810ea652c7
                            • Instruction Fuzzy Hash: 43E19B70600249DFDB29CF68C884BBABBB5FF44718F1441A9E5069B795DB34ED41CB90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 01372430 Relevance: 6.7, Strings: 5, Instructions: 461COMMONCrypto
                            Download Yara Rule
                            C-Code - Quality: 96%
                            			E01372430(signed char _a4, intOrPtr* _a8, intOrPtr* _a12, intOrPtr _a16, intOrPtr* _a20, signed int _a24, intOrPtr* _a28, short _a32, intOrPtr* _a36) {
				signed int _v8;
				char _v140;
				short _v172;
				char _v176;
				signed int _v180;
				intOrPtr _v184;
				intOrPtr _v188;
				char _v192;
				signed int _v196;
				signed int _v200;
				short* _v204;
				short* _v208;
				short* _v212;
				signed int _v214;
				char _v216;
				short _v224;
				short _v228;
				short* _v232;
				signed short* _v236;
				signed short* _v240;
				short _v242;
				char _v244;
				intOrPtr _v248;
				char _v252;
				intOrPtr _v256;
				char _v260;
				char* _v280;
				char _v284;
				char _v288;
				char _v292;
				signed int _v296;
				void* _v300;
				signed int _v304;
				void* _v312;
				signed short _v316;
				char _v320;
				signed int _v324;
				signed short _v328;
				signed short* _v332;
				signed int _v336;
				char _v337;
				void* _v338;
				void* _v342;
				void* _v344;
				void* _v348;
				void* _v352;
				void* _v353;
				void* _v354;
				void* _v356;
				void* _v364;
				void* _v366;
				void* _v368;
				void* _v370;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t179;
				signed short* _t180;
				intOrPtr _t182;
				intOrPtr _t186;
				short* _t187;
				intOrPtr _t193;
				short* _t194;
				short* _t204;
				signed int _t226;
				char _t227;
				signed int _t228;
				intOrPtr* _t235;
				intOrPtr* _t248;
				void* _t249;
				intOrPtr* _t250;
				char* _t251;
				intOrPtr* _t257;
				short* _t258;
				signed short* _t261;
				signed int _t264;
				intOrPtr* _t266;
				void* _t267;
				signed short* _t268;
				intOrPtr _t269;
				intOrPtr* _t270;
				signed short* _t271;
				void* _t276;
				void* _t277;
				signed int _t278;
				void* _t280;
				signed int _t282;
				signed int _t284;

				_t284 = (_t282 & 0xfffffff8) - 0x154;
				_v8 =  *0x144d360 ^ _t284;
				_t250 = _a28;
				_t260 = _a32;
				_t179 = _a36;
				_t248 = _a20;
				_v296 = _t250;
				_v320 = 0;
				_v316 = 0;
				_v280 =  &_v140;
				_v300 = _t260;
				_v284 = 0x800000;
				_v288 = 0;
				_v328 = 0;
				_v304 = 0;
				_t266 = _a8;
				if(_t250 != 0) {
					 *_t250 = 0;
				}
				if(_t260 != 0) {
					 *_t260 = 0;
				}
				if(_t179 != 0) {
					 *_t179 = 0x208;
				}
				if(_t248 != 0) {
					 *_t248 = 0;
					 *((intOrPtr*)(_t248 + 4)) = 0;
				}
				_t180 =  &_v172;
				_v228 = 0x20;
				_v236 = _t180;
				_v232 = _t180;
				_v240 = _t180;
				_v172 = 0;
				_t182 = _a16;
				_v224 = 0x20;
				_v244 = 0x200000;
				if(_t182 == 0) {
					_t251 =  &_v192;
					_v200 = 2;
					_v208 = _t251;
					_v204 = _t251;
					_v212 = _t251;
					_v196 = 2;
					_v192 = 0;
					_v216 = 0x20000;
				} else {
					_t264 =  *(_t182 + 2) & 0x0000ffff;
					_t258 =  *((intOrPtr*)(_t182 + 4));
					if(_t264 < 2) {
						_t258 =  &_v192;
						_t264 = 2;
					}
					_v208 = _t258;
					_v200 = _t264;
					_v204 = _t258;
					_v196 = _t264;
					_v212 = _t258;
					if(_t258 != 0) {
						 *_t258 = 0;
					}
					_v214 = _t264;
					_t260 = _v300;
					_v216 = 0;
				}
				_t253 = _a24;
				_v188 = _t182;
				_v184 = _t248;
				_v180 = _t253;
				_v176 = 1;
				if((_a4 & 0xfffffffe) != 0) {
					_t276 = 0xc000000d;
					goto L82;
				} else {
					if(_t266 == 0) {
						_t276 = 0xc000000d;
						L82:
						if(_t276 >= 0) {
							L57:
							_t183 = _v316;
							if(_v316 != 0) {
								E0135AD30(_t183);
								_v324 = 0;
								_v320 = 0;
							}
							_t186 = _v236;
							if(_t186 != 0) {
								if(_t186 != _v232) {
									_v248 = _t186;
									L01372400( &_v252);
								}
								_v236 = _v232;
								_v228 = _v224;
							}
							_t187 = _v232;
							_v240 = _t187;
							if(_t187 != 0) {
								_t253 = 0;
								 *_t187 = 0;
							}
							_v244 = 0;
							_v242 = _v224;
							if(_t276 == 0xc0150001) {
								E013F5100(_t253, "Internal error check failed", "minkernel\\ntdll\\sxsisol.cpp", 0x1b2, "Status != STATUS_SXS_SECTION_NOT_FOUND");
								_t276 = 0xc00000e5;
								goto L82;
							} else {
								_pop(_t267);
								_pop(_t277);
								_pop(_t249);
								return E0139B640(_t276, _t249, _v8 ^ _t284, _t260, _t267, _t277);
							}
						}
						L51:
						if(_v176 != 0) {
							_t193 = _v208;
							if(_t193 != 0 && _t193 != _v204) {
								_v256 = _t193;
								L01372400( &_v260);
							}
							_t194 = _v204;
							if(_t194 != 0) {
								_t253 = 0;
								 *_t194 = 0;
							}
						}
						E0139FA60( &_v216, 0, 0x2c);
						_t284 = _t284 + 0xc;
						goto L57;
					}
					if(_t182 == 0) {
						if(_t248 != 0 || _t260 == 0) {
							L15:
							_t253 = 0;
							_t268 =  *(_t266 + 4);
							_v336 =  *_t266;
							_t204 = _a12;
							_v332 = _t268;
							_v338 = 0;
							if(_t204 == 0 ||  *_t204 == 0) {
								L23:
								_t276 = 0;
								goto L24;
							} else {
								_v337 = 0;
								_t280 = E01373690(1,  &_v336, 0x13311bc,  &_v292);
								if(_t280 < 0) {
									if(_t280 == 0xc0000225) {
										L19:
										_t276 = 0;
										L20:
										_t268 = _v332;
										if(_t276 < 0) {
											L97:
											_t253 = _v338;
											L24:
											if(_t276 < 0) {
												goto L51;
											}
											if(_t253 != 0) {
												_t268 = _v240;
												_v336 = _v244;
												_v332 = _t268;
											}
											_v312 = 0;
											_v338 = 0;
											if(_v316 != 0) {
												_t276 = 0xc000000d;
												goto L42;
											} else {
												_t226 = _v336;
												if(_t226 < 2) {
													L30:
													if(_t226 < 4 ||  *_t268 == 0 || _t268[1] != 0x3a || _t226 < 6) {
														L40:
														_t227 = _v338;
														goto L41;
													} else {
														_t228 = _t268[2] & 0x0000ffff;
														if(_t228 != 0x5c) {
															if(_t228 != 0x2f) {
																goto L40;
															}
														}
														_v324 = 2;
														L36:
														_t276 = E01373850( &_v336,  &_v284,  &_v320,  &_v312, 0, 0,  &_v324, 0);
														if(_t276 < 0) {
															L42:
															_t206 = _v316;
															if(_v316 != 0) {
																E0135AD30(_t206);
																_v324 = 0;
																_v320 = 0;
															}
															L43:
															if(_t276 < 0) {
																goto L51;
															}
															if((_a4 & 0x00000001) == 0 ||  *((intOrPtr*)( *[fs:0x30] + 0x10)) == 0 || ( *( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 8) & 0x00001000) == 0) {
																L47:
																_t269 = _a16;
																if((_v304 & 0x00000001) != 0) {
																	L77:
																	if(_t248 == 0) {
																		if(_t269 == 0 || _v212 ==  *((intOrPtr*)(_t269 + 4))) {
																			goto L78;
																		} else {
																			_t276 = 0xc0000023;
																			goto L82;
																		}
																	}
																	L78:
																	_t270 = _v300;
																	if(_t270 != 0) {
																		_t276 = E01373690(1,  &_v216, 0x1331810,  &_v328);
																		if(_t276 < 0) {
																			goto L51;
																		}
																		 *_t270 = ((_v328 & 0x0000ffff) >> 1) + 1;
																	}
																	_t253 =  &_v216;
																	_t276 = E01395969( &_v216);
																	if(_t276 < 0) {
																		goto L51;
																	}
																	_t253 = _v296;
																	if(_t253 != 0) {
																		 *_t253 = _v304;
																	}
																	_t276 = 0;
																	goto L82;
																}
																if(_t269 == 0) {
																	if(_t248 != 0) {
																		goto L49;
																	}
																	_t260 = 1;
																	L50:
																	_t253 =  &_v336;
																	_t276 = E01372990( &_v336, _t260,  &_v288, _v296,  &_v216);
																	if(_t276 >= 0) {
																		goto L77;
																	}
																	goto L51;
																}
																L49:
																_t260 = 0;
																goto L50;
															} else {
																_t260 =  &_v216;
																_t253 =  &_v336;
																_t276 = E013E40D2( &_v336,  &_v216,  &_v304);
																if(_t276 < 0) {
																	goto L51;
																}
																goto L47;
															}
														}
														_t235 = _v312;
														_t278 =  *_t235;
														_t271 =  *(_t235 + 4);
														_v312 = _t278;
														if(_v324 == 6) {
															_t261 = _v332;
															if( *((short*)(_t261 + 0xa)) != 0x3a ||  *((short*)(_t261 + 0xc)) != 0x5c) {
																goto L38;
															} else {
																_v332 = _t261 + 8;
																_t253 = _v336 + 0xfff8;
																 *((intOrPtr*)(_t284 + 0x16)) =  *((intOrPtr*)(_t284 + 0x16)) + 0xfff8;
																_t260 = _v312 + 0xfff8;
																_t271 =  &(_t271[4]);
																_v312 = _t260;
																 *((intOrPtr*)(_t284 + 0x2e)) =  *((intOrPtr*)(_t284 + 0x2e)) + 0xfff8;
																_t278 = _v312;
																_v336 = _t253;
																L39:
																if(_t253 > _t260) {
																	_t253 =  &_v320;
																	if(_t235 ==  &_v320) {
																		_t227 = 1;
																	} else {
																		_t227 = _v338;
																	}
																	_v336 = _t278;
																	_v332 = _t271;
																	L41:
																	_t276 = 0;
																	if(_t227 != 0) {
																		goto L43;
																	}
																	goto L42;
																}
																goto L40;
															}
														}
														L38:
														_t253 = _v336;
														_t260 = _v312;
														goto L39;
													}
												}
												_t253 =  *_t268 & 0x0000ffff;
												if(_t253 == 0x5c || _t253 == 0x2f) {
													if(_t226 < 4) {
														goto L40;
													}
													_t253 = _t268[1] & 0x0000ffff;
													if(_t253 == 0x5c || _t253 == 0x2f) {
														if(_t226 < 6) {
															L110:
															_v324 = 1;
															goto L36;
														}
														_t253 = _t268[2] & 0x0000ffff;
														if(_t253 == 0x2e || _t253 == 0x3f) {
															if(_t226 < 8) {
																L109:
																if(_t226 == 6) {
																	goto L40;
																}
																goto L110;
															}
															_t253 = _t268[3] & 0x0000ffff;
															if(_t253 == 0x5c || _t253 == 0x2f) {
																_v324 = 6;
																goto L36;
															} else {
																goto L109;
															}
														} else {
															goto L110;
														}
													} else {
														goto L40;
													}
												} else {
													goto L30;
												}
											}
										}
										if(_v337 == 0) {
											_t257 = _a12;
											 *(_t284 + 0x50) = _v336;
											 *(_t284 + 0x54) = _t268;
											 *((intOrPtr*)(_t284 + 0x58)) =  *_t257;
											 *((intOrPtr*)(_t284 + 0x5c)) =  *((intOrPtr*)(_t257 + 4));
											_v244 = 0;
											_t276 = E0138D5C0(_t257,  &_v244, 2, _t284 + 0x50);
											if(_t276 < 0) {
												goto L97;
											}
											_t253 = 1;
											goto L23;
										}
										_t253 = _v338;
										goto L23;
									}
									goto L20;
								}
								_v337 = 1;
								goto L19;
							}
						} else {
							L96:
							_t276 = 0xc000000d;
							goto L82;
						}
					}
					if(_t248 == 0 || _t253 != 0) {
						goto L15;
					} else {
						goto L96;
					}
				}
			}



























































































                            0x01372438
                            0x01372445
                            0x0137244c
                            0x0137244f
                            0x01372452
                            0x01372456
                            0x0137245c
                            0x01372460
                            0x01372464
                            0x0137246f
                            0x01372475
                            0x01372479
                            0x01372481
                            0x01372489
                            0x0137248e
                            0x01372493
                            0x01372498
                            0x013728f5
                            0x013728f5
                            0x013724a0
                            0x01372956
                            0x01372956
                            0x013724a8
                            0x0137295d
                            0x0137295d
                            0x013724b0
                            0x013724b4
                            0x013724b6
                            0x013724b6
                            0x013724b9
                            0x013724c0
                            0x013724cb
                            0x013724cf
                            0x013724d3
                            0x013724d9
                            0x013724e1
                            0x013724e4
                            0x013724ef
                            0x013724f9
                            0x0137280f
                            0x01372816
                            0x01372821
                            0x01372828
                            0x0137282f
                            0x01372838
                            0x01372843
                            0x0137284b
                            0x013724ff
                            0x013724ff
                            0x01372503
                            0x01372509
                            0x013bd20f
                            0x013bd216
                            0x013bd216
                            0x0137250f
                            0x01372516
                            0x0137251d
                            0x01372524
                            0x0137252b
                            0x01372534
                            0x01372538
                            0x01372538
                            0x0137253d
                            0x01372545
                            0x01372549
                            0x01372549
                            0x01372558
                            0x0137255b
                            0x01372562
                            0x01372569
                            0x01372570
                            0x01372578
                            0x013bd220
                            0x00000000
                            0x0137257e
                            0x01372580
                            0x013bd22a
                            0x01372930
                            0x01372932
                            0x01372791
                            0x01372791
                            0x01372797
                            0x013bd3b8
                            0x013bd3bf
                            0x013bd3c3
                            0x013bd3c3
                            0x0137279d
                            0x013727a3
                            0x013727a9
                            0x01372968
                            0x01372971
                            0x01372971
                            0x013727b3
                            0x013727be
                            0x013727be
                            0x013727c5
                            0x013727c9
                            0x013727cf
                            0x013727d1
                            0x013727d3
                            0x013727d3
                            0x013727d8
                            0x013727e5
                            0x013727f0
                            0x013bd3e0
                            0x013bd3e5
                            0x00000000
                            0x013727f6
                            0x013727ff
                            0x01372800
                            0x01372801
                            0x0137280c
                            0x0137280c
                            0x013727f0
                            0x0137274b
                            0x01372753
                            0x01372755
                            0x0137275e
                            0x013bd3a4
                            0x013bd3ad
                            0x013bd3ad
                            0x0137276d
                            0x01372776
                            0x01372778
                            0x0137277a
                            0x0137277a
                            0x01372776
                            0x01372789
                            0x0137278e
                            0x00000000
                            0x0137278e
                            0x01372588
                            0x0137285d
                            0x0137259a
                            0x0137259c
                            0x0137259e
                            0x013725a1
                            0x013725a5
                            0x013725a8
                            0x013725ac
                            0x013725b2
                            0x01372600
                            0x01372600
                            0x00000000
                            0x013725ba
                            0x013725be
                            0x013725d4
                            0x013725d8
                            0x0137287b
                            0x013725e3
                            0x013725e3
                            0x013725e5
                            0x013725e5
                            0x013725eb
                            0x013bd246
                            0x013bd246
                            0x01372602
                            0x01372604
                            0x00000000
                            0x00000000
                            0x0137260c
                            0x013728cf
                            0x013728d3
                            0x013728d7
                            0x013728d7
                            0x01372617
                            0x0137261f
                            0x01372624
                            0x013bd24f
                            0x00000000
                            0x0137262a
                            0x0137262a
                            0x01372633
                            0x0137264a
                            0x0137264e
                            0x013726cd
                            0x013726cd
                            0x00000000
                            0x01372663
                            0x01372663
                            0x0137266a
                            0x013bd2c4
                            0x00000000
                            0x00000000
                            0x013bd2ca
                            0x01372670
                            0x01372678
                            0x0137269c
                            0x013726a0
                            0x013726d7
                            0x013726d7
                            0x013726dd
                            0x013728e1
                            0x013728e8
                            0x013728ec
                            0x013728ec
                            0x013726e3
                            0x013726e5
                            0x00000000
                            0x00000000
                            0x013726eb
                            0x0137270f
                            0x01372714
                            0x01372717
                            0x013728fc
                            0x013728fe
                            0x013bd352
                            0x00000000
                            0x013bd368
                            0x013bd368
                            0x00000000
                            0x013bd368
                            0x013bd352
                            0x01372904
                            0x01372904
                            0x0137290a
                            0x013bd38b
                            0x013bd38f
                            0x00000000
                            0x00000000
                            0x013bd39d
                            0x013bd39d
                            0x01372910
                            0x0137291c
                            0x01372920
                            0x00000000
                            0x00000000
                            0x01372926
                            0x0137292c
                            0x01372983
                            0x01372983
                            0x0137292e
                            0x00000000
                            0x0137292e
                            0x0137271f
                            0x0137286a
                            0x00000000
                            0x00000000
                            0x013bd349
                            0x01372727
                            0x01372738
                            0x01372741
                            0x01372745
                            0x00000000
                            0x00000000
                            0x00000000
                            0x01372745
                            0x01372725
                            0x01372725
                            0x00000000
                            0x013bd325
                            0x013bd32a
                            0x013bd331
                            0x013bd33a
                            0x013bd33e
                            0x00000000
                            0x00000000
                            0x00000000
                            0x013bd344
                            0x013726eb
                            0x013726a7
                            0x013726ab
                            0x013726ad
                            0x013726b0
                            0x013726b4
                            0x013bd2cf
                            0x013bd2d8
                            0x00000000
                            0x013bd2e9
                            0x013bd2f6
                            0x013bd2ff
                            0x013bd302
                            0x013bd307
                            0x013bd30a
                            0x013bd30d
                            0x013bd312
                            0x013bd317
                            0x013bd31b
                            0x013726c4
                            0x013726c7
                            0x0137293d
                            0x01372943
                            0x0137297b
                            0x01372945
                            0x01372945
                            0x01372945
                            0x01372949
                            0x0137294d
                            0x013726d1
                            0x013726d1
                            0x013726d5
                            0x00000000
                            0x00000000
                            0x00000000
                            0x013726d5
                            0x00000000
                            0x013726c7
                            0x013bd2d8
                            0x013726ba
                            0x013726ba
                            0x013726bf
                            0x00000000
                            0x013726bf
                            0x0137264e
                            0x01372635
                            0x0137263b
                            0x013bd25d
                            0x00000000
                            0x00000000
                            0x013bd263
                            0x013bd26a
                            0x013bd279
                            0x013bd2b4
                            0x013bd2b4
                            0x00000000
                            0x013bd2b4
                            0x013bd27b
                            0x013bd282
                            0x013bd28d
                            0x013bd2aa
                            0x013bd2ae
                            0x00000000
                            0x00000000
                            0x00000000
                            0x013bd2ae
                            0x013bd28f
                            0x013bd296
                            0x013bd29d
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x0137263b
                            0x01372624
                            0x013725f6
                            0x01372886
                            0x0137288d
                            0x01372891
                            0x01372897
                            0x0137289e
                            0x013728a4
                            0x013728ba
                            0x013728be
                            0x00000000
                            0x00000000
                            0x013728c4
                            0x00000000
                            0x013728c4
                            0x013725fc
                            0x00000000
                            0x013725fc
                            0x00000000
                            0x01372881
                            0x013725de
                            0x00000000
                            0x013725de
                            0x013bd23c
                            0x013bd23c
                            0x013bd23c
                            0x00000000
                            0x013bd23c
                            0x0137285d
                            0x01372590
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x01372590

                            Strings
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID: $ $Internal error check failed$Status != STATUS_SXS_SECTION_NOT_FOUND$minkernel\ntdll\sxsisol.cpp
                            • API String ID: 0-3393094623
                            • Opcode ID: 545ebe857415d8a29f2bcce423e3a0267a92a0ab625feca508dedc216083395c
                            • Instruction ID: 3592f4d6f8ad11de0c1f439feddfa2360fdd5afe61100eba15e3bc57d87dd72d
                            • Opcode Fuzzy Hash: 545ebe857415d8a29f2bcce423e3a0267a92a0ab625feca508dedc216083395c
                            • Instruction Fuzzy Hash: 14029E715083858BD731DF68C180BABFBE4BF89718F04491EEA999B651E378D844CB92
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0142E824 Relevance: 6.5, APIs: 4, Instructions: 493timeCOMMONCrypto
                            Download Yara Rule
                            C-Code - Quality: 50%
                            			E0142E824(signed int __ecx, signed int* __edx) {
				signed int _v8;
				signed char _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				unsigned int _v44;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t177;
				signed int _t179;
				unsigned int _t202;
				signed char _t207;
				signed char _t210;
				signed int _t230;
				void* _t244;
				unsigned int _t247;
				signed int _t288;
				signed int _t289;
				signed int _t291;
				signed char _t293;
				signed char _t295;
				signed char _t298;
				intOrPtr* _t303;
				signed int _t310;
				signed char _t316;
				signed int _t319;
				signed char _t323;
				signed char _t330;
				signed int _t334;
				signed int _t337;
				signed int _t341;
				signed char _t345;
				signed char _t347;
				signed int _t353;
				signed char _t354;
				void* _t383;
				signed char _t385;
				signed char _t386;
				unsigned int _t392;
				signed int _t393;
				signed int _t395;
				signed int _t398;
				signed int _t399;
				signed int _t401;
				unsigned int _t403;
				void* _t404;
				unsigned int _t405;
				signed int _t406;
				signed char _t412;
				unsigned int _t413;
				unsigned int _t418;
				void* _t419;
				void* _t420;
				void* _t421;
				void* _t422;
				void* _t423;
				signed char* _t425;
				signed int _t426;
				signed int _t428;
				unsigned int _t430;
				signed int _t431;
				signed int _t433;

				_v8 =  *0x144d360 ^ _t433;
				_v40 = __ecx;
				_v16 = __edx;
				_t289 = 0x4cb2f;
				_t425 = __edx[1];
				_t403 =  *__edx << 2;
				if(_t403 < 8) {
					L3:
					_t404 = _t403 - 1;
					if(_t404 == 0) {
						L16:
						_t289 = _t289 * 0x25 + ( *_t425 & 0x000000ff);
						L17:
						_t426 = _v40;
						_v20 = _t426 + 0x1c;
						_t177 = L0137FAD0(_t426 + 0x1c);
						_t385 = 0;
						while(1) {
							L18:
							_t405 =  *(_t426 + 4);
							_t179 = (_t177 | 0xffffffff) << (_t405 & 0x0000001f);
							_t316 = _t289 & _t179;
							_v24 = _t179;
							_v32 = _t316;
							_v12 = _t316 >> 0x18;
							_v36 = _t316 >> 0x10;
							_v28 = _t316 >> 8;
							if(_t385 != 0) {
								goto L21;
							}
							_t418 = _t405 >> 5;
							if(_t418 == 0) {
								_t406 = 0;
								L31:
								if(_t406 == 0) {
									L35:
									E0137FA00(_t289, _t316, _t406, _t426 + 0x1c);
									 *0x144b1e0(0xc +  *_v16 * 4,  *((intOrPtr*)(_t426 + 0x28)));
									_t319 =  *((intOrPtr*)( *((intOrPtr*)(_t426 + 0x20))))();
									_v36 = _t319;
									if(_t319 != 0) {
										asm("stosd");
										asm("stosd");
										asm("stosd");
										_t408 = _v16;
										 *(_t319 + 8) =  *(_t319 + 8) & 0xff000001 | 0x00000001;
										 *((char*)(_t319 + 0xb)) =  *_v16;
										 *(_t319 + 4) = _t289;
										_t53 = _t319 + 0xc; // 0xc
										E01372280(E0139F3E0(_t53,  *((intOrPtr*)(_v16 + 4)),  *_v16 << 2), _v20);
										_t428 = _v40;
										_t386 = 0;
										while(1) {
											L38:
											_t202 =  *(_t428 + 4);
											_v16 = _v16 | 0xffffffff;
											_v16 = _v16 << (_t202 & 0x0000001f);
											_t323 = _v16 & _t289;
											_v20 = _t323;
											_v20 = _v20 >> 0x18;
											_v28 = _t323;
											_v28 = _v28 >> 0x10;
											_v12 = _t323;
											_v12 = _v12 >> 8;
											_v32 = _t323;
											if(_t386 != 0) {
												goto L41;
											}
											_t247 = _t202 >> 5;
											_v24 = _t247;
											if(_t247 == 0) {
												_t412 = 0;
												L50:
												if(_t412 == 0) {
													L53:
													_t291 =  *(_t428 + 4);
													_v28 =  *((intOrPtr*)(_t428 + 0x28));
													_v44 =  *(_t428 + 0x24);
													_v32 =  *((intOrPtr*)(_t428 + 0x20));
													_t207 = _t291 >> 5;
													if( *_t428 < _t207 + _t207) {
														L74:
														_t430 = _t291 >> 5;
														_t293 = _v36;
														_t210 = (_t207 | 0xffffffff) << (_t291 & 0x0000001f) &  *(_t293 + 4);
														_v44 = _t210;
														_t159 = _t430 - 1; // 0xffffffdf
														_t428 = _v40;
														_t330 =  *(_t428 + 8);
														_t386 = _t159 & (_v44 >> 0x00000018) + ((_v44 >> 0x00000010 & 0x000000ff) + ((_t210 >> 0x00000008 & 0x000000ff) + ((_t210 & 0x000000ff) + 0x00b15dcb) * 0x00000025) * 0x00000025) * 0x00000025;
														_t412 = _t293;
														 *_t293 =  *(_t330 + _t386 * 4);
														 *(_t330 + _t386 * 4) = _t293;
														 *_t428 =  *_t428 + 1;
														_t289 = 0;
														L75:
														E0136FFB0(_t289, _t412, _t428 + 0x1c);
														if(_t289 != 0) {
															_t428 =  *(_t428 + 0x24);
															 *0x144b1e0(_t289,  *((intOrPtr*)(_t428 + 0x28)));
															 *_t428();
														}
														L77:
														return E0139B640(_t412, _t289, _v8 ^ _t433, _t386, _t412, _t428);
													}
													_t334 = 2;
													_t207 = E0138F3D5( &_v24, _t207 * _t334, _t207 * _t334 >> 0x20);
													if(_t207 < 0) {
														goto L74;
													}
													_t413 = _v24;
													if(_t413 < 4) {
														_t413 = 4;
													}
													 *0x144b1e0(_t413 << 2, _v28);
													_t207 =  *_v32();
													_t386 = _t207;
													_v16 = _t386;
													if(_t386 == 0) {
														_t291 =  *(_t428 + 4);
														if(_t291 >= 0x20) {
															goto L74;
														}
														_t289 = _v36;
														_t412 = 0;
														goto L75;
													} else {
														_t108 = _t413 - 1; // 0x3
														_t337 = _t108;
														if((_t413 & _t337) == 0) {
															L62:
															if(_t413 > 0x4000000) {
																_t413 = 0x4000000;
															}
															_t295 = _t386;
															_v24 = _v24 & 0x00000000;
															_t392 = _t413 << 2;
															_t230 = _t428 | 0x00000001;
															_t393 = _t392 >> 2;
															asm("sbb ecx, ecx");
															_t341 =  !(_v16 + _t392) & _t393;
															if(_t341 <= 0) {
																L67:
																_t395 = (_t393 | 0xffffffff) << ( *(_t428 + 4) & 0x0000001f);
																_v32 = _t395;
																_v20 = 0;
																if(( *(_t428 + 4) & 0xffffffe0) <= 0) {
																	L72:
																	_t345 =  *(_t428 + 8);
																	_t207 = _v16;
																	_t291 =  *(_t428 + 4) & 0x0000001f | _t413 << 0x00000005;
																	 *(_t428 + 8) = _t207;
																	 *(_t428 + 4) = _t291;
																	if(_t345 != 0) {
																		 *0x144b1e0(_t345, _v28);
																		_t207 =  *_v44();
																		_t291 =  *(_t428 + 4);
																	}
																	goto L74;
																} else {
																	goto L68;
																}
																do {
																	L68:
																	_t298 =  *(_t428 + 8);
																	_t431 = _v20;
																	_v12 = _t298;
																	while(1) {
																		_t347 =  *(_t298 + _t431 * 4);
																		_v24 = _t347;
																		if((_t347 & 0x00000001) != 0) {
																			goto L71;
																		}
																		 *(_t298 + _t431 * 4) =  *_t347;
																		_t300 =  *(_t347 + 4) & _t395;
																		_t398 = _v16;
																		_t353 = _t413 - 0x00000001 & (( *(_t347 + 4) & _t395) >> 0x00000018) + ((( *(_t347 + 4) & _t395) >> 0x00000010 & 0x000000ff) + ((( *(_t347 + 4) & _t395) >> 0x00000008 & 0x000000ff) + ((_t300 & 0x000000ff) + 0x00b15dcb) * 0x00000025) * 0x00000025) * 0x00000025;
																		_t303 = _v24;
																		 *_t303 =  *((intOrPtr*)(_t398 + _t353 * 4));
																		 *((intOrPtr*)(_t398 + _t353 * 4)) = _t303;
																		_t395 = _v32;
																		_t298 = _v12;
																	}
																	L71:
																	_v20 = _t431 + 1;
																	_t428 = _v40;
																} while (_v20 <  *(_t428 + 4) >> 5);
																goto L72;
															} else {
																_t399 = _v24;
																do {
																	_t399 = _t399 + 1;
																	 *_t295 = _t230;
																	_t295 = _t295 + 4;
																} while (_t399 < _t341);
																goto L67;
															}
														}
														_t354 = _t337 | 0xffffffff;
														if(_t413 == 0) {
															L61:
															_t413 = 1 << _t354;
															goto L62;
														} else {
															goto L60;
														}
														do {
															L60:
															_t354 = _t354 + 1;
															_t413 = _t413 >> 1;
														} while (_t413 != 0);
														goto L61;
													}
												}
												_t89 = _t412 + 8; // 0x8
												_t244 = E0142E7A8(_t89);
												_t289 = _v36;
												if(_t244 == 0) {
													_t412 = 0;
												}
												goto L75;
											}
											_t386 =  *(_t428 + 8) + (_v24 - 0x00000001 & (_v20 & 0x000000ff) + 0x164b2f3f + (((_t323 & 0x000000ff) * 0x00000025 + (_v12 & 0x000000ff)) * 0x00000025 + (_v28 & 0x000000ff)) * 0x00000025) * 4;
											_t323 = _v32;
											while(1) {
												L41:
												_t386 =  *_t386;
												_v12 = _t386;
												if((_t386 & 0x00000001) != 0) {
													break;
												}
												if(_t323 == ( *(_t386 + 4) & _v16)) {
													L45:
													if(_t386 == 0) {
														goto L53;
													}
													if(E0142E7EB(_t386, _t408) != 0) {
														_t412 = _v12;
														goto L50;
													}
													_t386 = _v12;
													goto L38;
												}
											}
											_t386 = 0;
											_v12 = 0;
											goto L45;
										}
									}
									_t412 = 0;
									goto L77;
								}
								_t38 = _t406 + 8; // 0x8
								_t364 = _t38;
								if(E0142E7A8(_t38) == 0) {
									_t406 = 0;
								}
								E0137FA00(_t289, _t364, _t406, _v20);
								goto L77;
							}
							_t24 = _t418 - 1; // -1
							_t385 =  *((intOrPtr*)(_t426 + 8)) + (_t24 & (_v12 & 0x000000ff) + 0x164b2f3f + (((_t316 & 0x000000ff) * 0x00000025 + (_v28 & 0x000000ff)) * 0x00000025 + (_v36 & 0x000000ff)) * 0x00000025) * 4;
							_t316 = _v32;
							L21:
							_t406 = _v24;
							while(1) {
								_t385 =  *_t385;
								_v12 = _t385;
								if((_t385 & 0x00000001) != 0) {
									break;
								}
								if(_t316 == ( *(_t385 + 4) & _t406)) {
									L26:
									if(_t385 == 0) {
										goto L35;
									}
									_t177 = E0142E7EB(_t385, _v16);
									if(_t177 != 0) {
										_t406 = _v12;
										goto L31;
									}
									_t385 = _v12;
									goto L18;
								}
							}
							_t385 = 0;
							_v12 = 0;
							goto L26;
						}
					}
					_t419 = _t404 - 1;
					if(_t419 == 0) {
						L15:
						_t289 = _t289 * 0x25 + ( *_t425 & 0x000000ff);
						_t425 =  &(_t425[1]);
						goto L16;
					}
					_t420 = _t419 - 1;
					if(_t420 == 0) {
						L14:
						_t289 = _t289 * 0x25 + ( *_t425 & 0x000000ff);
						_t425 =  &(_t425[1]);
						goto L15;
					}
					_t421 = _t420 - 1;
					if(_t421 == 0) {
						L13:
						_t289 = _t289 * 0x25 + ( *_t425 & 0x000000ff);
						_t425 =  &(_t425[1]);
						goto L14;
					}
					_t422 = _t421 - 1;
					if(_t422 == 0) {
						L12:
						_t289 = _t289 * 0x25 + ( *_t425 & 0x000000ff);
						_t425 =  &(_t425[1]);
						goto L13;
					}
					_t423 = _t422 - 1;
					if(_t423 == 0) {
						L11:
						_t289 = _t289 * 0x25 + ( *_t425 & 0x000000ff);
						_t425 =  &(_t425[1]);
						goto L12;
					}
					if(_t423 != 1) {
						goto L17;
					} else {
						_t289 = _t289 * 0x25 + ( *_t425 & 0x000000ff);
						_t425 =  &(_t425[1]);
						goto L11;
					}
				} else {
					_t401 = _t403 >> 3;
					_t403 = _t403 + _t401 * 0xfffffff8;
					do {
						_t383 = ((((((_t425[1] & 0x000000ff) * 0x25 + (_t425[2] & 0x000000ff)) * 0x25 + (_t425[3] & 0x000000ff)) * 0x25 + (_t425[4] & 0x000000ff)) * 0x25 + (_t425[5] & 0x000000ff)) * 0x25 + (_t425[6] & 0x000000ff)) * 0x25 - _t289 * 0x2fe8ed1f;
						_t310 = ( *_t425 & 0x000000ff) * 0x1a617d0d;
						_t288 = _t425[7] & 0x000000ff;
						_t425 =  &(_t425[8]);
						_t289 = _t310 + _t383 + _t288;
						_t401 = _t401 - 1;
					} while (_t401 != 0);
					goto L3;
				}
			}






































































                            0x0142e833
                            0x0142e839
                            0x0142e83e
                            0x0142e841
                            0x0142e848
                            0x0142e84b
                            0x0142e851
                            0x0142e8b2
                            0x0142e8b2
                            0x0142e8b5
                            0x0142e90b
                            0x0142e911
                            0x0142e913
                            0x0142e913
                            0x0142e91a
                            0x0142e91d
                            0x0142e922
                            0x0142e924
                            0x0142e924
                            0x0142e924
                            0x0142e92f
                            0x0142e933
                            0x0142e935
                            0x0142e93a
                            0x0142e940
                            0x0142e948
                            0x0142e950
                            0x0142e955
                            0x00000000
                            0x00000000
                            0x0142e957
                            0x0142e95c
                            0x0142e9cb
                            0x0142e9d2
                            0x0142e9d4
                            0x0142e9f2
                            0x0142e9f6
                            0x0142ea10
                            0x0142ea18
                            0x0142ea1a
                            0x0142ea1f
                            0x0142ea2c
                            0x0142ea2d
                            0x0142ea2e
                            0x0142ea32
                            0x0142ea3d
                            0x0142ea42
                            0x0142ea45
                            0x0142ea51
                            0x0142ea60
                            0x0142ea65
                            0x0142ea68
                            0x0142ea6a
                            0x0142ea6a
                            0x0142ea6a
                            0x0142ea6f
                            0x0142ea76
                            0x0142ea7c
                            0x0142ea7e
                            0x0142ea81
                            0x0142ea85
                            0x0142ea88
                            0x0142ea8c
                            0x0142ea8f
                            0x0142ea93
                            0x0142ea98
                            0x00000000
                            0x00000000
                            0x0142ea9a
                            0x0142ea9d
                            0x0142eaa2
                            0x0142eb0e
                            0x0142eb15
                            0x0142eb17
                            0x0142eb33
                            0x0142eb36
                            0x0142eb39
                            0x0142eb3f
                            0x0142eb45
                            0x0142eb4a
                            0x0142eb52
                            0x0142ecb1
                            0x0142ecb9
                            0x0142ecbe
                            0x0142ecc3
                            0x0142ecc6
                            0x0142eceb
                            0x0142ecee
                            0x0142ecf9
                            0x0142ecfe
                            0x0142ed00
                            0x0142ed05
                            0x0142ed07
                            0x0142ed0a
                            0x0142ed0c
                            0x0142ed0e
                            0x0142ed12
                            0x0142ed19
                            0x0142ed1e
                            0x0142ed24
                            0x0142ed2a
                            0x0142ed2a
                            0x0142ed2c
                            0x0142ed3e
                            0x0142ed3e
                            0x0142eb5a
                            0x0142eb62
                            0x0142eb69
                            0x00000000
                            0x00000000
                            0x0142eb6f
                            0x0142eb75
                            0x0142eb79
                            0x0142eb79
                            0x0142eb88
                            0x0142eb8e
                            0x0142eb90
                            0x0142eb92
                            0x0142eb97
                            0x0142ed3f
                            0x0142ed45
                            0x00000000
                            0x00000000
                            0x0142ed4b
                            0x0142ed4e
                            0x00000000
                            0x0142eb9d
                            0x0142eb9d
                            0x0142eb9d
                            0x0142eba2
                            0x0142ebb5
                            0x0142ebbc
                            0x0142ebbe
                            0x0142ebbe
                            0x0142ebc3
                            0x0142ebc5
                            0x0142ebcb
                            0x0142ebd2
                            0x0142ebd5
                            0x0142ebdb
                            0x0142ebdf
                            0x0142ebe1
                            0x0142ebf0
                            0x0142ebf9
                            0x0142ec04
                            0x0142ec07
                            0x0142ec0a
                            0x0142ec82
                            0x0142ec85
                            0x0142ec8b
                            0x0142ec91
                            0x0142ec93
                            0x0142ec96
                            0x0142ec9b
                            0x0142eca6
                            0x0142ecac
                            0x0142ecae
                            0x0142ecae
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x0142ec0c
                            0x0142ec0c
                            0x0142ec0c
                            0x0142ec0f
                            0x0142ec12
                            0x0142ec15
                            0x0142ec15
                            0x0142ec18
                            0x0142ec1e
                            0x00000000
                            0x00000000
                            0x0142ec22
                            0x0142ec28
                            0x0142ec4b
                            0x0142ec5b
                            0x0142ec5d
                            0x0142ec63
                            0x0142ec65
                            0x0142ec68
                            0x0142ec6b
                            0x0142ec6b
                            0x0142ec70
                            0x0142ec71
                            0x0142ec74
                            0x0142ec7d
                            0x00000000
                            0x0142ebe3
                            0x0142ebe3
                            0x0142ebe6
                            0x0142ebe6
                            0x0142ebe7
                            0x0142ebe9
                            0x0142ebec
                            0x00000000
                            0x0142ebe6
                            0x0142ebe1
                            0x0142eba4
                            0x0142eba9
                            0x0142ebb0
                            0x0142ebb3
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x0142ebab
                            0x0142ebab
                            0x0142ebab
                            0x0142ebac
                            0x0142ebac
                            0x00000000
                            0x0142ebab
                            0x0142eb97
                            0x0142eb19
                            0x0142eb1c
                            0x0142eb21
                            0x0142eb26
                            0x0142eb2c
                            0x0142eb2c
                            0x00000000
                            0x0142eb26
                            0x0142ead6
                            0x0142ead9
                            0x0142eadc
                            0x0142eadc
                            0x0142eadc
                            0x0142eade
                            0x0142eae4
                            0x00000000
                            0x00000000
                            0x0142eaee
                            0x0142eaf7
                            0x0142eaf9
                            0x00000000
                            0x00000000
                            0x0142eb04
                            0x0142eb12
                            0x00000000
                            0x0142eb12
                            0x0142eb06
                            0x00000000
                            0x0142eb06
                            0x0142eaf0
                            0x0142eaf2
                            0x0142eaf4
                            0x00000000
                            0x0142eaf4
                            0x0142ea6a
                            0x0142ea21
                            0x00000000
                            0x0142ea21
                            0x0142e9d6
                            0x0142e9d6
                            0x0142e9e0
                            0x0142e9e2
                            0x0142e9e2
                            0x0142e9e8
                            0x00000000
                            0x0142e9e8
                            0x0142e987
                            0x0142e98f
                            0x0142e992
                            0x0142e995
                            0x0142e995
                            0x0142e998
                            0x0142e998
                            0x0142e99a
                            0x0142e9a0
                            0x00000000
                            0x00000000
                            0x0142e9a9
                            0x0142e9b2
                            0x0142e9b4
                            0x00000000
                            0x00000000
                            0x0142e9ba
                            0x0142e9c1
                            0x0142e9cf
                            0x00000000
                            0x0142e9cf
                            0x0142e9c3
                            0x00000000
                            0x0142e9c3
                            0x0142e9ab
                            0x0142e9ad
                            0x0142e9af
                            0x00000000
                            0x0142e9af
                            0x0142e924
                            0x0142e8b7
                            0x0142e8ba
                            0x0142e902
                            0x0142e908
                            0x0142e90a
                            0x00000000
                            0x0142e90a
                            0x0142e8bc
                            0x0142e8bf
                            0x0142e8f9
                            0x0142e8ff
                            0x0142e901
                            0x00000000
                            0x0142e901
                            0x0142e8c1
                            0x0142e8c4
                            0x0142e8f0
                            0x0142e8f6
                            0x0142e8f8
                            0x00000000
                            0x0142e8f8
                            0x0142e8c6
                            0x0142e8c9
                            0x0142e8e7
                            0x0142e8ed
                            0x0142e8ef
                            0x00000000
                            0x0142e8ef
                            0x0142e8cb
                            0x0142e8ce
                            0x0142e8de
                            0x0142e8e4
                            0x0142e8e6
                            0x00000000
                            0x0142e8e6
                            0x0142e8d3
                            0x00000000
                            0x0142e8d5
                            0x0142e8db
                            0x0142e8dd
                            0x00000000
                            0x0142e8dd
                            0x0142e853
                            0x0142e855
                            0x0142e85b
                            0x0142e85d
                            0x0142e897
                            0x0142e89c
                            0x0142e8a2
                            0x0142e8a6
                            0x0142e8ab
                            0x0142e8ad
                            0x0142e8ad
                            0x00000000
                            0x0142e85d

                            APIs
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID: DebugPrintTimes
                            • String ID:
                            • API String ID: 3446177414-0
                            • Opcode ID: fcaf53e0e75d1e7b13707aabbd9b3f151c15f5ddd2ff0fa0636d6215fd371562
                            • Instruction ID: 29aa39387a2a7db98f9fdf5dad8492b342436d9c829ac0049a9c86e990eb5e3e
                            • Opcode Fuzzy Hash: fcaf53e0e75d1e7b13707aabbd9b3f151c15f5ddd2ff0fa0636d6215fd371562
                            • Instruction Fuzzy Hash: C602C372F006268BDB18CFADC89167EFBF5EF88200B59816ED456EB391D634E941CB50
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 013E64B5 Relevance: 6.4, Strings: 5, Instructions: 116COMMON
                            Download Yara Rule
                            C-Code - Quality: 96%
                            			E013E64B5(intOrPtr __ecx, signed int __edx, intOrPtr _a4, signed int _a8) {
				signed int _v8;
				char _v140;
				char _v660;
				char* _v664;
				char* _v668;
				char* _v672;
				char* _v676;
				char* _v680;
				signed short _v684;
				intOrPtr _v688;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t39;
				void* _t42;
				void* _t58;
				signed char* _t59;
				signed int* _t66;
				signed char* _t75;
				void* _t77;
				void* _t80;
				signed int _t81;
				void* _t82;

				_t74 = __edx;
				_v8 =  *0x144d360 ^ _t81;
				_t39 = __ecx;
				_v676 = L"Type:";
				_t78 = 0;
				_v688 = __ecx;
				_t66 = __edx;
				_v672 = L" Name:";
				_t68 = 0x208;
				_v668 = L" Language:";
				_t75 = 0x7ffe0384;
				_v664 = L" Item:";
				if((_a8 & 0x0000000e) == 0) {
					L10:
					if((_a8 & 0x00000001) != 0) {
						_t74 =  &_v660;
						_t71 = _t39;
						_t42 = E013E6365(_t39,  &_v660, _t68, _t78, _t78, _t78, _t78);
						_t78 = _t42;
						if(_t42 >= 0) {
							E0139BB40(_t71,  &_v684,  &_v660);
							if(E01377D50() != 0) {
								_t75 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							}
							_t74 =  *_t75 & 0x000000ff;
							E013E6715( &_v684,  *_t75 & 0x000000ff);
						}
					}
					return E0139B640(_t78, _t66, _v8 ^ _t81, _t74, _t75, _t78);
				}
				_v684 = 0x2080000;
				_v680 =  &_v660;
				_t77 = 0;
				E0136A990(0x208,  &_v684, L"SR - ");
				_t80 =  &_v676 - _t66;
				do {
					E0136A990(_t68,  &_v684,  *((intOrPtr*)(_t80 + _t66)));
					_t54 =  *_t66;
					if(( *_t66 & 0xffff0000) == 0 || _t77 == 3) {
						_t68 =  &_v140;
						E013A5F00(_t54,  &_v140, 0x40, 0xa);
						_t82 = _t82 + 0x10;
						_t54 =  &_v140;
					}
					E0136A990(_t68,  &_v684, _t54);
					_t77 = _t77 + 1;
					_t66 =  &(_t66[1]);
				} while (_t77 < _a4);
				_t58 = E01377D50();
				_t75 = 0x7ffe0384;
				if(_t58 == 0) {
					_t59 = 0x7ffe0384;
				} else {
					_t59 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				}
				_t74 =  *_t59 & 0x000000ff;
				E013E6715( &_v684,  *_t59 & 0x000000ff);
				_t78 = 0;
				E0139FA60( &_v660, 0, _v684 & 0x0000ffff);
				_t39 = _v688;
				_t68 = 0x208;
				goto L10;
			}


























                            0x013e64b5
                            0x013e64c7
                            0x013e64cc
                            0x013e64ce
                            0x013e64d8
                            0x013e64da
                            0x013e64e4
                            0x013e64e7
                            0x013e64f1
                            0x013e64f6
                            0x013e6500
                            0x013e6505
                            0x013e650f
                            0x013e65e6
                            0x013e65ea
                            0x013e65f1
                            0x013e65f7
                            0x013e65f9
                            0x013e65fe
                            0x013e6602
                            0x013e6612
                            0x013e661e
                            0x013e6629
                            0x013e6629
                            0x013e662f
                            0x013e6638
                            0x013e6638
                            0x013e6602
                            0x013e664f
                            0x013e664f
                            0x013e651b
                            0x013e6525
                            0x013e652b
                            0x013e6539
                            0x013e6544
                            0x013e6546
                            0x013e6550
                            0x013e6555
                            0x013e655c
                            0x013e6567
                            0x013e656f
                            0x013e6574
                            0x013e6577
                            0x013e6577
                            0x013e6585
                            0x013e658a
                            0x013e658b
                            0x013e658e
                            0x013e6593
                            0x013e6598
                            0x013e659f
                            0x013e65b1
                            0x013e65a1
                            0x013e65aa
                            0x013e65aa
                            0x013e65b3
                            0x013e65bc
                            0x013e65c8
                            0x013e65d3
                            0x013e65d8
                            0x013e65e1
                            0x00000000

                            Strings
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID: Item:$ Language:$ Name:$SR - $Type:
                            • API String ID: 0-3082644519
                            • Opcode ID: d70bb09f248a82a62c4d1f82a5b8678be2e94fd7ecb160d12ae98f08b231585c
                            • Instruction ID: 92305f60c9a59c1d42af08f79a694497c255bb7ec473aac4e112e69392274cb7
                            • Opcode Fuzzy Hash: d70bb09f248a82a62c4d1f82a5b8678be2e94fd7ecb160d12ae98f08b231585c
                            • Instruction Fuzzy Hash: 6741A4B1A0022DABDB20DB69CC4DB9ABBFCEF51318F0401D5A549A7284DE349E84CF91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 013540E1 Relevance: 6.3, Strings: 5, Instructions: 51COMMON
                            Download Yara Rule
                            C-Code - Quality: 29%
                            			E013540E1(void* __edx) {
				void* _t19;
				void* _t29;

				_t28 = _t19;
				_t29 = __edx;
				if( *((intOrPtr*)(_t19 + 0x60)) != 0xeeffeeff) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push("HEAP: ");
						E0135B150();
					} else {
						E0135B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E0135B150("Invalid heap signature for heap at %p", _t28);
					if(_t29 != 0) {
						E0135B150(", passed to %s", _t29);
					}
					_push("\n");
					E0135B150();
					if( *((char*)( *[fs:0x30] + 2)) != 0) {
						 *0x1446378 = 1;
						asm("int3");
						 *0x1446378 = 0;
					}
					return 0;
				}
				return 1;
			}





                            0x013540e6
                            0x013540e8
                            0x013540f1
                            0x013b042d
                            0x013b044c
                            0x013b0451
                            0x013b042f
                            0x013b0444
                            0x013b0449
                            0x013b045d
                            0x013b0466
                            0x013b046e
                            0x013b0474
                            0x013b0475
                            0x013b047a
                            0x013b048a
                            0x013b048c
                            0x013b0493
                            0x013b0494
                            0x013b0494
                            0x00000000
                            0x013b049b
                            0x00000000

                            Strings
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlAllocateHeap
                            • API String ID: 0-188067316
                            • Opcode ID: eb27ea96f871e436120c833e4a475d07cfb3cf10a8a8b3fc992d3917a4c679a4
                            • Instruction ID: d33c7cf327d0ad6e91d62249a767e5e990fc9f68fca3b420ed80a42d3022a522
                            • Opcode Fuzzy Hash: eb27ea96f871e436120c833e4a475d07cfb3cf10a8a8b3fc992d3917a4c679a4
                            • Instruction Fuzzy Hash: B3012D32114281AEE36D577ED44EF93B7B4DB41F38F15801DF50457B81DAA85540CD24
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 01375600 Relevance: 6.2, Strings: 3, Instructions: 2418COMMONCrypto
                            Download Yara Rule
                            C-Code - Quality: 94%
                            			E01375600(signed char __ecx, signed int __edx, signed int _a4, unsigned int _a8, intOrPtr* _a12, signed char* _a16) {
				signed char _v8;
				signed int _v12;
				char _v20;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				char _v53;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				char _v69;
				char _v70;
				signed char _v71;
				char _v72;
				char _v73;
				signed int _v80;
				signed int _v88;
				signed short _v92;
				signed char _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				char _v109;
				char _v110;
				signed int _v111;
				char _v112;
				signed char _v116;
				signed int _v120;
				signed char _v128;
				signed short _v132;
				signed short _v134;
				signed short _v136;
				signed short _v138;
				signed int _v144;
				signed char _v148;
				signed char _v152;
				signed short _v156;
				signed int _v160;
				signed short _v164;
				signed short _v166;
				signed int _v172;
				signed char _v176;
				signed char _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed char _v200;
				char _v204;
				signed int _v206;
				signed char _v212;
				intOrPtr _v216;
				signed int _v220;
				unsigned int* _v224;
				intOrPtr _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				signed char _v248;
				unsigned int* _v252;
				signed int _v256;
				signed int _v260;
				signed int _v264;
				signed int _v268;
				signed int _v272;
				signed char _v276;
				signed char _v280;
				intOrPtr _v284;
				signed int* _v288;
				signed int _v292;
				intOrPtr _v296;
				intOrPtr _v300;
				intOrPtr _v304;
				signed int _v308;
				signed int _v312;
				signed int _v316;
				signed short _v320;
				signed int _v324;
				signed int _v328;
				signed int _v332;
				signed int _v336;
				intOrPtr _v340;
				signed char _v344;
				signed char _v348;
				signed int _v352;
				signed int _v356;
				signed int _v360;
				unsigned int _v372;
				unsigned int _v380;
				unsigned int _v388;
				unsigned int _v396;
				unsigned int _v404;
				unsigned int _v412;
				unsigned int _v420;
				unsigned int _v428;
				unsigned int _v436;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t1068;
				signed char _t1072;
				signed int _t1073;
				intOrPtr _t1075;
				signed int _t1078;
				char* _t1079;
				signed int _t1097;
				signed char* _t1100;
				intOrPtr _t1101;
				signed int _t1102;
				signed char* _t1105;
				intOrPtr _t1106;
				signed int _t1107;
				signed char* _t1110;
				signed char* _t1112;
				signed int _t1120;
				void* _t1127;
				signed char* _t1137;
				intOrPtr* _t1145;
				signed int _t1147;
				intOrPtr _t1148;
				void* _t1149;
				signed int _t1151;
				signed char _t1153;
				signed int _t1158;
				signed int _t1159;
				signed char _t1179;
				signed char _t1180;
				unsigned int _t1182;
				signed char _t1192;
				signed char _t1193;
				char _t1205;
				signed char _t1209;
				signed short _t1211;
				void* _t1212;
				signed int _t1217;
				signed int _t1218;
				signed char _t1219;
				signed int _t1221;
				intOrPtr* _t1227;
				intOrPtr* _t1228;
				signed int _t1235;
				signed int _t1236;
				intOrPtr* _t1244;
				intOrPtr* _t1246;
				signed int _t1249;
				signed int _t1253;
				signed int _t1255;
				intOrPtr _t1261;
				signed int _t1267;
				signed int _t1269;
				intOrPtr* _t1281;
				intOrPtr* _t1282;
				signed int _t1285;
				signed int* _t1289;
				signed int* _t1291;
				intOrPtr _t1294;
				signed int _t1295;
				signed int _t1301;
				signed int* _t1302;
				signed int _t1303;
				intOrPtr _t1308;
				signed short _t1309;
				intOrPtr _t1315;
				signed int _t1316;
				intOrPtr _t1318;
				signed int* _t1319;
				signed int _t1320;
				signed int* _t1323;
				signed int _t1324;
				unsigned int* _t1333;
				signed int _t1336;
				signed int _t1338;
				signed int _t1341;
				signed int _t1347;
				signed int* _t1348;
				signed int _t1349;
				signed short _t1352;
				signed short _t1358;
				signed short _t1364;
				signed int _t1373;
				intOrPtr _t1379;
				intOrPtr _t1384;
				intOrPtr* _t1392;
				signed int _t1393;
				signed int _t1396;
				signed int _t1397;
				intOrPtr _t1399;
				signed int _t1401;
				signed char _t1403;
				signed int _t1405;
				signed int _t1406;
				intOrPtr _t1408;
				signed int* _t1410;
				signed int _t1411;
				signed short _t1414;
				signed int* _t1424;
				signed int _t1425;
				signed int* _t1428;
				signed int _t1429;
				signed int _t1432;
				signed int _t1434;
				signed int _t1438;
				signed short _t1440;
				signed short _t1447;
				signed short _t1453;
				intOrPtr* _t1459;
				signed char _t1460;
				void* _t1461;
				signed int _t1465;
				signed int _t1466;
				intOrPtr _t1469;
				signed int _t1471;
				signed char _t1473;
				signed int _t1475;
				signed int _t1476;
				signed char _t1477;
				intOrPtr _t1479;
				signed int* _t1481;
				signed int _t1482;
				signed short _t1485;
				signed int _t1496;
				signed int _t1504;
				signed int _t1506;
				signed int _t1518;
				unsigned int _t1521;
				intOrPtr _t1522;
				signed int _t1523;
				signed int _t1524;
				signed int _t1525;
				signed char _t1526;
				signed short _t1527;
				signed int _t1529;
				unsigned int _t1535;
				signed int _t1538;
				signed short _t1539;
				signed int _t1559;
				signed int _t1564;
				signed char _t1565;
				signed char _t1566;
				signed char _t1567;
				signed char _t1569;
				signed int _t1571;
				signed char _t1576;
				signed short* _t1577;
				signed char _t1579;
				intOrPtr* _t1581;
				signed int _t1583;
				intOrPtr* _t1586;
				intOrPtr _t1590;
				signed int _t1594;
				signed char _t1599;
				intOrPtr* _t1601;
				signed int _t1604;
				signed int _t1605;
				signed int _t1606;
				signed int _t1608;
				signed char _t1614;
				signed short _t1617;
				signed int _t1619;
				signed short _t1620;
				signed int _t1622;
				unsigned int _t1628;
				signed short _t1632;
				signed int _t1634;
				signed char _t1638;
				signed char _t1643;
				signed char _t1648;
				intOrPtr _t1651;
				signed int _t1654;
				signed int _t1656;
				signed int _t1657;
				signed char _t1658;
				signed char _t1660;
				signed char _t1668;
				signed short _t1671;
				intOrPtr _t1673;
				signed short _t1674;
				intOrPtr _t1676;
				signed int _t1678;
				signed int _t1681;
				signed int _t1682;
				signed int _t1686;
				signed short _t1689;
				signed int _t1691;
				signed char _t1695;
				signed char _t1700;
				signed char _t1705;
				signed int _t1707;
				intOrPtr _t1708;
				signed int _t1709;
				signed int _t1710;
				signed char _t1712;
				signed char _t1719;
				signed int* _t1723;
				signed int _t1724;
				signed int _t1725;
				unsigned int _t1728;
				signed int _t1729;
				signed int _t1730;
				signed char* _t1734;
				signed int _t1736;
				intOrPtr* _t1738;
				signed int _t1740;
				signed int _t1743;
				unsigned int _t1744;
				intOrPtr _t1753;
				signed char _t1754;
				signed short* _t1755;
				signed short* _t1757;
				unsigned int _t1760;
				intOrPtr _t1763;
				signed int _t1765;
				signed short _t1766;
				signed short _t1768;
				void* _t1769;
				signed int _t1771;
				signed int _t1773;
				signed int _t1775;
				unsigned int _t1781;
				signed int _t1784;
				signed int _t1785;
				signed int _t1787;
				signed int _t1789;
				unsigned int _t1791;
				unsigned int _t1795;
				unsigned int _t1799;
				signed int _t1802;
				intOrPtr* _t1803;
				signed short* _t1805;
				signed int _t1807;
				intOrPtr _t1809;
				signed short _t1811;
				signed short _t1813;
				intOrPtr _t1814;
				signed char _t1820;
				void* _t1821;
				signed int _t1825;
				signed char _t1829;
				unsigned int _t1831;
				unsigned int* _t1836;
				unsigned int _t1838;
				unsigned int _t1842;
				unsigned int _t1846;
				signed int _t1852;
				signed int _t1858;
				unsigned int _t1861;
				signed int _t1866;
				intOrPtr _t1868;
				signed char _t1871;
				void* _t1873;
				signed int _t1876;
				signed int _t1877;
				signed int _t1880;
				signed char _t1881;
				signed int _t1882;
				signed int _t1883;
				signed short _t1885;
				signed short* _t1886;
				signed char _t1887;
				signed char _t1888;
				signed int* _t1889;
				intOrPtr _t1890;
				signed int _t1892;
				intOrPtr* _t1893;
				signed int _t1894;
				signed int _t1895;
				signed int _t1896;
				signed int _t1897;
				signed int _t1900;
				signed int _t1904;
				signed int _t1905;
				signed int _t1906;
				intOrPtr _t1907;
				signed int _t1908;
				signed int _t1910;
				signed int _t1911;
				signed int _t1912;
				unsigned int _t1916;
				signed int _t1917;
				void* _t1921;
				intOrPtr _t1922;
				intOrPtr _t1923;
				signed int _t1924;
				signed int _t1926;
				signed int _t1927;
				signed int _t1928;
				unsigned int _t1931;
				signed int _t1932;
				signed int* _t1933;
				intOrPtr _t1934;
				signed int _t1935;
				void* _t1936;
				void* _t1937;
				void* _t1940;
				void* _t1941;
				signed int _t1946;
				void* _t1952;

				_t1725 = __edx;
				_t1540 = __ecx;
				_push(0xfffffffe);
				_push(0x142fc88);
				_push(0x13a17f0);
				_push( *[fs:0x0]);
				_t1937 = _t1936 - 0x1a0;
				_push(_t1873);
				_t1068 =  *0x144d360;
				_v12 = _v12 ^ _t1068;
				_push(_t1068 ^ _t1935);
				 *[fs:0x0] =  &_v20;
				_v96 = __edx;
				_t1871 = __ecx;
				_v280 = __ecx;
				_v196 = 0;
				_v104 = 1;
				_v53 = 0;
				_v80 = 0;
				_v60 = 0;
				_v180 = 0;
				_t1518 = _a8 >> 3;
				if((__edx & 0x7d010f60) != 0 || _a4 >= 0x80000000) {
					_v104 = 0;
					 *_a16 = 4;
					_t1072 = _a4;
					__eflags = _t1072 - 0x7fffffff;
					if(_t1072 > 0x7fffffff) {
						_t1073 = 0;
						goto L157;
					}
					__eflags = _t1725 & 0x61000000;
					if((_t1725 & 0x61000000) != 0) {
						__eflags = _t1725 & 0x10000000;
						if(__eflags != 0) {
							goto L287;
						}
						_t1073 = E01412D82(_t1518, _t1540, _t1725, _t1871, _t1873, __eflags, _t1072);
						goto L157;
					}
					L287:
					__eflags = _t1072;
					if(_t1072 == 0) {
						_t1072 = 1;
					}
					_t1728 =  *((intOrPtr*)(_t1871 + 0x94)) + _t1072 &  *(_t1871 + 0x98);
					__eflags = _t1728 - 0x10;
					if(_t1728 < 0x10) {
						_t1728 = 0x10;
					}
					_a8 = _t1728;
					_t1074 = _v96;
					_t1546 = _t1074 >> 0x00000004 & 0xffffffe1 | 0x00000001;
					_v64 = _t1546;
					__eflags = _t1074 & 0x3c000100;
					if((_t1074 & 0x3c000100) == 0) {
						__eflags =  *(_t1871 + 0xbc);
						if( *(_t1871 + 0xbc) == 0) {
							goto L291;
						}
						goto L290;
					} else {
						L290:
						_t1546 = _t1546 | 0x00000002;
						_v64 = _t1546;
						_t1728 = _t1728 + 8;
						__eflags = _t1728;
						_a8 = _t1728;
						L291:
						_t1729 = _t1728 >> 3;
						_v52 = _t1729;
						goto L4;
					}
				} else {
					_t1546 = 1;
					_v64 = 1;
					_t1729 = _t1518;
					_v52 = _t1729;
					if(_t1729 < 2) {
						_a8 = _a8 + 8;
						_t1729 = 2;
						_v52 = 2;
					}
					 *_a16 = 3;
					_t1074 = _v96;
					L4:
					_t1876 = _t1074 & 0x00800000;
					if(_t1876 != 0) {
						_t1075 =  *[fs:0x30];
						__eflags =  *(_t1075 + 0x68) & 0x00000800;
						_t1074 = _v96;
						if(( *(_t1075 + 0x68) & 0x00000800) == 0) {
							_t1546 = _t1546 | 0x00000008;
							_v64 = _t1546;
						}
					}
					_v8 = 0;
					_t1946 = _t1074 & 0x00000001;
					if(_t1946 != 0) {
						L11:
						if(_t1729 >  *((intOrPtr*)(_t1871 + 0x5c))) {
							__eflags =  *(_t1871 + 0x40) & 0x00000002;
							if(( *(_t1871 + 0x40) & 0x00000002) == 0) {
								_v148 = 0xc0000023;
								L363:
								_v80 = 0;
								goto L153;
							}
							_t1521 = _a8 + 0x18;
							_a8 = _t1521;
							_a8 = _t1521;
							_t1880 = (E01381164(_t1546) & 0x0000000f) << 0xc;
							_v352 = _t1880;
							_v200 = 0;
							_v204 = _a8 + 0x1000 + _t1880;
							_t1732 = 1;
							_t1546 = _t1871;
							_t1518 = E01380678(_t1871, 1);
							_v356 = _t1518;
							_push(_t1518);
							_push(0x2000);
							_push( &_v204);
							_push(0);
							_push( &_v200);
							_push(0xffffffff);
							_t1074 = E01399660();
							_v148 = _t1074;
							__eflags = _t1074;
							if(_t1074 < 0) {
								goto L153;
							}
							_v60 = _v200 + _t1880;
							_push(_t1518);
							_push(0x1000);
							_push( &_a8);
							_push(0);
							_push( &_v60);
							_push(0xffffffff);
							_t1074 = E01399660();
							_v148 = _t1074;
							__eflags = _t1074;
							if(_t1074 < 0) {
								_v60 = 0;
								 *((intOrPtr*)(_t1871 + 0x214)) =  *((intOrPtr*)(_t1871 + 0x214)) + 1;
								goto L363;
							}
							 *((short*)(_v60 + 0x18)) = _a8 - _a4;
							 *(_v60 + 0x1a) = _v64 | 0x00000002;
							 *(_v60 + 0x10) = _a8;
							 *((intOrPtr*)(_v60 + 0x14)) = _v204;
							 *((char*)(_v60 + 0x1f)) = 4;
							 *((intOrPtr*)(_t1871 + 0x1f0)) =  *((intOrPtr*)(_t1871 + 0x1f0)) + _a8;
							_t1097 = E01377D50();
							__eflags = _t1097;
							if(_t1097 != 0) {
								_t1100 =  *( *[fs:0x30] + 0x50) + 0x226;
							} else {
								_t1100 = 0x7ffe0380;
							}
							__eflags =  *_t1100;
							if( *_t1100 != 0) {
								_t1101 =  *[fs:0x30];
								__eflags =  *(_t1101 + 0x240) & 0x00000001;
								if(( *(_t1101 + 0x240) & 0x00000001) != 0) {
									_t1732 = _v60;
									E0141138A(_t1518, _t1871, _v60, _a8, 9);
								}
							}
							_t1102 = E01377D50();
							__eflags = _t1102;
							if(_t1102 != 0) {
								_t1105 =  *( *[fs:0x30] + 0x50) + 0x226;
							} else {
								_t1105 = 0x7ffe0380;
							}
							__eflags =  *_t1105;
							if( *_t1105 != 0) {
								_t1106 =  *[fs:0x30];
								__eflags =  *(_t1106 + 0x240) & 0x00000001;
								if(( *(_t1106 + 0x240) & 0x00000001) != 0) {
									__eflags = E01377D50();
									if(__eflags == 0) {
										_t1137 = 0x7ffe0380;
									} else {
										_t1137 =  *( *[fs:0x30] + 0x50) + 0x226;
									}
									_t1732 = _v60;
									E01411582(_t1518, _t1871, _v60, __eflags, _a8,  *(_t1871 + 0x74) << 3,  *_t1137 & 0x000000ff);
								}
							}
							_t1107 = E01377D50();
							__eflags = _t1107;
							if(_t1107 != 0) {
								_t1110 =  *( *[fs:0x30] + 0x50) + 0x230;
							} else {
								_t1110 = 0x7ffe038a;
							}
							__eflags =  *_t1110;
							if( *_t1110 != 0) {
								__eflags = E01377D50();
								if(__eflags == 0) {
									_t1112 = 0x7ffe038a;
								} else {
									_t1112 =  *( *[fs:0x30] + 0x50) + 0x230;
								}
								_t1732 = _v60;
								E01411582(_t1518, _t1871, _v60, __eflags, _a8,  *(_t1871 + 0x74) << 3,  *_t1112 & 0x000000ff);
							}
							__eflags =  *(_t1871 + 0x40) & 0x08000000;
							if(( *(_t1871 + 0x40) & 0x08000000) != 0) {
								_t1559 = E013816C7(1, _t1732) & 0x0000ffff;
								_v206 = _t1559;
								 *(_v60 + 8) = _t1559;
							}
							_t1120 =  *( *[fs:0x30] + 0x68);
							_v360 = _t1120;
							__eflags = _t1120 & 0x00000800;
							if((_t1120 & 0x00000800) != 0) {
								 *((short*)(_v60 + 0xa)) = E013FE9F0(_t1871, _v96 >> 0x00000012 & 0x000000ff, 0,  *(_v60 + 0x10) >> 3, 1);
							}
							_t1546 = _v60;
							__eflags =  *(_t1871 + 0x4c);
							if( *(_t1871 + 0x4c) != 0) {
								 *(_t1546 + 0x1b) =  *(_t1546 + 0x1a) ^  *(_t1546 + 0x19) ^  *(_t1546 + 0x18);
								_t737 = _t1546 + 0x18;
								 *_t737 =  *(_t1546 + 0x18) ^  *(_t1871 + 0x50);
								__eflags =  *_t737;
								_t1546 = _v60;
							}
							_t1127 = _t1871 + 0x9c;
							_t1734 =  *(_t1127 + 4);
							_t1881 =  *_t1734;
							__eflags = _t1881 - _t1127;
							if(_t1881 != _t1127) {
								_push(_t1546);
								_t1546 = 0xd;
								E0141A80D(0, _t1127, 0, _t1881);
							} else {
								 *_t1546 = _t1127;
								 *(_t1546 + 4) = _t1734;
								 *_t1734 = _t1546;
								 *(_t1127 + 4) = _t1546;
							}
							_t1074 = _v60 + 0x20;
							_v80 = _v60 + 0x20;
							goto L153;
						}
						if(_t1876 != 0) {
							L21:
							_t1145 = _a12;
							if(_t1145 == 0) {
								L23:
								_v228 = _t1871 + 0xc0;
								_t1564 =  *(_t1871 + 0xb4);
								_v36 = _t1564;
								while(1) {
									_t1522 =  *((intOrPtr*)(_t1564 + 4));
									if(_t1729 < _t1522) {
										_t1523 = _t1729;
										goto L26;
									}
									_t1147 =  *_t1564;
									__eflags = _t1147;
									if(_t1147 == 0) {
										_t1523 = _t1522 - 1;
										while(1) {
											L26:
											_v144 = _t1523;
											_t1524 = _t1523 -  *(_t1564 + 0x14);
											_t1882 = 0;
											_t1736 =  *(_t1564 + 0x18);
											_v40 = _t1736;
											_t1148 =  *((intOrPtr*)(_t1736 + 4));
											if(_t1736 == _t1148) {
												goto L311;
											}
											_t1424 = _t1148 + 0xfffffff8;
											_v32 = _t1424;
											_t1425 =  *_t1424;
											_v380 = _t1425;
											_t1671 = _t1425 & 0x0000ffff;
											if( *(_t1871 + 0x4c) != 0) {
												_t1846 =  *(_t1871 + 0x50) ^ _t1425;
												_v380 = _t1846;
												_t1453 = _t1846 & 0x0000ffff;
												_v44 = _t1453;
												_v68 = _t1453 & 0x0000ffff;
												_t1705 = _t1846 >> 0x00000010 ^ _t1846 >> 0x00000008 ^ _t1846;
												if(_t1846 >> 0x18 != _t1705) {
													_push(_t1705);
													E0141A80D(_t1871, _v32, 0, 0);
													_t1671 = _v44 & 0x0000ffff;
												} else {
													_t1671 = _v68;
												}
												_t1736 = _v40;
											}
											_t1673 = _v52 - (_t1671 & 0x0000ffff);
											_v300 = _t1673;
											if(_t1673 > 0) {
												_t1882 = _t1736;
												goto L48;
											} else {
												_t1428 =  *_t1736 + 0xfffffff8;
												_v32 = _t1428;
												_t1429 =  *_t1428;
												_v388 = _t1429;
												_t1674 = _t1429 & 0x0000ffff;
												if( *(_t1871 + 0x4c) != _t1882) {
													_t1842 =  *(_t1871 + 0x50) ^ _t1429;
													_v388 = _t1842;
													_t1447 = _t1842 & 0x0000ffff;
													_v44 = _t1447;
													_v68 = _t1447 & 0x0000ffff;
													_t1700 = _t1842 >> 0x00000010 ^ _t1842 >> 0x00000008 ^ _t1842;
													if(_t1842 >> 0x18 != _t1700) {
														_push(_t1700);
														E0141A80D(_t1871, _v32, 0, 0);
														_t1674 = _v44 & 0x0000ffff;
													} else {
														_t1674 = _v68;
													}
													_t1736 = _v40;
												}
												_t1676 = _v52 - (_t1674 & 0x0000ffff);
												_v304 = _t1676;
												_t1564 = _v36;
												if(_t1676 <= 0) {
													_t1882 =  *_t1736;
													goto L49;
												} else {
													if( *_t1564 != _t1882 || _v144 !=  *((intOrPtr*)(_t1564 + 4)) - 1) {
														_t1432 = _t1524 >> 5;
														_t1921 = ( *((intOrPtr*)(_t1564 + 4)) -  *(_t1564 + 0x14) >> 5) - 1;
														_t1836 =  *((intOrPtr*)(_t1564 + 0x1c)) + _t1432 * 4;
														_v32 = _t1524 & 0x0000001f;
														_t1535 =  !((1 << _v32) - 1) &  *_t1836;
														while(1) {
															_v224 = _t1836;
															_v184 = _t1432;
															if(_t1535 != 0) {
																break;
															}
															if(_t1432 > _t1921) {
																__eflags = _t1535;
																if(_t1535 != 0) {
																	break;
																}
																_t1564 = _v36;
																goto L167;
															} else {
																_t1836 =  &(_t1836[1]);
																_t1535 =  *_t1836;
																_t1432 = _t1432 + 1;
																continue;
															}
														}
														__eflags = _t1535;
														if(_t1535 != 0) {
															_t1678 = _t1535 & 0x000000ff;
															__eflags = _t1535;
															if(_t1535 == 0) {
																_t1681 = ( *((_t1535 >> 0x00000008 & 0x000000ff) + 0x13384d0) & 0x000000ff) + 8;
															} else {
																_t1681 =  *(_t1678 + 0x13384d0) & 0x000000ff;
															}
														} else {
															_t1686 = _t1535 >> 0x00000010 & 0x000000ff;
															__eflags = _t1686;
															if(_t1686 != 0) {
																_t1681 = ( *(_t1686 + 0x13384d0) & 0x000000ff) + 0x10;
															} else {
																_t97 = (_t1535 >> 0x18) + 0x13384d0; // 0x10008
																_t1681 = ( *_t97 & 0x000000ff) + 0x18;
																__eflags = _t1681;
															}
														}
														_t1434 = (_t1432 << 5) + _t1681;
														_v184 = _t1434;
														_t1682 = _v36;
														__eflags =  *(_t1682 + 8);
														if( *(_t1682 + 8) != 0) {
															_t1434 = _t1434 + _t1434;
														}
														_t1882 =  *( *((intOrPtr*)(_t1682 + 0x20)) + _t1434 * 4);
														goto L48;
													} else {
														__eflags =  *((intOrPtr*)(_t1564 + 8)) - _t1882;
														if( *((intOrPtr*)(_t1564 + 8)) != _t1882) {
															_t1524 = _t1524 + _t1524;
														}
														_t1538 =  *( *((intOrPtr*)(_t1564 + 0x20)) + _t1524 * 4);
														while(1) {
															__eflags = _t1736 - _t1538;
															if(_t1736 == _t1538) {
																break;
															}
															_t1438 =  *(_t1538 - 8);
															_v396 = _t1438;
															_t1689 = _t1438 & 0x0000ffff;
															__eflags =  *(_t1871 + 0x4c) - _t1882;
															if( *(_t1871 + 0x4c) != _t1882) {
																_t1838 =  *(_t1871 + 0x50) ^ _t1438;
																_v396 = _t1838;
																_t1440 = _t1838 & 0x0000ffff;
																_v32 = _t1440;
																_v44 = _t1440 & 0x0000ffff;
																_t1695 = _t1838 >> 0x00000010 ^ _t1838 >> 0x00000008 ^ _t1838;
																__eflags = _t1838 >> 0x18 - _t1695;
																if(_t1838 >> 0x18 != _t1695) {
																	_push(_t1695);
																	E0141A80D(_t1871, _t1538 - 8, 0, 0);
																	_t1689 = _v32 & 0x0000ffff;
																} else {
																	_t1689 = _v44;
																}
																_t1736 = _v40;
															}
															_t1691 = _v52 - (_t1689 & 0x0000ffff);
															_v308 = _t1691;
															__eflags = _t1691;
															if(_t1691 > 0) {
																_t1538 =  *_t1538;
																continue;
															} else {
																_t1882 = _t1538;
																break;
															}
														}
														L48:
														_t1564 = _v36;
														L49:
														__eflags = _t1882;
														if(_t1882 == 0) {
															L167:
															_t1564 =  *_t1564;
															_v36 = _t1564;
															_t1523 =  *(_t1564 + 0x14);
															continue;
														}
														_v312 = _t1882;
														__eflags = _v228 - _t1882;
														if(_v228 == _t1882) {
															L248:
															_t1546 = _t1871;
															_t1518 = E0137B236(_t1871, _a8);
															_v100 = _t1518;
															__eflags = _t1518;
															if(_t1518 == 0) {
																_v148 = 0xc0000017;
																goto L363;
															}
															_t540 = _t1518 + 8; // 0x8
															_t1738 = _t540;
															_t1883 =  *_t1738;
															_v32 = _t1883;
															_t1565 =  *(_t1518 + 0xc);
															_v88 = _t1565;
															_t1149 =  *_t1565;
															_t1566 =  *(_t1883 + 4);
															_v44 = _t1566;
															__eflags = _t1149 - _t1566;
															_t1567 = _v88;
															if(_t1149 != _t1566) {
																L536:
																_push(_t1567);
																_t1546 = 0xd;
																_t1074 = E0141A80D(_t1871, _t1738, _v44, _t1149);
																_v73 = 0;
																goto L153;
															}
															__eflags = _t1149 - _t1738;
															if(_t1149 != _t1738) {
																goto L536;
															}
															 *(_t1871 + 0x74) =  *(_t1871 + 0x74) - ( *_t1518 & 0x0000ffff);
															_t1740 =  *(_t1871 + 0xb4);
															__eflags = _t1740;
															if(_t1740 == 0) {
																L258:
																 *_t1567 = _t1883;
																 *(_t1883 + 4) = _t1567;
																__eflags =  *(_t1518 + 2) & 0x00000008;
																if(( *(_t1518 + 2) & 0x00000008) != 0) {
																	_t1151 = E0137A229(_t1871, _t1518);
																	__eflags = _t1151;
																	if(_t1151 != 0) {
																		goto L259;
																	}
																	_t1546 = _t1871;
																	_t1074 = E0137A309(_t1871, _t1518,  *_t1518 & 0x0000ffff, 1);
																	_v73 = 0;
																	goto L153;
																}
																L259:
																_v73 = 1;
																L76:
																_t1569 =  *(_t1518 + 2);
																_v71 = _t1569;
																__eflags = _v104;
																if(_v104 == 0) {
																	__eflags = _t1569 & 0x00000004;
																	if((_t1569 & 0x00000004) != 0) {
																		_t1905 = ( *_t1518 & 0x0000ffff) * 8 - 0x10;
																		_v244 = _t1905;
																		__eflags = _t1569 & 0x00000002;
																		if((_t1569 & 0x00000002) != 0) {
																			__eflags = _t1905 - 4;
																			if(_t1905 > 4) {
																				_t1905 = _t1905 - 4;
																				__eflags = _t1905;
																				_v244 = _t1905;
																			}
																		}
																		_t872 = _t1518 + 0x10; // 0x10
																		_t1373 = E013AD540(_t872, _t1905, 0xfeeefeee);
																		_v32 = _t1373;
																		__eflags = _t1373 - _t1905;
																		if(_t1373 != _t1905) {
																			_t1651 =  *[fs:0x30];
																			__eflags =  *(_t1651 + 0xc);
																			if( *(_t1651 + 0xc) == 0) {
																				_push("HEAP: ");
																				E0135B150();
																				_t1941 = _t1937 + 4;
																			} else {
																				E0135B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
																				_t1941 = _t1937 + 8;
																			}
																			_t1569 = _v100;
																			_push(_v32 + 0x10 + _t1569);
																			E0135B150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t1569);
																			_t1937 = _t1941 + 0xc;
																			_t1379 =  *[fs:0x30];
																			__eflags =  *((char*)(_t1379 + 2));
																			if( *((char*)(_t1379 + 2)) == 0) {
																				_t1518 = _v100;
																			} else {
																				 *0x1446378 = 1;
																				_t1518 = _v100;
																				 *0x14460c0 = _t1518;
																				asm("int3");
																				 *0x1446378 = 0;
																			}
																		}
																	}
																}
																_v120 = _t1518;
																__eflags =  *(_t1518 + 2) & 0x00000001;
																if(( *(_t1518 + 2) & 0x00000001) != 0) {
																	_push(_t1569);
																	_t1546 = 3;
																	_t1074 = E0141A80D(_t1871, _t1518, 0, 0);
																	goto L153;
																} else {
																	 *(_t1518 + 2) = _v64;
																	_t1571 = _v52;
																	_t1885 = ( *_t1518 & 0x0000ffff) - _t1571;
																	_v320 = _t1885;
																	 *_t1518 = _t1571;
																	_t1743 = _a4;
																	_t1153 = _a8 - _t1743;
																	_v44 = _t1153;
																	__eflags = _t1153 - 0x3f;
																	if(_t1153 >= 0x3f) {
																		 *(_t1518 + _t1571 * 8 - 4) = _t1153;
																		 *(_t1518 + 7) = 0x3f;
																	} else {
																		 *(_t1518 + 7) = _t1153;
																	}
																	 *(_t1518 + 3) = 0;
																	__eflags = _t1885;
																	if(_t1885 == 0) {
																		L137:
																		_t1886 = _v120;
																		_v80 =  &(_t1886[4]);
																		_t1518 = ( *_t1886 & 0x0000ffff) * 8;
																		_v196 = _t1518;
																		__eflags = (_t1886[3] & 0x0000003f) - 0x3f;
																		if((_t1886[3] & 0x0000003f) == 0x3f) {
																			_t1158 = 1;
																		} else {
																			_t1158 = 0;
																			__eflags = 0;
																		}
																		_t1546 = _t1518;
																		__eflags = _t1158;
																		if(_t1158 != 0) {
																			_t1007 = _t1518 - 4; // -4
																			_t1546 = _t1007;
																			_t1518 = _t1546;
																			_v196 = _t1518;
																		}
																		__eflags = _v104;
																		if(_v104 == 0) {
																			_t1744 = _v96;
																			__eflags = _t1744 & 0x00000008;
																			if((_t1744 & 0x00000008) == 0) {
																				__eflags =  *(_t1871 + 0x40) & 0x00000040;
																				if(( *(_t1871 + 0x40) & 0x00000040) == 0) {
																					L296:
																					_t1525 = _a4;
																					L297:
																					__eflags =  *(_t1871 + 0x40) & 0x00000020;
																					if(( *(_t1871 + 0x40) & 0x00000020) != 0) {
																						_t1159 = _v80;
																						 *((intOrPtr*)(_t1159 + _t1525)) = 0xabababab;
																						 *((intOrPtr*)(_t1159 + _t1525 + 4)) = 0xabababab;
																						 *(_v120 + 2) =  *(_v120 + 2) | 0x00000004;
																					}
																					_t1887 = _v120;
																					 *(_t1887 + 3) = 0;
																					__eflags =  *(_t1887 + 2) & 0x00000002;
																					if(( *(_t1887 + 2) & 0x00000002) == 0) {
																						_t1074 =  *( *[fs:0x30] + 0x68);
																						_v348 = _t1074;
																						__eflags = _t1074 & 0x00000800;
																						if((_t1074 & 0x00000800) == 0) {
																							goto L301;
																						}
																						_t1518 = _v120;
																						_t1546 = _t1871;
																						 *(_t1887 + 3) = E013FE9F0(_t1871, _t1744 >> 0x00000012 & 0x000000ff, 0,  *_t1518 & 0x0000ffff, 0);
																						goto L302;
																					} else {
																						_t1546 = _t1887;
																						_t1526 = E01351F5B(_t1887);
																						_v276 = _t1526;
																						 *_t1526 = 0;
																						 *((intOrPtr*)(_t1526 + 4)) = 0;
																						__eflags =  *(_t1871 + 0x40) & 0x08000000;
																						if(( *(_t1871 + 0x40) & 0x08000000) != 0) {
																							_t1546 = 1;
																							 *_t1526 = E013816C7(1, _t1744);
																							_t1744 = _v96;
																						}
																						_t1074 =  *( *[fs:0x30] + 0x68);
																						_v344 = _t1074;
																						__eflags = _t1074 & 0x00000800;
																						if((_t1074 & 0x00000800) != 0) {
																							_t1518 = _v120;
																							_t1074 = E013FE9F0(_t1871, _t1744 >> 0x00000012 & 0x00000fff, 0,  *_t1518 & 0x0000ffff, 0);
																							_t1546 = _v276;
																							 *(_v276 + 2) = _t1074;
																							goto L302;
																						} else {
																							L301:
																							_t1518 = _v120;
																							L302:
																							__eflags =  *(_t1871 + 0x4c);
																							if( *(_t1871 + 0x4c) != 0) {
																								 *(_t1887 + 3) =  *(_t1518 + 1) ^  *_t1518 ^  *(_t1887 + 2);
																								_t1074 =  *(_t1871 + 0x50);
																								 *_t1518 =  *_t1518 ^  *(_t1871 + 0x50);
																							}
																							goto L153;
																						}
																					}
																				}
																				_t1525 = _a4;
																				E013AD5E0(_v80, _t1525 & 0xfffffffc, 0xbaadf00d);
																				_t1744 = _v96;
																				goto L297;
																			}
																			_t618 = _t1546 - 8; // -8
																			E0139FA60(_v80, 0, _t618);
																			_t1744 = _v96;
																			goto L296;
																		} else {
																			__eflags =  *(_t1871 + 0x4c);
																			if( *(_t1871 + 0x4c) != 0) {
																				_t1889 = _v120;
																				_t1889[0] = _t1889[0] ^ _t1889[0] ^  *_t1889;
																				 *_t1889 =  *_t1889 ^  *(_t1871 + 0x50);
																				__eflags =  *_t1889;
																			}
																			__eflags = _v53;
																			if(_v53 == 0) {
																				L152:
																				_t1074 = _v96;
																				__eflags = _t1074 & 0x00000008;
																				if((_t1074 & 0x00000008) != 0) {
																					_t398 = _t1518 - 8; // -8
																					_t1074 = E0139FA60(_v80, 0, _t398);
																				}
																				goto L153;
																			} else {
																				__eflags =  *(_t1871 + 0x44) & 0x01000000;
																				if(( *(_t1871 + 0x44) & 0x01000000) != 0) {
																					L149:
																					_t1888 =  *(_t1871 + 0xc8);
																					_t360 = _t1888 + 8;
																					 *_t360 =  *(_t1888 + 8) + 0xffffffff;
																					__eflags =  *_t360;
																					if( *_t360 != 0) {
																						L151:
																						_v53 = 0;
																						goto L152;
																					}
																					 *(_t1888 + 0xc) = 0;
																					_t1546 = _t1546 | 0xffffffff;
																					asm("lock cmpxchg [edx], ecx");
																					_t1750 = 0xfffffffe;
																					_v104 = 0xfffffffe;
																					__eflags = 0xfffffffe - 0xfffffffe;
																					if(0xfffffffe != 0xfffffffe) {
																						__eflags =  *(_t1888 + 4) & 0x00000001;
																						if(__eflags != 0) {
																							_push(_t1888);
																							E013EFF10(_t1518, 0xfffffffe, _t1871, _t1888, __eflags);
																							_t1750 = _v104;
																						}
																						while(1) {
																							__eflags = _t1750 & 0x00000002;
																							if((_t1750 & 0x00000002) == 0) {
																								_t1179 = 1;
																							} else {
																								_t1179 = 3;
																							}
																							_v88 = _t1179;
																							_t1546 = _t1179 + _t1750;
																							_t1180 = _t1750;
																							asm("lock cmpxchg [edx], ecx");
																							__eflags = _t1180 - _v104;
																							if(_t1180 == _v104) {
																								break;
																							}
																							_t1750 = _t1180;
																							_v104 = _t1750;
																						}
																						__eflags = _v88 & 0x00000002;
																						if((_v88 & 0x00000002) != 0) {
																							E01354DC0(_t1546, _t1888);
																						}
																					}
																					goto L151;
																				}
																				 *(_t1871 + 0x21c) =  *(_t1871 + 0x21c) + 1;
																				_t1546 =  *(_t1871 + 0x224);
																				__eflags =  *(_t1871 + 0x21c) - _t1546;
																				if( *(_t1871 + 0x21c) > _t1546) {
																					 *(_t1871 + 0x21c) = 0;
																					_t1753 =  *((intOrPtr*)(_t1871 + 0x1e8)) - ( *(_t1871 + 0x74) << 3);
																					__eflags = _t1753 -  *((intOrPtr*)(_t1871 + 0x238));
																					if(_t1753 >  *((intOrPtr*)(_t1871 + 0x238))) {
																						 *((intOrPtr*)(_t1871 + 0x238)) = _t1753;
																					}
																					 *((intOrPtr*)(_t1871 + 0x23c)) = _t1753;
																				}
																				 *(_t1871 + 0x228) =  *(_t1871 + 0x228) + 1;
																				__eflags =  *(_t1871 + 0x228) - 0x1000;
																				if( *(_t1871 + 0x228) >= 0x1000) {
																					__eflags =  *((char*)(_t1871 + 0xda)) - 2;
																					if( *((char*)(_t1871 + 0xda)) != 2) {
																						L364:
																						_t1182 = 0x10;
																						L360:
																						__eflags =  *(_t1871 + 0x220) - _t1182;
																						if( *(_t1871 + 0x220) > _t1182) {
																							__eflags = _t1546 - 0x10000;
																							if(_t1546 < 0x10000) {
																								 *(_t1871 + 0x224) = _t1546 + _t1546;
																							}
																						}
																						 *(_t1871 + 0x220) = 0;
																						 *(_t1871 + 0x228) = 0;
																						goto L149;
																					}
																					__eflags =  *((intOrPtr*)(_t1871 + 0x22c)) - 0x10;
																					if( *((intOrPtr*)(_t1871 + 0x22c)) <= 0x10) {
																						goto L364;
																					}
																					_t1182 = 0x100;
																					goto L360;
																				} else {
																					goto L149;
																				}
																			}
																		}
																	} else {
																		__eflags = _t1885 - 1;
																		if(_t1885 == 1) {
																			 *_t1518 =  *_t1518 + 1;
																			_t1192 = _a8 - _t1743 + 8;
																			_v68 = _t1192;
																			__eflags = _t1192 - 0x3f;
																			if(_t1192 >= 0x3f) {
																				 *(_t1518 + 4 + _t1571 * 8) = _t1192;
																				 *(_t1518 + 7) = 0x3f;
																			} else {
																				 *(_t1518 + 7) = _t1192;
																			}
																			goto L137;
																		}
																		__eflags = _v104;
																		if(_v104 == 0) {
																			_t1754 = 1;
																		} else {
																			_t1754 = 0;
																			__eflags = 0;
																		}
																		_v116 = _t1754;
																		_t1193 =  *((intOrPtr*)(_t1518 + 6));
																		__eflags = _t1193;
																		if(_t1193 != 0) {
																			_t1576 = (1 - (_t1193 & 0x000000ff) << 0x10) + (_t1518 & 0xffff0000);
																			_v48 = 1;
																		} else {
																			_t1576 = _t1871;
																			_v48 = _t1871;
																		}
																		_v248 = _t1576;
																		_v32 = _t1885;
																		_t1518 = _t1518 + _v52 * 8;
																		_v88 = 0;
																		 *(_t1518 + 2) = _v71;
																		 *(_t1518 + 7) = 0;
																		 *(_t1518 + 4) =  *(_t1871 + 0x54) ^ _v52;
																		__eflags =  *((intOrPtr*)(_t1576 + 0x18)) - _v48;
																		if( *((intOrPtr*)(_t1576 + 0x18)) != _v48) {
																			_t1205 = (_t1518 - _v48 >> 0x10) + 1;
																			_v32 = _t1205;
																			_v108 = _t1205;
																			__eflags = _t1205 - 0xfe;
																			if(_t1205 >= 0xfe) {
																				_push(_t1576);
																				E0141A80D( *((intOrPtr*)(_t1576 + 0x18)), _t1518, _t1576, 0);
																				_t1754 = _v116;
																				_t1205 = _v32;
																			}
																		} else {
																			_t1205 = 0;
																			__eflags = 0;
																		}
																		_v110 = _t1205;
																		 *((char*)(_t1518 + 6)) = _t1205;
																		 *(_t1518 + 3) = 0;
																		 *_t1518 = _t1885;
																		while(1) {
																			_t1577 = _t1518 + _t1885 * 8;
																			_t1209 =  *(_t1871 + 0x4c) >> 0x00000014 &  *(_t1871 + 0x52) ^ _t1577[1];
																			__eflags = _t1209 & 0x00000001;
																			if((_t1209 & 0x00000001) != 0) {
																				break;
																			}
																			__eflags =  *(_t1871 + 0x4c);
																			if( *(_t1871 + 0x4c) != 0) {
																				_t1760 =  *(_t1871 + 0x50) ^  *_t1577;
																				 *_t1577 = _t1760;
																				_t1599 = _t1760 >> 0x00000010 ^ _t1760 >> 0x00000008 ^ _t1760;
																				__eflags = _t1760 >> 0x18 - _t1599;
																				if(__eflags != 0) {
																					_push(_t1599);
																					E0140FA2B(_t1518, _t1871, _t1518 + _t1885 * 8, _t1871, _t1885, __eflags);
																				}
																				_t1577 = _t1518 + _t1885 * 8;
																			}
																			_t762 =  &(_t1577[4]); // 0x13747f1
																			_t1755 = _t762;
																			_v32 = _t1755;
																			_v48 =  *_t1755;
																			_t765 =  &(_t1577[6]); // 0x18a164ff
																			_t1211 =  *_t765;
																			_v44 = _t1211;
																			_t1212 =  *_t1211;
																			_t768 = _v48 + 4; // 0x1475ffec
																			__eflags = _t1212 -  *_t768;
																			_t769 =  &(_t1577[4]); // 0x13747f1
																			_t1757 = _t769;
																			if(_t1212 !=  *_t768) {
																				L523:
																				_push(_t1577);
																				_t998 = _v48 + 4; // 0x1475ffec
																				_t1546 = 0xd;
																				E0141A80D(_t1871, _t1757,  *_t998, _t1212);
																				goto L524;
																			} else {
																				__eflags = _t1212 - _t1757;
																				if(_t1212 != _t1757) {
																					goto L523;
																				}
																				 *(_t1871 + 0x74) =  *(_t1871 + 0x74) - ( *_t1577 & 0x0000ffff);
																				_t1802 =  *(_t1871 + 0xb4);
																				__eflags = _t1802;
																				if(_t1802 == 0) {
																					L381:
																					_t1217 = _v48;
																					_t1803 = _v44;
																					 *_t1803 = _t1217;
																					 *((intOrPtr*)(_t1217 + 4)) = _t1803;
																					__eflags = _t1577[1] & 0x00000008;
																					if((_t1577[1] & 0x00000008) != 0) {
																						_t1218 = E0137A229(_t1871, _t1577);
																						__eflags = _t1218;
																						if(_t1218 != 0) {
																							goto L382;
																						}
																						_t1546 = _t1871;
																						E0137A309(_t1871, _t1518 + _t1885 * 8,  *(_t1518 + _t1885 * 8) & 0x0000ffff, 1);
																						L524:
																						_v72 = 0;
																						__eflags = _v88;
																						if(_v88 != 0) {
																							_v112 = 0;
																							 *( *[fs:0x18] + 0xbf4) = 0xc000003c;
																							_t1890 =  *[fs:0x18];
																							_v340 = _t1890;
																							 *((intOrPtr*)(_t1890 + 0x34)) = E0135CCC0(0xc000003c);
																							goto L153;
																						}
																						_v88 = 1;
																						_t1754 = _v116;
																						continue;
																					}
																					L382:
																					_v72 = 1;
																					_t1579 = _v116;
																					_t1805 = _t1518 + _t1885 * 8;
																					__eflags = _t1579;
																					if(_t1579 != 0) {
																						_t1219 = _t1805[1];
																						_v111 = _t1219;
																						__eflags = _t1219 & 0x00000004;
																						if((_t1219 & 0x00000004) != 0) {
																							_t1589 = _t1518 + _t1885 * 8;
																							_t1253 = ( *(_t1518 + _t1885 * 8) & 0x0000ffff) * 8 - 0x10;
																							_v192 = _t1253;
																							__eflags = _v111 & 0x00000002;
																							if((_v111 & 0x00000002) != 0) {
																								__eflags = _t1253 - 4;
																								if(_t1253 > 4) {
																									_t1253 = _t1253 - 4;
																									__eflags = _t1253;
																									_v192 = _t1253;
																								}
																							}
																							_t1255 = E013AD540( &(_t1589[8]), _t1253, 0xfeeefeee);
																							_v32 = _t1255;
																							__eflags = _t1255 - _v192;
																							if(_t1255 == _v192) {
																								_t1805 = _t1518 + _t1885 * 8;
																							} else {
																								_t1590 =  *[fs:0x30];
																								__eflags =  *(_t1590 + 0xc);
																								if( *(_t1590 + 0xc) == 0) {
																									_push("HEAP: ");
																									E0135B150();
																									_t1940 = _t1937 + 4;
																								} else {
																									E0135B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
																									_t1940 = _t1937 + 8;
																								}
																								_push(_v32 + 0x10 + _t1518 + _t1885 * 8);
																								E0135B150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t1518 + _t1885 * 8);
																								_t1937 = _t1940 + 0xc;
																								_t1261 =  *[fs:0x30];
																								_t1805 = _t1518 + _t1885 * 8;
																								__eflags =  *((char*)(_t1261 + 2));
																								if( *((char*)(_t1261 + 2)) != 0) {
																									 *0x1446378 = 1;
																									 *0x14460c0 = _t1805;
																									asm("int3");
																									 *0x1446378 = 0;
																								}
																							}
																							_t1579 = _v116;
																						}
																					}
																					 *(_t1518 + 2) = _t1805[1];
																					_t1807 = ( *_t1805 & 0x0000ffff) + _t1885;
																					_v32 = _t1807;
																					_t1221 = _t1807 & 0x0000ffff;
																					_v32 = _t1807 & 0x0000ffff;
																					__eflags = _t1807 - 0xfe00;
																					if(_t1807 > 0xfe00) {
																						E0137A830(_t1871, _t1518, _t1807);
																						goto L136;
																					} else {
																						 *_t1518 = _t1807;
																						_t1892 = _t1221;
																						 *(_t1518 + 4 + _t1807 * 8) =  *(_t1871 + 0x54) ^ _v32;
																						__eflags = _t1579;
																						if(_t1579 != 0) {
																							 *(_t1518 + 2) =  *(_t1518 + 2) & 0x000000f0;
																							 *(_t1518 + 7) = 0;
																							__eflags =  *(_t1871 + 0x40) & 0x00000040;
																							if(( *(_t1871 + 0x40) & 0x00000040) != 0) {
																								_t969 = _t1518 + 0x10; // 0x10
																								E013AD5E0(_t969, _t1892 * 8 - 0x10, 0xfeeefeee);
																								_t970 = _t1518 + 2;
																								 *_t970 =  *(_t1518 + 2) | 0x00000004;
																								__eflags =  *_t970;
																							}
																							_t1227 = _t1871 + 0xc0;
																							__eflags =  *(_t1871 + 0xb4);
																							if( *(_t1871 + 0xb4) == 0) {
																								_t1581 =  *_t1227;
																							} else {
																								_t1581 = E0137E12C(_t1871, _t1892);
																								_t1227 = _t1871 + 0xc0;
																							}
																							while(1) {
																								__eflags = _t1227 - _t1581;
																								if(_t1227 == _t1581) {
																									break;
																								}
																								__eflags =  *(_t1871 + 0x4c);
																								if( *(_t1871 + 0x4c) == 0) {
																									_t1811 =  *(_t1581 - 8);
																								} else {
																									_t1811 =  *(_t1581 - 8);
																									_v132 = _t1811;
																									__eflags =  *(_t1871 + 0x4c) & _t1811;
																									if(( *(_t1871 + 0x4c) & _t1811) != 0) {
																										_t1811 = _t1811 ^  *(_t1871 + 0x50);
																										_v132 = _t1811;
																									}
																								}
																								_v136 = _t1811;
																								__eflags = _t1892 - (_t1811 & 0x0000ffff);
																								if(_t1892 <= (_t1811 & 0x0000ffff)) {
																									break;
																								} else {
																									_t1581 =  *_t1581;
																									_t1227 = _t1871 + 0xc0;
																									continue;
																								}
																							}
																							_t986 = _t1518 + 8; // 0x8
																							_t1893 = _t986;
																							_t1228 =  *((intOrPtr*)(_t1581 + 4));
																							_t1809 =  *_t1228;
																							__eflags = _t1809 - _t1581;
																							if(_t1809 != _t1581) {
																								_push(_t1581);
																								__eflags = 0;
																								E0141A80D(0, _t1581, 0, _t1809);
																							} else {
																								 *_t1893 = _t1581;
																								 *((intOrPtr*)(_t1893 + 4)) = _t1228;
																								 *_t1228 = _t1893;
																								 *((intOrPtr*)(_t1581 + 4)) = _t1893;
																							}
																							 *(_t1871 + 0x74) =  *(_t1871 + 0x74) + ( *_t1518 & 0x0000ffff);
																							_t1765 =  *(_t1871 + 0xb4);
																							__eflags = _t1765;
																							if(_t1765 == 0) {
																								L134:
																								__eflags =  *(_t1871 + 0x4c);
																								if( *(_t1871 + 0x4c) != 0) {
																									 *(_t1518 + 3) =  *(_t1518 + 2) ^  *(_t1518 + 1) ^  *_t1518;
																									 *_t1518 =  *_t1518 ^  *(_t1871 + 0x50);
																									__eflags =  *_t1518;
																								}
																								L136:
																								_v112 = 1;
																								_v71 = 0;
																								goto L137;
																							} else {
																								_t1583 =  *_t1518 & 0x0000ffff;
																								while(1) {
																									__eflags = _t1583 -  *((intOrPtr*)(_t1765 + 4));
																									if(_t1583 <  *((intOrPtr*)(_t1765 + 4))) {
																										break;
																									}
																									_t1235 =  *_t1765;
																									__eflags = _t1235;
																									if(_t1235 != 0) {
																										_t1765 = _t1235;
																										continue;
																									}
																									_t1236 =  *((intOrPtr*)(_t1765 + 4)) - 1;
																									__eflags = _t1236;
																									L520:
																									_v272 = _t1236;
																									L329:
																									E0137E4A0(_t1871, _t1765, 1, _t1893, _t1236, _t1583);
																									goto L134;
																								}
																								_t1236 = _t1583;
																								goto L520;
																							}
																						}
																						 *(_t1518 + 2) = _t1579;
																						 *(_t1518 + 7) = _t1579;
																						_t1244 = _t1871 + 0xc0;
																						__eflags =  *(_t1871 + 0xb4);
																						if( *(_t1871 + 0xb4) == 0) {
																							_t1586 =  *_t1244;
																						} else {
																							_t1586 = E0137E12C(_t1871, _t1892);
																							_t1244 = _t1871 + 0xc0;
																						}
																						while(1) {
																							__eflags = _t1244 - _t1586;
																							if(_t1244 == _t1586) {
																								break;
																							}
																							__eflags =  *(_t1871 + 0x4c);
																							if( *(_t1871 + 0x4c) == 0) {
																								_t1813 =  *(_t1586 - 8);
																							} else {
																								_t1813 =  *(_t1586 - 8);
																								_v92 = _t1813;
																								__eflags =  *(_t1871 + 0x4c) & _t1813;
																								if(( *(_t1871 + 0x4c) & _t1813) != 0) {
																									_t1813 = _t1813 ^  *(_t1871 + 0x50);
																									_v92 = _t1813;
																								}
																							}
																							_v138 = _t1813;
																							__eflags = _t1892 - (_t1813 & 0x0000ffff);
																							if(_t1892 <= (_t1813 & 0x0000ffff)) {
																								break;
																							} else {
																								_t1586 =  *_t1586;
																								_t1244 = _t1871 + 0xc0;
																								continue;
																							}
																						}
																						_t803 = _t1518 + 8; // 0x8
																						_t1893 = _t803;
																						_t1246 =  *((intOrPtr*)(_t1586 + 4));
																						_t1814 =  *_t1246;
																						__eflags = _t1814 - _t1586;
																						if(_t1814 != _t1586) {
																							_push(_t1586);
																							E0141A80D(0, _t1586, 0, _t1814);
																						} else {
																							 *_t1893 = _t1586;
																							 *((intOrPtr*)(_t1893 + 4)) = _t1246;
																							 *_t1246 = _t1893;
																							 *((intOrPtr*)(_t1586 + 4)) = _t1893;
																						}
																						 *(_t1871 + 0x74) =  *(_t1871 + 0x74) + ( *_t1518 & 0x0000ffff);
																						_t1765 =  *(_t1871 + 0xb4);
																						__eflags = _t1765;
																						if(_t1765 == 0) {
																							goto L134;
																						} else {
																							_t1583 =  *_t1518 & 0x0000ffff;
																							while(1) {
																								__eflags = _t1583 -  *((intOrPtr*)(_t1765 + 4));
																								if(_t1583 <  *((intOrPtr*)(_t1765 + 4))) {
																									break;
																								}
																								_t1249 =  *_t1765;
																								__eflags = _t1249;
																								if(_t1249 != 0) {
																									_t1765 = _t1249;
																									continue;
																								}
																								_t1236 =  *((intOrPtr*)(_t1765 + 4)) - 1;
																								__eflags = _t1236;
																								L395:
																								_v268 = _t1236;
																								goto L329;
																							}
																							_t1236 = _t1583;
																							goto L395;
																						}
																					}
																				}
																				_t1594 =  *_t1577 & 0x0000ffff;
																				while(1) {
																					__eflags = _t1594 -  *((intOrPtr*)(_t1802 + 4));
																					if(_t1594 <  *((intOrPtr*)(_t1802 + 4))) {
																						break;
																					}
																					_t1269 =  *_t1802;
																					__eflags = _t1269;
																					if(_t1269 != 0) {
																						_t1802 = _t1269;
																						continue;
																					}
																					_t1267 =  *((intOrPtr*)(_t1802 + 4)) - 1;
																					__eflags = _t1267;
																					L380:
																					_v264 = _t1267;
																					E0137BC04(_t1871, _t1802, 1, _v32, _t1267, _t1594);
																					_t1577 = _t1518 + _t1885 * 8;
																					goto L381;
																				}
																				_t1267 = _t1594;
																				goto L380;
																			}
																		}
																		_t1894 = _t1885 & 0x0000ffff;
																		_v48 = _t1894;
																		_t1577[2] =  *(_t1871 + 0x54) ^ _t1894;
																		__eflags = _t1754;
																		if(_t1754 != 0) {
																			 *(_t1518 + 2) =  *(_t1518 + 2) & 0x000000f0;
																			 *(_t1518 + 7) = 0;
																			__eflags =  *(_t1871 + 0x40) & 0x00000040;
																			if(( *(_t1871 + 0x40) & 0x00000040) != 0) {
																				_t911 = _t1518 + 0x10; // 0x10
																				E013AD5E0(_t911, _t1894 * 8 - 0x10, 0xfeeefeee);
																				 *(_t1518 + 2) =  *(_t1518 + 2) | 0x00000004;
																			}
																			_t1281 = _t1871 + 0xc0;
																			__eflags =  *(_t1871 + 0xb4);
																			if( *(_t1871 + 0xb4) == 0) {
																				_t1601 =  *_t1281;
																			} else {
																				_t1601 = E0137E12C(_t1871, _t1894);
																				_t1281 = _t1871 + 0xc0;
																			}
																			while(1) {
																				__eflags = _t1281 - _t1601;
																				if(_t1281 == _t1601) {
																					break;
																				}
																				__eflags =  *(_t1871 + 0x4c);
																				if( *(_t1871 + 0x4c) == 0) {
																					_t1766 =  *(_t1601 - 8);
																				} else {
																					_t1766 =  *(_t1601 - 8);
																					_v156 = _t1766;
																					__eflags =  *(_t1871 + 0x4c) & _t1766;
																					if(( *(_t1871 + 0x4c) & _t1766) != 0) {
																						_t1766 = _t1766 ^  *(_t1871 + 0x50);
																						__eflags = _t1766;
																						_v156 = _t1766;
																					}
																				}
																				_v134 = _t1766;
																				__eflags = _t1894 - (_t1766 & 0x0000ffff);
																				if(_t1894 > (_t1766 & 0x0000ffff)) {
																					_t1601 =  *_t1601;
																					_t1281 = _t1871 + 0xc0;
																					continue;
																				} else {
																					break;
																				}
																			}
																			_t674 = _t1518 + 8; // 0x8
																			_t1893 = _t674;
																			_t1282 =  *((intOrPtr*)(_t1601 + 4));
																			_t1763 =  *_t1282;
																			__eflags = _t1763 - _t1601;
																			if(_t1763 != _t1601) {
																				_push(_t1601);
																				E0141A80D(0, _t1601, 0, _t1763);
																			} else {
																				 *_t1893 = _t1601;
																				 *((intOrPtr*)(_t1893 + 4)) = _t1282;
																				 *_t1282 = _t1893;
																				 *((intOrPtr*)(_t1601 + 4)) = _t1893;
																			}
																			 *(_t1871 + 0x74) =  *(_t1871 + 0x74) + ( *_t1518 & 0x0000ffff);
																			_t1765 =  *(_t1871 + 0xb4);
																			__eflags = _t1765;
																			if(_t1765 == 0) {
																				goto L134;
																			} else {
																				_t1583 =  *_t1518 & 0x0000ffff;
																				while(1) {
																					__eflags = _t1583 -  *((intOrPtr*)(_t1765 + 4));
																					if(_t1583 <  *((intOrPtr*)(_t1765 + 4))) {
																						break;
																					}
																					_t1285 =  *_t1765;
																					__eflags = _t1285;
																					if(_t1285 == 0) {
																						_t1236 =  *((intOrPtr*)(_t1765 + 4)) - 1;
																						L328:
																						_v260 = _t1236;
																						goto L329;
																					}
																					_t1765 = _t1285;
																				}
																				_t1236 = _t1583;
																				goto L328;
																			}
																		}
																		 *(_t1518 + 2) = _t1754;
																		 *(_t1518 + 7) = _t1754;
																		_t1289 = _t1871 + 0xc0;
																		_t1604 =  *(_t1871 + 0xb4);
																		_v36 = _t1604;
																		__eflags = _t1604;
																		if(_t1604 == 0) {
																			_t1895 =  *_t1289;
																			goto L119;
																		} else {
																			while(1) {
																				_t1315 =  *((intOrPtr*)(_t1604 + 4));
																				__eflags = _t1894 - _t1315;
																				if(_t1894 < _t1315) {
																					_v172 = _t1894;
																					_t1316 = _t1894;
																					break;
																				}
																				_t1784 =  *_t1604;
																				__eflags = _t1784;
																				if(_t1784 == 0) {
																					_t1316 = _t1315 - 1;
																					__eflags = _t1316;
																					L201:
																					_v172 = _t1316;
																					break;
																				} else {
																					_t1604 = _t1784;
																					_v36 = _t1604;
																					continue;
																				}
																			}
																			_v64 = _t1316;
																			_v52 = _t1316 -  *(_t1604 + 0x14);
																			_t1785 =  *(_t1604 + 0x18);
																			_v40 = _t1785;
																			_t1318 =  *((intOrPtr*)(_t1785 + 4));
																			__eflags = _t1785 - _t1318;
																			if(_t1785 == _t1318) {
																				_t1895 = _t1785;
																			} else {
																				_t1319 = _t1318 + 0xfffffff8;
																				_v32 = _t1319;
																				_t1320 =  *_t1319;
																				_v412 = _t1320;
																				_t1617 = _t1320 & 0x0000ffff;
																				__eflags =  *(_t1871 + 0x4c);
																				if( *(_t1871 + 0x4c) != 0) {
																					_t1799 =  *(_t1871 + 0x50) ^ _t1320;
																					_v412 = _t1799;
																					_t1364 = _t1799 & 0x0000ffff;
																					_v44 = _t1364;
																					_v68 = _t1364 & 0x0000ffff;
																					_t1648 = _t1799 >> 0x00000010 ^ _t1799 >> 0x00000008 ^ _t1799;
																					__eflags = _t1799 >> 0x18 - _t1648;
																					if(_t1799 >> 0x18 != _t1648) {
																						_push(_t1648);
																						E0141A80D(_t1871, _v32, 0, 0);
																						_t1617 = _v44 & 0x0000ffff;
																					} else {
																						_t1617 = _v68;
																					}
																					_t1785 = _v40;
																				}
																				_t1619 = _v48 - (_t1617 & 0x0000ffff);
																				_v324 = _t1619;
																				__eflags = _t1619;
																				if(_t1619 > 0) {
																					_t1895 = _t1785;
																					L116:
																					_t1604 = _v36;
																				} else {
																					_t1323 =  *_t1785 + 0xfffffff8;
																					_v32 = _t1323;
																					_t1324 =  *_t1323;
																					_v420 = _t1324;
																					_t1620 = _t1324 & 0x0000ffff;
																					__eflags =  *(_t1871 + 0x4c);
																					if( *(_t1871 + 0x4c) != 0) {
																						_t1795 =  *(_t1871 + 0x50) ^ _t1324;
																						_v420 = _t1795;
																						_t1358 = _t1795 & 0x0000ffff;
																						_v44 = _t1358;
																						_v68 = _t1358 & 0x0000ffff;
																						_t1643 = _t1795 >> 0x00000010 ^ _t1795 >> 0x00000008 ^ _t1795;
																						__eflags = _t1795 >> 0x18 - _t1643;
																						if(_t1795 >> 0x18 != _t1643) {
																							_push(_t1643);
																							E0141A80D(_t1871, _v32, 0, 0);
																							_t1620 = _v44 & 0x0000ffff;
																						} else {
																							_t1620 = _v68;
																						}
																						_t1785 = _v40;
																					}
																					_t1622 = _v48 - (_t1620 & 0x0000ffff);
																					_v328 = _t1622;
																					__eflags = _t1622;
																					_t1604 = _v36;
																					if(_t1622 <= 0) {
																						_t1895 =  *_t1785;
																						L117:
																						__eflags = _t1895;
																						if(_t1895 == 0) {
																							L211:
																							_t1604 =  *_t1604;
																							_v36 = _t1604;
																							_t1316 =  *(_t1604 + 0x14);
																							goto L201;
																						}
																						_t1289 = _t1871 + 0xc0;
																						L119:
																						_t1605 = _v48;
																						while(1) {
																							__eflags = _t1289 - _t1895;
																							if(_t1289 == _t1895) {
																								break;
																							}
																							__eflags =  *(_t1871 + 0x4c);
																							if( *(_t1871 + 0x4c) == 0) {
																								_t1768 =  *(_t1895 - 8);
																							} else {
																								_t1768 =  *(_t1895 - 8);
																								_v164 = _t1768;
																								__eflags =  *(_t1871 + 0x4c) & _t1768;
																								if(( *(_t1871 + 0x4c) & _t1768) != 0) {
																									_t1768 = _t1768 ^  *(_t1871 + 0x50);
																									__eflags = _t1768;
																									_v164 = _t1768;
																								}
																							}
																							_v166 = _t1768;
																							__eflags = _t1605 - (_t1768 & 0x0000ffff);
																							if(_t1605 <= (_t1768 & 0x0000ffff)) {
																								break;
																							} else {
																								_t1895 =  *_t1895;
																								_t1289 = _t1871 + 0xc0;
																								continue;
																							}
																						}
																						_t283 = _t1518 + 8; // 0x8
																						_t1291 = _t283;
																						_t1606 =  *(_t1895 + 4);
																						_t1769 =  *_t1606;
																						__eflags = _t1769 - _t1895;
																						if(_t1769 != _t1895) {
																							_push(_t1606);
																							E0141A80D(0, _t1895, 0, _t1769);
																						} else {
																							 *_t1291 = _t1895;
																							_t1291[1] = _t1606;
																							 *_t1606 = _t1291;
																							 *(_t1895 + 4) = _t1291;
																						}
																						 *(_t1871 + 0x74) =  *(_t1871 + 0x74) + ( *_t1518 & 0x0000ffff);
																						_t1608 =  *(_t1871 + 0xb4);
																						_v48 = _t1608;
																						__eflags = _t1608;
																						if(_t1608 == 0) {
																							goto L134;
																						} else {
																							_t1896 =  *_t1518 & 0x0000ffff;
																							while(1) {
																								_t1294 =  *((intOrPtr*)(_t1608 + 4));
																								__eflags = _t1896 - _t1294;
																								if(_t1896 < _t1294) {
																									break;
																								}
																								_t1771 =  *_t1608;
																								__eflags = _t1771;
																								if(_t1771 == 0) {
																									_t1295 = _t1294 - 1;
																									_v256 = _t1295;
																									L127:
																									_v88 = _t1295;
																									_t1773 = _t1295 -  *((intOrPtr*)(_t1608 + 0x14));
																									_v40 = _t1773;
																									__eflags =  *(_t1608 + 8);
																									if( *(_t1608 + 8) != 0) {
																										_v36 = _t1773 + _t1773;
																									} else {
																										_v36 = _t1773;
																									}
																									 *((intOrPtr*)(_t1608 + 0xc)) =  *((intOrPtr*)(_t1608 + 0xc)) + 1;
																									_v128 =  *( *((intOrPtr*)(_t1608 + 0x20)) + _v36 * 4);
																									__eflags = _v88 -  *((intOrPtr*)(_t1608 + 4)) - 1;
																									_t1775 = _v40;
																									if(_v88 ==  *((intOrPtr*)(_t1608 + 4)) - 1) {
																										 *((intOrPtr*)(_t1608 + 0x10)) =  *((intOrPtr*)(_t1608 + 0x10)) + 1;
																									}
																									_t1301 = _v128;
																									__eflags = _t1301;
																									if(_t1301 != 0) {
																										_t1302 = _t1301 + 0xfffffff8;
																										_v32 = _t1302;
																										_t1303 =  *_t1302;
																										_v436 = _t1303;
																										_v64 = _t1303 & 0x0000ffff;
																										__eflags =  *(_t1871 + 0x4c);
																										_t1775 = _v40;
																										if( *(_t1871 + 0x4c) != 0) {
																											_t1781 =  *(_t1871 + 0x50) ^ _t1303;
																											_v436 = _t1781;
																											_t1309 = _t1781 & 0x0000ffff;
																											_v44 = _t1309;
																											_v64 = _t1309 & 0x0000ffff;
																											_t1614 = _t1781 >> 0x00000010 ^ _t1781 >> 0x00000008 ^ _t1781;
																											__eflags = _t1781 >> 0x18 - _t1614;
																											if(_t1781 >> 0x18 != _t1614) {
																												_push(_t1614);
																												E0141A80D(_t1871, _v32, 0, 0);
																												_v64 = _v44 & 0x0000ffff;
																											}
																											_t1775 = _v40;
																											_t1608 = _v48;
																										}
																										_t1897 = _t1896 - (_v64 & 0x0000ffff);
																										_v336 = _t1897;
																										__eflags = _t1897;
																										if(_t1897 <= 0) {
																											goto L131;
																										} else {
																											goto L132;
																										}
																									} else {
																										L131:
																										_t310 = _t1518 + 8; // 0x8
																										 *( *((intOrPtr*)(_t1608 + 0x20)) + _v36 * 4) = _t310;
																										L132:
																										__eflags = _v128;
																										if(_v128 == 0) {
																											_t1900 = _t1775 >> 5;
																											_v40 = _t1775 & 0x0000001f;
																											_t318 = _v48 + 0x1c; // 0xffffbba0
																											_t1308 =  *_t318;
																											_t319 = _t1308 + _t1900 * 4;
																											 *_t319 =  *(_t1308 + _t1900 * 4) | 0x00000001 << _v40;
																											__eflags =  *_t319;
																										}
																										goto L134;
																									}
																								}
																								_t1608 = _t1771;
																								_v48 = _t1608;
																							}
																							_v256 = _t1896;
																							_t1295 = _t1896;
																							goto L127;
																						}
																					}
																					__eflags =  *_t1604;
																					if( *_t1604 == 0) {
																						__eflags = _v64 -  *((intOrPtr*)(_t1604 + 4)) - 1;
																						if(_v64 !=  *((intOrPtr*)(_t1604 + 4)) - 1) {
																							goto L107;
																						}
																						__eflags =  *(_t1604 + 8);
																						if( *(_t1604 + 8) != 0) {
																							_v52 = _v52 + _v52;
																						}
																						_t1347 =  *((intOrPtr*)( *((intOrPtr*)(_t1604 + 0x20)) + _v52 * 4));
																						while(1) {
																							_v64 = _t1347;
																							__eflags = _t1785 - _t1347;
																							if(_t1785 == _t1347) {
																								goto L116;
																							}
																							_t1348 = _t1347 + 0xfffffff8;
																							_v32 = _t1348;
																							_t1349 =  *_t1348;
																							_v428 = _t1349;
																							_t1632 = _t1349 & 0x0000ffff;
																							__eflags =  *(_t1871 + 0x4c);
																							if( *(_t1871 + 0x4c) != 0) {
																								_t1791 =  *(_t1871 + 0x50) ^ _t1349;
																								_v428 = _t1791;
																								_t1352 = _t1791 & 0x0000ffff;
																								_v44 = _t1352;
																								_v68 = _t1352 & 0x0000ffff;
																								_t1638 = _t1791 >> 0x00000010 ^ _t1791 >> 0x00000008 ^ _t1791;
																								__eflags = _t1791 >> 0x18 - _t1638;
																								if(_t1791 >> 0x18 != _t1638) {
																									_push(_t1638);
																									E0141A80D(_t1871, _v32, 0, 0);
																									_t1632 = _v44 & 0x0000ffff;
																								} else {
																									_t1632 = _v68;
																								}
																								_t1785 = _v40;
																							}
																							_t1634 = _v48 - (_t1632 & 0x0000ffff);
																							_v332 = _t1634;
																							__eflags = _t1634;
																							if(_t1634 > 0) {
																								_t1347 =  *_v64;
																								continue;
																							} else {
																								_t1895 = _v64;
																								_t1604 = _v36;
																								goto L117;
																							}
																						}
																						goto L116;
																					}
																					L107:
																					_t1787 = _v52 >> 5;
																					_v44 = ( *((intOrPtr*)(_t1604 + 4)) -  *(_t1604 + 0x14) >> 5) - 1;
																					_t1333 =  *((intOrPtr*)(_t1604 + 0x1c)) + _t1787 * 4;
																					_v32 = 1;
																					_t1628 =  !((1 << (_v52 & 0x0000001f)) - 1) &  *_t1333;
																					__eflags = _t1628;
																					_t1904 = _v44;
																					while(1) {
																						_v252 = _t1333;
																						_v188 = _t1787;
																						__eflags = _t1628;
																						if(_t1628 != 0) {
																							break;
																						}
																						__eflags = _t1787 - _t1904;
																						if(_t1787 > _t1904) {
																							__eflags = _t1628;
																							if(_t1628 != 0) {
																								break;
																							}
																							_t1604 = _v36;
																							goto L211;
																						} else {
																							_t1333 =  &(_t1333[1]);
																							_t1628 =  *_t1333;
																							_t1787 = _t1787 + 1;
																							continue;
																						}
																					}
																					__eflags = _t1628;
																					if(_t1628 == 0) {
																						_t1336 = _t1628 >> 0x00000010 & 0x000000ff;
																						__eflags = _t1336;
																						if(_t1336 != 0) {
																							_t1338 = ( *(_t1336 + 0x13384d0) & 0x000000ff) + 0x10;
																						} else {
																							_t424 = (_t1628 >> 0x18) + 0x13384d0; // 0x10008
																							_t1338 = ( *_t424 & 0x000000ff) + 0x18;
																						}
																					} else {
																						_t1341 = _t1628 & 0x000000ff;
																						__eflags = _t1628;
																						if(_t1628 == 0) {
																							_t1338 = ( *((_t1628 >> 0x00000008 & 0x000000ff) + 0x13384d0) & 0x000000ff) + 8;
																						} else {
																							_t1338 =  *(_t1341 + 0x13384d0) & 0x000000ff;
																						}
																					}
																					_t1789 = (_t1787 << 5) + _t1338;
																					_v188 = _t1789;
																					_t1604 = _v36;
																					__eflags =  *(_t1604 + 8);
																					if( *(_t1604 + 8) != 0) {
																						_t1789 = _t1789 + _t1789;
																					}
																					_t1895 =  *( *((intOrPtr*)(_t1604 + 0x20)) + _t1789 * 4);
																				}
																			}
																			goto L117;
																		}
																	}
																}
															}
															_t1654 =  *_t1518 & 0x0000ffff;
															while(1) {
																_t550 = _t1740 + 4; // 0x0
																_t1384 =  *_t550;
																__eflags = _t1654 - _t1384;
																if(_t1654 < _t1384) {
																	break;
																}
																_t1906 =  *_t1740;
																_v44 = _t1906;
																__eflags = _t1906;
																_t1883 = _v32;
																if(_t1906 == 0) {
																	_t554 = _t1384 - 1; // -1
																	_t1654 = _t554;
																	break;
																}
																_t1740 = _v44;
															}
															_v240 = _t1654;
															_t556 = _t1518 + 8; // 0x8
															E0137BC04(_t1871, _t1740, 1, _t556, _t1654,  *_t1518 & 0x0000ffff);
															_t1567 = _v88;
															goto L258;
														}
														_t1518 = _t1882 - 8;
														_v100 = _t1518;
														__eflags =  *(_t1871 + 0x4c);
														if( *(_t1871 + 0x4c) != 0) {
															 *_t1518 =  *_t1518 ^  *(_t1871 + 0x50);
															__eflags =  *(_t1518 + 3) - ( *(_t1518 + 2) ^  *(_t1518 + 1) ^  *_t1518);
															if(__eflags != 0) {
																_push(_t1564);
																E0140FA2B(_t1518, _t1871, _t1518, _t1871, _t1882, __eflags);
															}
														}
														_t1656 =  *_t1518 & 0x0000ffff;
														__eflags = _t1656 - _v52;
														if(_t1656 < _v52) {
															__eflags =  *(_t1871 + 0x4c);
															if( *(_t1871 + 0x4c) != 0) {
																 *(_t1518 + 3) =  *(_t1518 + 2) ^  *(_t1518 + 1) ^  *_t1518;
																 *_t1518 =  *_t1518 ^  *(_t1871 + 0x50);
															}
															goto L248;
														}
														_t115 = _t1518 + 8; // 0x8
														_t1392 = _t115;
														_v44 = _t1392;
														_t1393 =  *_t1392;
														_v160 = _t1393;
														_t1820 =  *(_t1518 + 0xc);
														_v152 = _t1820;
														_t1821 =  *_t1820;
														_t1907 =  *((intOrPtr*)(_t1393 + 4));
														__eflags = _t1821 - _t1907;
														if(_t1821 != _t1907) {
															L440:
															_push(_t1656);
															_t858 = _t1518 + 8; // 0x8
															_t1546 = 0xd;
															_t1074 = E0141A80D(_t1871, _t858, _t1907, _t1821);
															_v70 = 0;
															goto L153;
														}
														_t121 = _t1518 + 8; // 0x8
														__eflags = _t1821 - _t121;
														if(_t1821 != _t121) {
															goto L440;
														}
														 *(_t1871 + 0x74) =  *(_t1871 + 0x74) - _t1656;
														_t1657 =  *(_t1871 + 0xb4);
														_v36 = _t1657;
														__eflags = _t1657;
														if(_t1657 == 0) {
															L74:
															_t1396 = _v160;
															_t1658 = _v152;
															 *_t1658 = _t1396;
															 *(_t1396 + 4) = _t1658;
															__eflags =  *(_t1518 + 2) & 0x00000008;
															if(( *(_t1518 + 2) & 0x00000008) != 0) {
																_t1397 = E0137A229(_t1871, _t1518);
																__eflags = _t1397;
																if(_t1397 != 0) {
																	goto L75;
																}
																_t1546 = _t1871;
																_t1074 = E0137A309(_t1871, _t1518,  *_t1518 & 0x0000ffff, 1);
																_v70 = 0;
																goto L153;
															}
															L75:
															_v70 = 1;
															goto L76;
														} else {
															_t1825 =  *_t1518 & 0x0000ffff;
															while(1) {
																_t1399 =  *((intOrPtr*)(_t1657 + 4));
																__eflags = _t1825 - _t1399;
																if(_t1825 < _t1399) {
																	break;
																}
																_t1908 =  *_t1657;
																__eflags = _t1908;
																if(_t1908 == 0) {
																	_t427 = _t1399 - 1; // -1
																	_t1825 = _t427;
																	break;
																} else {
																	_t1657 = _t1908;
																	_v36 = _t1657;
																	continue;
																}
															}
															_v232 = _t1825;
															_v108 =  *_t1518 & 0x0000ffff;
															_t1910 = _t1825 -  *((intOrPtr*)(_t1657 + 0x14));
															_v40 = _t1910;
															__eflags =  *(_t1657 + 8);
															if( *(_t1657 + 8) != 0) {
																_t1401 = _t1910 + _t1910;
															} else {
																_t1401 = _t1910;
															}
															_t1911 = _t1401 * 4;
															_v88 = _t1911;
															_t1403 =  *((intOrPtr*)(_t1657 + 0x20)) + _t1911;
															_v128 = _t1403;
															_v32 =  *_t1403;
															 *((intOrPtr*)(_t1657 + 0xc)) =  *((intOrPtr*)(_t1657 + 0xc)) - 1;
															_t1405 =  *((intOrPtr*)(_t1657 + 4));
															_t140 = _t1405 - 1; // -1
															_t1912 = _t140;
															_v68 = _t1912;
															__eflags = _t1825 - _t1912;
															if(_t1825 == _t1912) {
																 *((intOrPtr*)(_t1657 + 0x10)) =  *((intOrPtr*)(_t1657 + 0x10)) - 1;
															}
															__eflags = _v32 - _v44;
															if(_v32 != _v44) {
																goto L74;
															} else {
																_v236 = _t1405;
																__eflags =  *_t1657;
																if( *_t1657 == 0) {
																	_t1405 = _v68;
																	_v236 = _t1405;
																}
																_v48 =  *(_t1518 + 8);
																_v32 =  *((intOrPtr*)(_t1657 + 0x18));
																__eflags = _t1825 - _t1405;
																_t1916 = _v40;
																if(_t1825 >= _t1405) {
																	_t1406 = _v48;
																	_t1660 = _v128;
																	__eflags = _t1406 - _v32;
																	if(_t1406 != _v32) {
																		 *_t1660 = _t1406;
																		goto L74;
																	}
																	 *_t1660 = 0;
																	L73:
																	_t1917 = _t1916 >> 5;
																	_t1408 =  *((intOrPtr*)(_v36 + 0x1c));
																	_t172 = _t1408 + _t1917 * 4;
																	 *_t172 =  *(_t1408 + _t1917 * 4) &  !(1 << (_v40 & 0x0000001f));
																	__eflags =  *_t172;
																	goto L74;
																}
																_t1829 = _v48;
																__eflags = _t1829 -  *((intOrPtr*)(_t1657 + 0x18));
																if(_t1829 ==  *((intOrPtr*)(_t1657 + 0x18))) {
																	L72:
																	 *(_v88 +  *((intOrPtr*)(_t1657 + 0x20))) = 0;
																	goto L73;
																}
																_t1410 = _t1829 - 8;
																_v32 = _t1410;
																_t1411 =  *_t1410;
																_v404 = _t1411;
																_t1527 = _t1411 & 0x0000ffff;
																__eflags =  *(_t1871 + 0x4c);
																if( *(_t1871 + 0x4c) != 0) {
																	_t1831 =  *(_t1871 + 0x50) ^ _t1411;
																	_v404 = _t1831;
																	_t1414 = _t1831 & 0x0000ffff;
																	_v44 = _t1414;
																	_t1527 = _t1414 & 0x0000ffff;
																	_t1668 = _t1831 >> 0x00000010 ^ _t1831 >> 0x00000008 ^ _t1831;
																	__eflags = _t1831 >> 0x18 - _t1668;
																	if(_t1831 >> 0x18 != _t1668) {
																		_push(_t1668);
																		E0141A80D(_t1871, _v32, 0, 0);
																		_t1527 = _v44 & 0x0000ffff;
																	}
																	_t1829 = _v48;
																	_t1657 = _v36;
																}
																_t1529 = _v108 - (_t1527 & 0x0000ffff);
																__eflags = _t1529;
																_v316 = _t1529;
																if(_t1529 == 0) {
																	 *(_v88 +  *((intOrPtr*)(_t1657 + 0x20))) = _t1829;
																	_t1518 = _v100;
																	goto L74;
																} else {
																	_t1518 = _v100;
																	goto L72;
																}
															}
														}
													}
												}
											}
											L311:
											_t1882 = _t1736;
											goto L49;
										}
									}
									_t1564 = _t1147;
									_v36 = _t1147;
								}
								goto L26;
							}
							_t1922 =  *_t1145;
							if(_t1922 != 0) {
								_t1518 = _t1922 - 8;
								_v100 = _t1518;
								__eflags =  *(_t1871 + 0x4c);
								if( *(_t1871 + 0x4c) != 0) {
									 *_t1518 =  *_t1518 ^  *(_t1871 + 0x50);
									__eflags =  *(_t1518 + 3) - ( *(_t1518 + 2) ^  *(_t1518 + 1) ^  *_t1518);
									if(__eflags != 0) {
										_push(_t1546);
										E0140FA2B(_t1518, _t1871, _t1518, _t1871, _t1922, __eflags);
									}
								}
								_t460 = _t1518 + 8; // 0xddeeddf6
								_t1459 = _t460;
								_v160 = _t1459;
								_t1707 =  *_t1459;
								_v44 = _t1707;
								_t1460 =  *(_t1518 + 0xc);
								_v32 = _t1460;
								_t1461 =  *_t1460;
								_t1708 =  *((intOrPtr*)(_t1707 + 4));
								__eflags = _t1461 - _t1708;
								if(_t1461 != _t1708) {
									L429:
									_push(_t1708);
									_t1546 = 0xd;
									E0141A80D(_t1871, _t1922, _t1708, _t1461);
									goto L430;
								} else {
									__eflags = _t1461 - _t1922;
									if(_t1461 != _t1922) {
										goto L429;
									}
									 *(_t1871 + 0x74) =  *(_t1871 + 0x74) - ( *_t1518 & 0x0000ffff);
									_t1709 =  *(_t1871 + 0xb4);
									_v36 = _t1709;
									__eflags = _t1709;
									if(_t1709 == 0) {
										L235:
										_t1465 = _v44;
										_t1710 = _v32;
										 *_t1710 = _t1465;
										 *(_t1465 + 4) = _t1710;
										__eflags =  *(_t1518 + 2) & 0x00000008;
										if(( *(_t1518 + 2) & 0x00000008) != 0) {
											_t1466 = E0137A229(_t1871, _t1518);
											__eflags = _t1466;
											if(_t1466 != 0) {
												goto L236;
											}
											_t1546 = _t1871;
											E0137A309(_t1871, _t1518,  *_t1518 & 0x0000ffff, 1);
											L430:
											_v69 = 0;
											 *( *[fs:0x18] + 0xbf4) = 0xc0000017;
											_t1923 =  *[fs:0x18];
											_v296 = _t1923;
											 *((intOrPtr*)(_t1923 + 0x34)) = E0135CCC0(0xc0000017);
											goto L153;
										}
										L236:
										_v69 = 1;
										goto L76;
									}
									_t1852 =  *_t1518 & 0x0000ffff;
									while(1) {
										_t1469 =  *((intOrPtr*)(_t1709 + 4));
										__eflags = _t1852 - _t1469;
										if(_t1852 < _t1469) {
											break;
										}
										_t1924 =  *_t1709;
										__eflags = _t1924;
										if(_t1924 == 0) {
											_t838 = _t1469 - 1; // -1
											_t1852 = _t838;
											break;
										}
										_t1709 = _t1924;
										_v36 = _t1709;
									}
									_v220 = _t1852;
									_v68 =  *_t1518 & 0x0000ffff;
									_t1926 = _t1852 -  *((intOrPtr*)(_t1709 + 0x14));
									_v40 = _t1926;
									__eflags =  *(_t1709 + 8);
									if( *(_t1709 + 8) != 0) {
										_t1471 = _t1926 + _t1926;
									} else {
										_t1471 = _t1926;
									}
									_t1927 = _t1471 * 4;
									_v128 = _t1927;
									_t1473 =  *((intOrPtr*)(_t1709 + 0x20)) + _t1927;
									_v88 = _t1473;
									_v152 =  *_t1473;
									 *((intOrPtr*)(_t1709 + 0xc)) =  *((intOrPtr*)(_t1709 + 0xc)) - 1;
									_t1475 =  *((intOrPtr*)(_t1709 + 4));
									_v48 = _t1475;
									_t485 = _t1475 - 1; // -1
									_t1928 = _t485;
									_v108 = _t1928;
									__eflags = _t1852 - _t1928;
									if(_t1852 == _t1928) {
										 *((intOrPtr*)(_t1709 + 0x10)) =  *((intOrPtr*)(_t1709 + 0x10)) - 1;
									}
									__eflags = _v152 - _v160;
									if(_v152 != _v160) {
										goto L235;
									} else {
										_v216 = _t1475;
										__eflags =  *_t1709;
										if( *_t1709 == 0) {
											_t1476 = _v108;
											_v48 = _t1476;
											_v216 = _t1476;
										}
										_t1477 =  *(_t1518 + 8);
										_v152 = _t1477;
										_v108 =  *((intOrPtr*)(_t1709 + 0x18));
										__eflags = _t1852 - _v48;
										_t1931 = _v40;
										if(_t1852 >= _v48) {
											_t1712 = _v88;
											__eflags = _t1477 - _v108;
											if(_t1477 == _v108) {
												 *_t1712 = 0;
												goto L234;
											}
											 *_t1712 = _t1477;
											goto L235;
										} else {
											__eflags = _t1477 -  *((intOrPtr*)(_t1709 + 0x18));
											if(_t1477 ==  *((intOrPtr*)(_t1709 + 0x18))) {
												L233:
												 *(_v128 +  *((intOrPtr*)(_t1709 + 0x20))) = 0;
												L234:
												_t1932 = _t1931 >> 5;
												_t1479 =  *((intOrPtr*)(_v36 + 0x1c));
												_t513 = _t1479 + _t1932 * 4;
												 *_t513 =  *(_t1479 + _t1932 * 4) &  !(1 << (_v40 & 0x0000001f));
												__eflags =  *_t513;
												goto L235;
											}
											_t1481 = _t1477 + 0xfffffff8;
											_v108 = _t1481;
											_t1482 =  *_t1481;
											_v372 = _t1482;
											_t1539 = _t1482 & 0x0000ffff;
											__eflags =  *(_t1871 + 0x4c);
											if( *(_t1871 + 0x4c) != 0) {
												_t1861 =  *(_t1871 + 0x50) ^ _t1482;
												_v372 = _t1861;
												_t1485 = _t1861 & 0x0000ffff;
												_v160 = _t1485;
												_t1539 = _t1485 & 0x0000ffff;
												_t1719 = _t1861 >> 0x00000010 ^ _t1861 >> 0x00000008 ^ _t1861;
												__eflags = _t1861 >> 0x18 - _t1719;
												if(_t1861 >> 0x18 != _t1719) {
													_push(_t1719);
													E0141A80D(_t1871, _v108, 0, 0);
													_t1539 = _v160 & 0x0000ffff;
												}
												_t1709 = _v36;
											}
											_t1858 = _v68 - (_t1539 & 0x0000ffff);
											__eflags = _t1858;
											_v292 = _t1858;
											if(_t1858 == 0) {
												 *(_v128 +  *((intOrPtr*)(_t1709 + 0x20))) = _v152;
												_t1518 = _v100;
												goto L235;
											} else {
												_t1518 = _v100;
												goto L233;
											}
										}
									}
								}
							}
							goto L23;
						}
						_t1496 = _a4;
						if(_t1518 >= ( *(_t1871 + 0xe0) & 0x0000ffff)) {
							__eflags = _t1496 -  *0x1445cb4; // 0x4000
							if(__eflags > 0) {
								goto L21;
							}
							__eflags =  *((char*)(_t1871 + 0xda)) - 2;
							if( *((char*)(_t1871 + 0xda)) == 2) {
								__eflags =  *(_t1871 + 0xd4);
								if( *(_t1871 + 0xd4) != 0) {
									goto L21;
								}
							}
							__eflags =  *((char*)(_t1871 + 0xdb)) - 2;
							if( *((char*)(_t1871 + 0xdb)) == 2) {
								 *(_t1871 + 0x48) =  *(_t1871 + 0x48) | 0x20000000;
							}
							goto L21;
						}
						_t1952 = _t1496 -  *0x1445cb4; // 0x4000
						if(_t1952 > 0) {
							goto L21;
						}
						_t1723 = _t1871 + 0xe2 + (_t1518 >> 3);
						_v88 = _t1723;
						_t1546 = _t1518 & 7;
						_v128 = _t1546;
						if(( *_t1723 & 0x00000001 << _t1546) != 0) {
							L20:
							_t1729 = _v52;
							goto L21;
						}
						_t1933 =  *((intOrPtr*)(_t1871 + 0xdc)) + _t1518 * 2;
						_v288 = _t1933;
						 *_t1933 =  *_t1933 + 0x21;
						_t1546 =  *_t1933;
						if(_v180 != 0) {
							L275:
							_t1504 = _a4;
							__eflags = _t1504;
							if(_t1504 == 0) {
								_t1866 = 1;
							} else {
								_t1866 = _t1504;
							}
							__eflags =  *((char*)(_t1871 + 0xda)) - 2;
							if( *((char*)(_t1871 + 0xda)) != 2) {
								_t1724 = 0;
							} else {
								_t1724 =  *(_t1871 + 0xd4);
							}
							_t1506 = E0138F4A7(_t1724, _t1866) & 0x0000ffff;
							_t1546 = 0xffff;
							__eflags = _t1506 - 0xffff;
							if(_t1506 == 0xffff) {
								__eflags =  *((char*)(_t1871 + 0xda)) - 2;
								if( *((char*)(_t1871 + 0xda)) == 2) {
									__eflags =  *(_t1871 + 0xd4);
									if( *(_t1871 + 0xd4) != 0) {
										goto L20;
									}
								}
								 *(_t1871 + 0x48) =  *(_t1871 + 0x48) | 0x20000000;
							} else {
								 *_t1933 = _t1506;
								_t1546 = _v88;
								asm("bts eax, edx");
								 *_t1546 =  *_t1546 & 0x000000ff;
								 *((intOrPtr*)(_t1871 + 0x22c)) =  *((intOrPtr*)(_t1871 + 0x22c)) + 1;
							}
							goto L20;
						}
						if((_t1546 & 0x0000001f) > 0x10 || _t1546 > 0xff00) {
							_v212 = 1;
							goto L275;
						} else {
							_v212 = 0;
							goto L20;
						}
					} else {
						_t1546 =  *(_t1871 + 0xc8);
						_t1868 =  *[fs:0x18];
						asm("lock btr dword [eax], 0x0");
						if(_t1946 >= 0) {
							_t1074 =  *(_t1546 + 0xc);
							__eflags =  *(_t1546 + 0xc) -  *(_t1868 + 0x24);
							if( *(_t1546 + 0xc) ==  *(_t1868 + 0x24)) {
								 *(_t1546 + 8) =  *(_t1546 + 8) + 1;
								goto L8;
							}
							_v176 = 0;
							__eflags =  *0x1447bc8;
							if( *0x1447bc8 != 0) {
								_v109 = 0;
								 *( *[fs:0x18] + 0xbf4) = 0xc0000194;
								_t1934 =  *[fs:0x18];
								_v284 = _t1934;
								 *((intOrPtr*)(_t1934 + 0x34)) = E0135CCC0(0xc0000194);
								L153:
								_v8 = 0xfffffffe;
								E01376DF6(_t1074, _t1546, _t1871);
								_t1078 =  *( *[fs:0x30] + 0x50);
								__eflags = _t1078;
								if(_t1078 != 0) {
									__eflags =  *_t1078;
									if( *_t1078 == 0) {
										goto L154;
									}
									_t1079 =  *( *[fs:0x30] + 0x50) + 0x22e;
									L155:
									_t1877 = _v80;
									__eflags =  *_t1079;
									if( *_t1079 != 0) {
										__eflags = _t1877;
										if(_t1877 != 0) {
											_t1730 = _v60;
											__eflags = _t1730;
											if(_t1730 != 0) {
												E0140FEC0(_t1518, _t1871, _t1730 & 0xffff0000,  *((intOrPtr*)(_t1730 + 0x14)));
											}
										}
									}
									_t1073 = _t1877;
									L157:
									 *[fs:0x0] = _v20;
									return _t1073;
								}
								L154:
								_t1079 = 0x7ffe0388;
								goto L155;
							}
							_v180 = 1;
							E0136EEF0( *(_t1871 + 0xc8));
							_t1546 = _t1871;
							_t1074 = E01394032(_t1546, 1);
							goto L9;
						} else {
							_t1074 =  *(_t1868 + 0x24);
							 *(_t1546 + 0xc) =  *(_t1868 + 0x24);
							 *(_t1546 + 8) = 1;
							L8:
							_v176 = 1;
							 *((intOrPtr*)(_t1871 + 0x204)) =  *((intOrPtr*)(_t1871 + 0x204)) + 1;
							L9:
							_v109 = 1;
							_v53 = 1;
							if(( *(_t1871 + 0x48) & 0x30000000) != 0) {
								_t1546 = _t1871;
								_t1074 = E01385640(_t1518);
							}
							_t1729 = _v52;
							goto L11;
						}
					}
				}
			}





















































































































































































































































































































































































































                            0x01375600
                            0x01375600
                            0x01375605
                            0x01375607
                            0x0137560c
                            0x01375617
                            0x01375618
                            0x0137561f
                            0x01375621
                            0x01375626
                            0x0137562b
                            0x0137562f
                            0x01375635
                            0x01375638
                            0x0137563a
                            0x01375640
                            0x0137564a
                            0x01375651
                            0x01375655
                            0x0137565c
                            0x01375663
                            0x01375670
                            0x01375679
                            0x0137672c
                            0x01376736
                            0x0137673c
                            0x0137673f
                            0x01376744
                            0x013bebaf
                            0x00000000
                            0x013bebaf
                            0x0137674a
                            0x01376750
                            0x013bebb6
                            0x013bebbc
                            0x00000000
                            0x00000000
                            0x013bebc3
                            0x00000000
                            0x013bebc3
                            0x01376756
                            0x01376756
                            0x01376758
                            0x013bebcd
                            0x013bebcd
                            0x01376766
                            0x0137676c
                            0x0137676f
                            0x013bebd7
                            0x013bebd7
                            0x01376775
                            0x01376778
                            0x01376783
                            0x01376786
                            0x01376789
                            0x0137678e
                            0x013bebe1
                            0x013bebe8
                            0x00000000
                            0x00000000
                            0x00000000
                            0x01376794
                            0x01376794
                            0x01376794
                            0x01376797
                            0x0137679a
                            0x0137679a
                            0x0137679d
                            0x013767a0
                            0x013767a0
                            0x013767a3
                            0x00000000
                            0x013767a3
                            0x0137568c
                            0x0137568c
                            0x0137568e
                            0x01375691
                            0x01375693
                            0x01375699
                            0x013beb9e
                            0x013beba2
                            0x013beba7
                            0x013beba7
                            0x013756a2
                            0x013756a8
                            0x013756ab
                            0x013756ad
                            0x013756b3
                            0x013764d1
                            0x013764d7
                            0x013764de
                            0x013764e1
                            0x013764e7
                            0x013764ea
                            0x013764ea
                            0x013764e1
                            0x013756b9
                            0x013756c0
                            0x013756c2
                            0x01375714
                            0x01375717
                            0x013769d8
                            0x013769dc
                            0x013bf55f
                            0x01376be2
                            0x01376be2
                            0x00000000
                            0x01376be2
                            0x013769e5
                            0x013769e8
                            0x013769eb
                            0x013769f8
                            0x013769fb
                            0x01376a01
                            0x01376a16
                            0x01376a1c
                            0x01376a21
                            0x01376a28
                            0x01376a2a
                            0x01376a30
                            0x01376a31
                            0x01376a3c
                            0x01376a3d
                            0x01376a45
                            0x01376a46
                            0x01376a48
                            0x01376a4d
                            0x01376a53
                            0x01376a55
                            0x00000000
                            0x00000000
                            0x01376a63
                            0x01376a66
                            0x01376a67
                            0x01376a6f
                            0x01376a70
                            0x01376a75
                            0x01376a76
                            0x01376a78
                            0x01376a7d
                            0x01376a83
                            0x01376a85
                            0x013bf54d
                            0x013bf554
                            0x00000000
                            0x013bf554
                            0x01376a94
                            0x01376aa1
                            0x01376aaa
                            0x01376ab6
                            0x01376abc
                            0x01376ac3
                            0x01376ac9
                            0x01376ace
                            0x01376ad0
                            0x013bf40f
                            0x01376ad6
                            0x01376ad6
                            0x01376ad6
                            0x01376adb
                            0x01376ade
                            0x013bf419
                            0x013bf41f
                            0x013bf426
                            0x013bf431
                            0x013bf436
                            0x013bf436
                            0x013bf426
                            0x01376ae4
                            0x01376ae9
                            0x01376aeb
                            0x013bf449
                            0x01376af1
                            0x01376af1
                            0x01376af1
                            0x01376af6
                            0x01376af9
                            0x013bf453
                            0x013bf459
                            0x013bf460
                            0x013bf46b
                            0x013bf46d
                            0x013bf47f
                            0x013bf46f
                            0x013bf478
                            0x013bf478
                            0x013bf492
                            0x013bf497
                            0x013bf497
                            0x013bf460
                            0x01376aff
                            0x01376b04
                            0x01376b06
                            0x013bf4aa
                            0x01376b0c
                            0x01376b0c
                            0x01376b0c
                            0x01376b11
                            0x01376b14
                            0x013bf4b9
                            0x013bf4bb
                            0x013bf4cd
                            0x013bf4bd
                            0x013bf4c6
                            0x013bf4c6
                            0x013bf4e0
                            0x013bf4e5
                            0x013bf4e5
                            0x01376b1a
                            0x01376b21
                            0x013bf4f9
                            0x013bf4fc
                            0x013bf506
                            0x013bf506
                            0x01376b2d
                            0x01376b30
                            0x01376b36
                            0x01376b3b
                            0x013bf530
                            0x013bf530
                            0x01376b41
                            0x01376b44
                            0x01376b48
                            0x01376b53
                            0x01376b59
                            0x01376b59
                            0x01376b59
                            0x01376b5c
                            0x01376b5c
                            0x01376b5f
                            0x01376b65
                            0x01376b68
                            0x01376b6a
                            0x01376b6c
                            0x013bf539
                            0x013bf540
                            0x013bf543
                            0x01376b72
                            0x01376b72
                            0x01376b74
                            0x01376b77
                            0x01376b79
                            0x01376b79
                            0x01376b7f
                            0x01376b82
                            0x00000000
                            0x01376b82
                            0x0137571f
                            0x013757b0
                            0x013757b0
                            0x013757b5
                            0x013757c1
                            0x013757c7
                            0x013757cd
                            0x013757d3
                            0x013757e0
                            0x013757e0
                            0x013757e5
                            0x013757eb
                            0x013757eb
                            0x013757eb
                            0x013761b6
                            0x013761b8
                            0x013761ba
                            0x01376503
                            0x013757ed
                            0x013757ed
                            0x013757ed
                            0x013757f3
                            0x013757f6
                            0x013757f8
                            0x013757fb
                            0x013757fe
                            0x01375803
                            0x00000000
                            0x00000000
                            0x01375809
                            0x0137580c
                            0x0137580f
                            0x01375811
                            0x01375817
                            0x0137581d
                            0x01375822
                            0x01375824
                            0x0137582a
                            0x0137582d
                            0x01375833
                            0x01375842
                            0x01375849
                            0x013bed03
                            0x013bed12
                            0x013bed1a
                            0x0137584f
                            0x0137584f
                            0x0137584f
                            0x01375852
                            0x01375852
                            0x0137585b
                            0x0137585d
                            0x01375865
                            0x013765de
                            0x00000000
                            0x0137586b
                            0x0137586d
                            0x01375870
                            0x01375873
                            0x01375875
                            0x0137587b
                            0x01375881
                            0x01375886
                            0x01375888
                            0x0137588e
                            0x01375891
                            0x01375897
                            0x013758a6
                            0x013758ad
                            0x013bed22
                            0x013bed31
                            0x013bed39
                            0x013758b3
                            0x013758b3
                            0x013758b3
                            0x013758b6
                            0x013758b6
                            0x013758bf
                            0x013758c1
                            0x013758c9
                            0x013758cc
                            0x01376300
                            0x00000000
                            0x013758d2
                            0x013758d4
                            0x013758e8
                            0x013758f4
                            0x013758f8
                            0x013758fe
                            0x0137590e
                            0x01375910
                            0x01375910
                            0x01375916
                            0x0137591e
                            0x00000000
                            0x00000000
                            0x01375922
                            0x0137605f
                            0x01376061
                            0x00000000
                            0x00000000
                            0x01376067
                            0x00000000
                            0x01375928
                            0x01375928
                            0x0137592b
                            0x0137592d
                            0x00000000
                            0x0137592d
                            0x01375922
                            0x01375930
                            0x01375933
                            0x01376077
                            0x0137607a
                            0x0137607c
                            0x013761d7
                            0x01376082
                            0x01376082
                            0x01376082
                            0x01375939
                            0x0137593e
                            0x01375941
                            0x01375943
                            0x013761e6
                            0x01375949
                            0x0137594c
                            0x01375953
                            0x01375953
                            0x01375953
                            0x01375943
                            0x01375959
                            0x0137595b
                            0x01375961
                            0x01375964
                            0x01375968
                            0x013bed68
                            0x013bed68
                            0x01375971
                            0x00000000
                            0x0137661c
                            0x0137661c
                            0x0137661f
                            0x013bed41
                            0x013bed41
                            0x01376628
                            0x01376630
                            0x01376630
                            0x01376632
                            0x00000000
                            0x00000000
                            0x01376638
                            0x0137663b
                            0x01376641
                            0x01376644
                            0x01376647
                            0x0137664c
                            0x0137664e
                            0x01376654
                            0x01376657
                            0x0137665d
                            0x0137666c
                            0x01376671
                            0x01376673
                            0x013bed48
                            0x013bed58
                            0x013bed60
                            0x01376679
                            0x01376679
                            0x01376679
                            0x0137667c
                            0x0137667c
                            0x01376685
                            0x01376687
                            0x0137668d
                            0x0137668f
                            0x01376711
                            0x00000000
                            0x01376695
                            0x01376695
                            0x00000000
                            0x01376695
                            0x0137668f
                            0x01375974
                            0x01375974
                            0x01375977
                            0x01375977
                            0x01375979
                            0x0137606a
                            0x0137606a
                            0x0137606c
                            0x0137606f
                            0x00000000
                            0x0137606f
                            0x0137597f
                            0x01375985
                            0x0137598b
                            0x0137653b
                            0x0137653e
                            0x01376545
                            0x01376547
                            0x0137654a
                            0x0137654c
                            0x01376bd8
                            0x00000000
                            0x01376bd8
                            0x01376552
                            0x01376552
                            0x01376555
                            0x01376557
                            0x0137655a
                            0x0137655d
                            0x01376560
                            0x01376562
                            0x01376565
                            0x01376568
                            0x0137656a
                            0x0137656d
                            0x013bf3eb
                            0x013bf3eb
                            0x013bf3f3
                            0x013bf3f8
                            0x013bf3fd
                            0x00000000
                            0x013bf3fd
                            0x01376573
                            0x01376575
                            0x00000000
                            0x00000000
                            0x0137657e
                            0x01376581
                            0x01376587
                            0x01376589
                            0x013765c6
                            0x013765c6
                            0x013765c8
                            0x013765cb
                            0x013765cf
                            0x013bedfc
                            0x013bee01
                            0x013bee03
                            0x00000000
                            0x00000000
                            0x013bee11
                            0x013bee13
                            0x013bee18
                            0x00000000
                            0x013bee18
                            0x013765d5
                            0x013765d5
                            0x01375b42
                            0x01375b42
                            0x01375b45
                            0x01375b48
                            0x01375b4c
                            0x013767ab
                            0x013767ae
                            0x013bee24
                            0x013bee2b
                            0x013bee31
                            0x013bee34
                            0x013bee36
                            0x013bee39
                            0x013bee3b
                            0x013bee3b
                            0x013bee3e
                            0x013bee3e
                            0x013bee39
                            0x013bee4a
                            0x013bee4e
                            0x013bee53
                            0x013bee56
                            0x013bee58
                            0x013bee5e
                            0x013bee65
                            0x013bee69
                            0x013bee8b
                            0x013bee90
                            0x013bee95
                            0x013bee6b
                            0x013bee81
                            0x013bee86
                            0x013bee86
                            0x013bee98
                            0x013beea3
                            0x013beeaa
                            0x013beeaf
                            0x013beeb2
                            0x013beeb8
                            0x013beebc
                            0x013beedb
                            0x013beebe
                            0x013beebe
                            0x013beec5
                            0x013beec8
                            0x013beece
                            0x013beecf
                            0x013beecf
                            0x013beebc
                            0x013bee58
                            0x013767ae
                            0x01375b52
                            0x01375b55
                            0x01375b59
                            0x013beee3
                            0x013beeeb
                            0x013beef0
                            0x00000000
                            0x01375b5f
                            0x01375b62
                            0x01375b68
                            0x01375b6b
                            0x01375b6d
                            0x01375b73
                            0x01375b79
                            0x01375b7c
                            0x01375b7e
                            0x01375b81
                            0x01375b84
                            0x013beefa
                            0x013beefe
                            0x01375b8a
                            0x01375b8a
                            0x01375b8a
                            0x01375b8d
                            0x01375b91
                            0x01375b93
                            0x01375ed4
                            0x01375ed4
                            0x01375eda
                            0x01375ee0
                            0x01375ee7
                            0x01375ef2
                            0x01375ef4
                            0x013bf311
                            0x01375efa
                            0x01375efa
                            0x01375efa
                            0x01375efa
                            0x01375efc
                            0x01375efe
                            0x01375f00
                            0x013bf318
                            0x013bf318
                            0x013bf31b
                            0x013bf31d
                            0x013bf31d
                            0x01375f06
                            0x01375f0a
                            0x013767b9
                            0x013767bc
                            0x013767bf
                            0x013768b1
                            0x013768b5
                            0x013767d9
                            0x013767d9
                            0x013767dc
                            0x013767dc
                            0x013767e0
                            0x013bf354
                            0x013bf357
                            0x013bf35e
                            0x013bf369
                            0x013bf369
                            0x013767e6
                            0x013767e9
                            0x013767ed
                            0x013767f1
                            0x013bf3b7
                            0x013bf3ba
                            0x013bf3c0
                            0x013bf3c5
                            0x00000000
                            0x00000000
                            0x013bf3cd
                            0x013bf3dc
                            0x013bf3e3
                            0x00000000
                            0x013767f7
                            0x013767f7
                            0x013767fe
                            0x01376800
                            0x01376808
                            0x0137680a
                            0x0137680d
                            0x01376814
                            0x013bf372
                            0x013bf37c
                            0x013bf37f
                            0x013bf37f
                            0x01376820
                            0x01376823
                            0x01376829
                            0x0137682e
                            0x013bf389
                            0x013bf39d
                            0x013bf3a2
                            0x013bf3a8
                            0x00000000
                            0x01376834
                            0x01376834
                            0x01376834
                            0x01376837
                            0x01376837
                            0x0137683b
                            0x01376849
                            0x0137684c
                            0x0137684f
                            0x0137684f
                            0x00000000
                            0x0137683b
                            0x0137682e
                            0x013767f1
                            0x013bf33b
                            0x013bf347
                            0x013bf34c
                            0x00000000
                            0x013bf34c
                            0x013767c5
                            0x013767ce
                            0x013767d6
                            0x00000000
                            0x01375f10
                            0x01375f10
                            0x01375f14
                            0x01375f16
                            0x01375f21
                            0x01375f27
                            0x01375f27
                            0x01375f27
                            0x01375f29
                            0x01375f2d
                            0x01375fc4
                            0x01375fc4
                            0x01375fc7
                            0x01375fc9
                            0x01376109
                            0x01376112
                            0x01376117
                            0x00000000
                            0x01375f33
                            0x01375f33
                            0x01375f3a
                            0x01375f90
                            0x01375f90
                            0x01375f96
                            0x01375f96
                            0x01375f96
                            0x01375f9a
                            0x01375fc0
                            0x01375fc0
                            0x00000000
                            0x01375fc0
                            0x01375f9c
                            0x01375fa6
                            0x01375fae
                            0x01375fb2
                            0x01375fb4
                            0x01375fb7
                            0x01375fba
                            0x01376db9
                            0x01376dbd
                            0x013bf328
                            0x013bf329
                            0x013bf32e
                            0x013bf32e
                            0x01376dc3
                            0x01376dc3
                            0x01376dc6
                            0x01376e18
                            0x01376dc8
                            0x01376dc8
                            0x01376dc8
                            0x01376dcd
                            0x01376dd0
                            0x01376dd3
                            0x01376dd8
                            0x01376ddc
                            0x01376ddf
                            0x00000000
                            0x00000000
                            0x01376e1f
                            0x01376e21
                            0x01376e21
                            0x01376de1
                            0x01376de5
                            0x01376dec
                            0x01376dec
                            0x01376de5
                            0x00000000
                            0x01375fba
                            0x01375f3c
                            0x01375f42
                            0x01375f48
                            0x01375f4e
                            0x01375f50
                            0x01375f66
                            0x01375f68
                            0x01375f6e
                            0x0137625a
                            0x0137625a
                            0x01375f74
                            0x01375f74
                            0x01375f7a
                            0x01375f80
                            0x01375f8a
                            0x01376ba0
                            0x01376ba7
                            0x01376bee
                            0x01376bee
                            0x01376bb7
                            0x01376bb7
                            0x01376bbd
                            0x01376c13
                            0x01376c19
                            0x01376c1e
                            0x01376c1e
                            0x01376c19
                            0x01376bbf
                            0x01376bc9
                            0x00000000
                            0x01376bc9
                            0x01376ba9
                            0x01376bb0
                            0x00000000
                            0x00000000
                            0x01376bb2
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x01375f8a
                            0x01375f2d
                            0x01375b99
                            0x01375b99
                            0x01375b9c
                            0x013765fd
                            0x01376605
                            0x01376608
                            0x0137660b
                            0x0137660e
                            0x013bef07
                            0x013bef0b
                            0x01376614
                            0x01376614
                            0x01376614
                            0x00000000
                            0x0137660e
                            0x01375ba2
                            0x01375ba6
                            0x013769a2
                            0x01375bac
                            0x01375bac
                            0x01375bac
                            0x01375bac
                            0x01375bae
                            0x01375bb1
                            0x01375bb4
                            0x01375bb6
                            0x013760e0
                            0x013760e2
                            0x01375bbc
                            0x01375bbc
                            0x01375bbe
                            0x01375bbe
                            0x01375bc1
                            0x01375bc7
                            0x01375bcd
                            0x01375bd0
                            0x01375bda
                            0x01375bdd
                            0x01375be9
                            0x01375bf0
                            0x01375bf3
                            0x013760f2
                            0x013760f3
                            0x013760f6
                            0x013760f9
                            0x013760fe
                            0x013bef14
                            0x013bef21
                            0x013bef26
                            0x013bef29
                            0x013bef29
                            0x01375bf9
                            0x01375bf9
                            0x01375bf9
                            0x01375bf9
                            0x01375bfb
                            0x01375bfe
                            0x01375c01
                            0x01375c05
                            0x01375c10
                            0x01375c10
                            0x01375c1c
                            0x01375c1f
                            0x01375c21
                            0x00000000
                            0x00000000
                            0x01376c26
                            0x01376c2a
                            0x01376c2f
                            0x01376c31
                            0x01376c3f
                            0x01376c44
                            0x01376c46
                            0x013bf050
                            0x013bf056
                            0x013bf056
                            0x01376c4c
                            0x01376c4c
                            0x01376c4f
                            0x01376c4f
                            0x01376c52
                            0x01376c57
                            0x01376c5a
                            0x01376c5a
                            0x01376c5d
                            0x01376c60
                            0x01376c65
                            0x01376c65
                            0x01376c68
                            0x01376c68
                            0x01376c6b
                            0x013bf2b0
                            0x013bf2b0
                            0x013bf2b5
                            0x013bf2bb
                            0x013bf2c0
                            0x00000000
                            0x01376c71
                            0x01376c71
                            0x01376c73
                            0x00000000
                            0x00000000
                            0x01376c7c
                            0x01376c7f
                            0x01376c85
                            0x01376c87
                            0x01376cbe
                            0x01376cbe
                            0x01376cc1
                            0x01376cc4
                            0x01376cc6
                            0x01376cc9
                            0x01376ccd
                            0x013bf06b
                            0x013bf070
                            0x013bf072
                            0x00000000
                            0x00000000
                            0x013bf081
                            0x013bf083
                            0x013bf2c5
                            0x013bf2c5
                            0x013bf2c9
                            0x013bf2cd
                            0x013bf2de
                            0x013bf2e8
                            0x013bf2f2
                            0x013bf2f9
                            0x013bf309
                            0x00000000
                            0x013bf309
                            0x013bf2cf
                            0x013bf2d6
                            0x00000000
                            0x013bf2d6
                            0x01376cd3
                            0x01376cd3
                            0x01376cd7
                            0x01376cda
                            0x01376cdd
                            0x01376cdf
                            0x013bf08d
                            0x013bf090
                            0x013bf093
                            0x013bf095
                            0x013bf09b
                            0x013bf0a1
                            0x013bf0a8
                            0x013bf0ae
                            0x013bf0b2
                            0x013bf0b4
                            0x013bf0b7
                            0x013bf0b9
                            0x013bf0b9
                            0x013bf0bc
                            0x013bf0bc
                            0x013bf0b7
                            0x013bf0cc
                            0x013bf0d1
                            0x013bf0d4
                            0x013bf0da
                            0x013bf156
                            0x013bf0dc
                            0x013bf0dc
                            0x013bf0e3
                            0x013bf0e7
                            0x013bf109
                            0x013bf10e
                            0x013bf113
                            0x013bf0e9
                            0x013bf0ff
                            0x013bf104
                            0x013bf104
                            0x013bf121
                            0x013bf128
                            0x013bf12d
                            0x013bf130
                            0x013bf136
                            0x013bf139
                            0x013bf13d
                            0x013bf13f
                            0x013bf146
                            0x013bf14c
                            0x013bf14d
                            0x013bf14d
                            0x013bf13d
                            0x013bf159
                            0x013bf159
                            0x013bf095
                            0x01376ce8
                            0x01376cee
                            0x01376cf0
                            0x01376cf3
                            0x01376cf9
                            0x01376cfc
                            0x01376d02
                            0x013bf2a6
                            0x00000000
                            0x01376d08
                            0x01376d08
                            0x01376d0b
                            0x01376d15
                            0x01376d1a
                            0x01376d1c
                            0x013bf1bd
                            0x013bf1c0
                            0x013bf1c4
                            0x013bf1c8
                            0x013bf1d7
                            0x013bf1db
                            0x013bf1e0
                            0x013bf1e0
                            0x013bf1e0
                            0x013bf1e0
                            0x013bf1e4
                            0x013bf1ea
                            0x013bf1f1
                            0x013bf206
                            0x013bf1f3
                            0x013bf1fc
                            0x013bf1fe
                            0x013bf1fe
                            0x013bf208
                            0x013bf208
                            0x013bf20a
                            0x00000000
                            0x00000000
                            0x013bf20c
                            0x013bf210
                            0x013bf225
                            0x013bf212
                            0x013bf212
                            0x013bf215
                            0x013bf218
                            0x013bf21b
                            0x013bf21d
                            0x013bf220
                            0x013bf220
                            0x013bf21b
                            0x013bf229
                            0x013bf233
                            0x013bf235
                            0x00000000
                            0x013bf237
                            0x013bf237
                            0x013bf239
                            0x00000000
                            0x013bf239
                            0x013bf235
                            0x013bf241
                            0x013bf241
                            0x013bf244
                            0x013bf247
                            0x013bf249
                            0x013bf24b
                            0x013bf259
                            0x013bf25e
                            0x013bf263
                            0x013bf24d
                            0x013bf24d
                            0x013bf24f
                            0x013bf252
                            0x013bf254
                            0x013bf254
                            0x013bf26b
                            0x013bf26e
                            0x013bf274
                            0x013bf276
                            0x01375eb6
                            0x01375eb6
                            0x01375eba
                            0x01375ec4
                            0x01375eca
                            0x01375eca
                            0x01375eca
                            0x01375ecc
                            0x01375ecc
                            0x01375ed0
                            0x00000000
                            0x013bf27c
                            0x013bf27c
                            0x013bf27f
                            0x013bf27f
                            0x013bf282
                            0x00000000
                            0x00000000
                            0x013bf288
                            0x013bf28a
                            0x013bf28c
                            0x013bf29d
                            0x00000000
                            0x013bf29d
                            0x013bf291
                            0x013bf291
                            0x013bf292
                            0x013bf292
                            0x01376991
                            0x01376998
                            0x00000000
                            0x01376998
                            0x013bf284
                            0x00000000
                            0x013bf284
                            0x013bf276
                            0x01376d22
                            0x01376d25
                            0x01376d28
                            0x01376d2e
                            0x01376d35
                            0x013bf161
                            0x01376d3b
                            0x01376d44
                            0x01376d46
                            0x01376d46
                            0x01376d50
                            0x01376d50
                            0x01376d52
                            0x00000000
                            0x00000000
                            0x013bf168
                            0x013bf16c
                            0x013bf181
                            0x013bf16e
                            0x013bf16e
                            0x013bf171
                            0x013bf174
                            0x013bf177
                            0x013bf179
                            0x013bf17c
                            0x013bf17c
                            0x013bf177
                            0x013bf185
                            0x013bf18f
                            0x013bf191
                            0x00000000
                            0x013bf197
                            0x013bf197
                            0x013bf199
                            0x00000000
                            0x013bf199
                            0x013bf191
                            0x01376d58
                            0x01376d58
                            0x01376d5b
                            0x01376d5e
                            0x01376d60
                            0x01376d62
                            0x013bf1a4
                            0x013bf1ae
                            0x01376d68
                            0x01376d68
                            0x01376d6a
                            0x01376d6d
                            0x01376d6f
                            0x01376d6f
                            0x01376d75
                            0x01376d78
                            0x01376d7e
                            0x01376d80
                            0x00000000
                            0x01376d86
                            0x01376d86
                            0x01376d90
                            0x01376d90
                            0x01376d93
                            0x00000000
                            0x00000000
                            0x01376d99
                            0x01376d9b
                            0x01376d9d
                            0x01376db5
                            0x00000000
                            0x01376db5
                            0x01376da2
                            0x01376da2
                            0x01376da3
                            0x01376da3
                            0x00000000
                            0x01376da3
                            0x01376e14
                            0x00000000
                            0x01376e14
                            0x01376d80
                            0x01376d02
                            0x01376c89
                            0x01376c90
                            0x01376c90
                            0x01376c93
                            0x00000000
                            0x00000000
                            0x01376c99
                            0x01376c9b
                            0x01376c9d
                            0x01376dae
                            0x00000000
                            0x01376dae
                            0x01376ca6
                            0x01376ca6
                            0x01376ca7
                            0x01376ca7
                            0x01376cb6
                            0x01376cbb
                            0x00000000
                            0x01376cbb
                            0x013bf060
                            0x00000000
                            0x013bf060
                            0x01376c6b
                            0x01375c27
                            0x01375c2a
                            0x01375c34
                            0x01375c38
                            0x01375c3a
                            0x013768de
                            0x013768e1
                            0x013768e5
                            0x013768e9
                            0x013bf00d
                            0x013bf011
                            0x013bf016
                            0x013bf016
                            0x013768ef
                            0x013768f5
                            0x013768fc
                            0x013bf01f
                            0x01376902
                            0x0137690b
                            0x0137690d
                            0x0137690d
                            0x01376913
                            0x01376913
                            0x01376915
                            0x00000000
                            0x00000000
                            0x01376917
                            0x0137691b
                            0x013bf026
                            0x01376921
                            0x01376921
                            0x01376924
                            0x0137692a
                            0x0137692d
                            0x0137692f
                            0x0137692f
                            0x01376932
                            0x01376932
                            0x0137692d
                            0x01376938
                            0x01376942
                            0x01376944
                            0x013bf02f
                            0x013bf031
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x01376944
                            0x0137694a
                            0x0137694a
                            0x0137694d
                            0x01376950
                            0x01376952
                            0x01376954
                            0x013bf03c
                            0x013bf046
                            0x0137695a
                            0x0137695a
                            0x0137695c
                            0x0137695f
                            0x01376961
                            0x01376961
                            0x01376967
                            0x0137696a
                            0x01376970
                            0x01376972
                            0x00000000
                            0x01376978
                            0x01376978
                            0x01376980
                            0x01376980
                            0x01376983
                            0x00000000
                            0x00000000
                            0x01376b8a
                            0x01376b8c
                            0x01376b8e
                            0x01376b9a
                            0x0137698b
                            0x0137698b
                            0x00000000
                            0x0137698b
                            0x01376b90
                            0x01376b90
                            0x01376989
                            0x00000000
                            0x01376989
                            0x01376972
                            0x01375c40
                            0x01375c43
                            0x01375c46
                            0x01375c4c
                            0x01375c52
                            0x01375c55
                            0x01375c57
                            0x013befa2
                            0x00000000
                            0x01375c60
                            0x01375c60
                            0x01375c60
                            0x01375c63
                            0x01375c65
                            0x01375c6b
                            0x01375c71
                            0x01375c71
                            0x01375c71
                            0x01375dcb
                            0x01375dcd
                            0x01375dcf
                            0x01376242
                            0x01376242
                            0x01376243
                            0x01376243
                            0x00000000
                            0x01375dd5
                            0x01375dd5
                            0x01375dd7
                            0x00000000
                            0x01375dd7
                            0x01375dcf
                            0x01375c73
                            0x01375c79
                            0x01375c7e
                            0x01375c81
                            0x01375c84
                            0x01375c87
                            0x01375c89
                            0x013764c3
                            0x01375c8f
                            0x01375c8f
                            0x01375c92
                            0x01375c95
                            0x01375c97
                            0x01375c9d
                            0x01375ca0
                            0x01375ca3
                            0x01375ca8
                            0x01375caa
                            0x01375cb0
                            0x01375cb3
                            0x01375cb9
                            0x01375cc8
                            0x01375ccd
                            0x01375ccf
                            0x013bef31
                            0x013bef40
                            0x013bef48
                            0x01375cd5
                            0x01375cd5
                            0x01375cd5
                            0x01375cd8
                            0x01375cd8
                            0x01375ce1
                            0x01375ce3
                            0x01375ce9
                            0x01375ceb
                            0x01375ddf
                            0x01375de1
                            0x01375de1
                            0x01375cf1
                            0x01375cf3
                            0x01375cf6
                            0x01375cf9
                            0x01375cfb
                            0x01375d01
                            0x01375d04
                            0x01375d07
                            0x01375d0c
                            0x01375d0e
                            0x01375d14
                            0x01375d17
                            0x01375d1d
                            0x01375d2c
                            0x01375d31
                            0x01375d33
                            0x013bef50
                            0x013bef5f
                            0x013bef67
                            0x01375d39
                            0x01375d39
                            0x01375d39
                            0x01375d3c
                            0x01375d3c
                            0x01375d45
                            0x01375d47
                            0x01375d4d
                            0x01375d4f
                            0x01375d52
                            0x013764ca
                            0x01375de4
                            0x01375de4
                            0x01375de6
                            0x013762de
                            0x013762de
                            0x013762e0
                            0x013762e3
                            0x00000000
                            0x013762e3
                            0x01375dec
                            0x01375df2
                            0x01375df2
                            0x01375df5
                            0x01375df5
                            0x01375df7
                            0x00000000
                            0x00000000
                            0x01376027
                            0x0137602b
                            0x013befa9
                            0x01376031
                            0x01376031
                            0x01376034
                            0x0137603a
                            0x0137603d
                            0x0137603f
                            0x0137603f
                            0x01376042
                            0x01376042
                            0x0137603d
                            0x01376048
                            0x01376052
                            0x01376054
                            0x00000000
                            0x0137605a
                            0x013befb2
                            0x013befb4
                            0x00000000
                            0x013befb4
                            0x01376054
                            0x01375dfd
                            0x01375dfd
                            0x01375e00
                            0x01375e03
                            0x01375e05
                            0x01375e07
                            0x013befbf
                            0x013befc9
                            0x01375e0d
                            0x01375e0d
                            0x01375e0f
                            0x01375e12
                            0x01375e14
                            0x01375e14
                            0x01375e1a
                            0x01375e1d
                            0x01375e23
                            0x01375e26
                            0x01375e28
                            0x00000000
                            0x01375e2e
                            0x01375e2e
                            0x01375e31
                            0x01375e31
                            0x01375e34
                            0x01375e36
                            0x00000000
                            0x00000000
                            0x01376013
                            0x01376015
                            0x01376017
                            0x0137624e
                            0x0137624f
                            0x01375e44
                            0x01375e44
                            0x01375e49
                            0x01375e4c
                            0x01375e4f
                            0x01375e53
                            0x013befd6
                            0x01375e59
                            0x01375e59
                            0x01375e59
                            0x01375e5c
                            0x01375e68
                            0x01375e6f
                            0x01375e72
                            0x01375e75
                            0x0137623a
                            0x0137623a
                            0x01375e7b
                            0x01375e7e
                            0x01375e80
                            0x01376265
                            0x01376268
                            0x0137626b
                            0x0137626d
                            0x01376276
                            0x01376279
                            0x0137627d
                            0x01376280
                            0x01376285
                            0x01376287
                            0x0137628d
                            0x01376290
                            0x01376296
                            0x013762a5
                            0x013762aa
                            0x013762ac
                            0x013befde
                            0x013befed
                            0x013beff8
                            0x013beff8
                            0x013762b2
                            0x013762b5
                            0x013762b5
                            0x013762be
                            0x013762c0
                            0x013762c6
                            0x013762c8
                            0x00000000
                            0x013762ce
                            0x00000000
                            0x013762ce
                            0x01375e86
                            0x01375e86
                            0x01375e89
                            0x01375e8f
                            0x01375e92
                            0x01375e92
                            0x01375e96
                            0x01375e9a
                            0x01375ea0
                            0x01375eb0
                            0x01375eb0
                            0x01375eb3
                            0x01375eb3
                            0x01375eb3
                            0x01375eb3
                            0x00000000
                            0x01375e96
                            0x01375e80
                            0x0137601d
                            0x0137601f
                            0x0137601f
                            0x01375e3c
                            0x01375e42
                            0x00000000
                            0x01375e42
                            0x01375e28
                            0x01375d58
                            0x01375d5a
                            0x01376123
                            0x01376126
                            0x00000000
                            0x00000000
                            0x0137612c
                            0x0137612f
                            0x013bef74
                            0x013bef74
                            0x0137613b
                            0x0137613e
                            0x0137613e
                            0x01376141
                            0x01376143
                            0x00000000
                            0x00000000
                            0x01376149
                            0x0137614c
                            0x0137614f
                            0x01376151
                            0x01376157
                            0x0137615a
                            0x0137615d
                            0x01376162
                            0x01376164
                            0x0137616a
                            0x0137616d
                            0x01376173
                            0x01376182
                            0x01376187
                            0x01376189
                            0x013bef7c
                            0x013bef8b
                            0x013bef93
                            0x0137618f
                            0x0137618f
                            0x0137618f
                            0x01376192
                            0x01376192
                            0x0137619b
                            0x0137619d
                            0x013761a3
                            0x013761a5
                            0x013768d2
                            0x00000000
                            0x013761ab
                            0x013761ab
                            0x013761ae
                            0x00000000
                            0x013761ae
                            0x013761a5
                            0x00000000
                            0x0137613e
                            0x01375d60
                            0x01375d63
                            0x01375d70
                            0x01375d76
                            0x01375d86
                            0x01375d8e
                            0x01375d8e
                            0x01375d90
                            0x01375d93
                            0x01375d93
                            0x01375d99
                            0x01375d9f
                            0x01375da1
                            0x00000000
                            0x00000000
                            0x01375da7
                            0x01375da9
                            0x013762d3
                            0x013762d5
                            0x00000000
                            0x00000000
                            0x013762db
                            0x00000000
                            0x01375daf
                            0x01375daf
                            0x01375db2
                            0x01375db4
                            0x00000000
                            0x01375db4
                            0x01375da9
                            0x0137608e
                            0x01376091
                            0x013761f3
                            0x013761f6
                            0x013761f8
                            0x013764bb
                            0x013761fe
                            0x01376201
                            0x01376208
                            0x01376208
                            0x01376097
                            0x01376097
                            0x0137609a
                            0x0137609c
                            0x013762f8
                            0x013760a2
                            0x013760a2
                            0x013760a2
                            0x0137609c
                            0x013760ac
                            0x013760ae
                            0x013760b4
                            0x013760b7
                            0x013760bb
                            0x013bef9b
                            0x013bef9b
                            0x013760c4
                            0x013760c4
                            0x01375ceb
                            0x00000000
                            0x01375c89
                            0x01375c57
                            0x01375b93
                            0x01375b59
                            0x0137658b
                            0x01376590
                            0x01376590
                            0x01376590
                            0x01376593
                            0x01376595
                            0x00000000
                            0x00000000
                            0x01376597
                            0x01376599
                            0x0137659c
                            0x0137659e
                            0x013765a1
                            0x013765a8
                            0x013765a8
                            0x00000000
                            0x013765a8
                            0x013765a3
                            0x013765a3
                            0x013765ab
                            0x013765b6
                            0x013765be
                            0x013765c3
                            0x00000000
                            0x013765c3
                            0x01375991
                            0x01375994
                            0x01375997
                            0x0137599b
                            0x013759a0
                            0x013759aa
                            0x013759ad
                            0x013bed6f
                            0x013bed74
                            0x013bed74
                            0x013759ad
                            0x013759b3
                            0x013759b6
                            0x013759b9
                            0x013bedd9
                            0x013beddd
                            0x013bedeb
                            0x013bedf1
                            0x013bedf1
                            0x00000000
                            0x013beddd
                            0x013759bf
                            0x013759bf
                            0x013759c2
                            0x013759c5
                            0x013759c7
                            0x013759cd
                            0x013759d0
                            0x013759d6
                            0x013759d8
                            0x013759db
                            0x013759dd
                            0x013bedbd
                            0x013bedbd
                            0x013bedc0
                            0x013bedc6
                            0x013bedcb
                            0x013bedd0
                            0x00000000
                            0x013bedd0
                            0x013759e3
                            0x013759e6
                            0x013759e8
                            0x00000000
                            0x00000000
                            0x013759ee
                            0x013759f1
                            0x013759f7
                            0x013759fa
                            0x013759fc
                            0x01375b23
                            0x01375b23
                            0x01375b29
                            0x01375b2f
                            0x01375b31
                            0x01375b34
                            0x01375b38
                            0x0137689f
                            0x013768a4
                            0x013768a6
                            0x00000000
                            0x00000000
                            0x013bedad
                            0x013bedaf
                            0x013bedb4
                            0x00000000
                            0x013bedb4
                            0x01375b3e
                            0x01375b3e
                            0x00000000
                            0x01375a02
                            0x01375a02
                            0x01375a05
                            0x01375a05
                            0x01375a08
                            0x01375a0a
                            0x00000000
                            0x00000000
                            0x01375db7
                            0x01375db9
                            0x01375dbb
                            0x01376218
                            0x01376218
                            0x00000000
                            0x01375dc1
                            0x01375dc1
                            0x01375dc3
                            0x00000000
                            0x01375dc3
                            0x01375dbb
                            0x01375a10
                            0x01375a19
                            0x01375a1e
                            0x01375a21
                            0x01375a24
                            0x01375a28
                            0x013bed7e
                            0x01375a2e
                            0x01375a2e
                            0x01375a2e
                            0x01375a30
                            0x01375a37
                            0x01375a3d
                            0x01375a3f
                            0x01375a44
                            0x01375a47
                            0x01375a4a
                            0x01375a4d
                            0x01375a4d
                            0x01375a50
                            0x01375a53
                            0x01375a55
                            0x01376210
                            0x01376210
                            0x01375a5e
                            0x01375a61
                            0x00000000
                            0x01375a67
                            0x01375a67
                            0x01375a6d
                            0x01375a70
                            0x01375a72
                            0x01375a75
                            0x01375a75
                            0x01375a7e
                            0x01375a84
                            0x01375a87
                            0x01375a89
                            0x01375a8c
                            0x01376220
                            0x01376223
                            0x01376226
                            0x01376229
                            0x013765e5
                            0x00000000
                            0x013765e5
                            0x0137622f
                            0x01375b08
                            0x01375b08
                            0x01375b1b
                            0x01375b20
                            0x01375b20
                            0x01375b20
                            0x00000000
                            0x01375b20
                            0x01375a92
                            0x01375a95
                            0x01375a98
                            0x01375afb
                            0x01375b01
                            0x00000000
                            0x01375b01
                            0x01375a9a
                            0x01375a9d
                            0x01375aa0
                            0x01375aa2
                            0x01375aa8
                            0x01375aab
                            0x01375aaf
                            0x01375ab4
                            0x01375ab6
                            0x01375abc
                            0x01375abf
                            0x01375ac2
                            0x01375ad1
                            0x01375ad6
                            0x01375ad8
                            0x013bed86
                            0x013bed95
                            0x013bed9d
                            0x013bed9d
                            0x01375ade
                            0x01375ae1
                            0x01375ae1
                            0x01375aea
                            0x01375aea
                            0x01375aec
                            0x01375af2
                            0x013764f8
                            0x013764fb
                            0x00000000
                            0x01375af8
                            0x01375af8
                            0x00000000
                            0x01375af8
                            0x01375af2
                            0x01375a61
                            0x013759fc
                            0x013758d4
                            0x013758cc
                            0x013768c0
                            0x013768c0
                            0x00000000
                            0x013768c0
                            0x013757ed
                            0x013761c0
                            0x013761c2
                            0x013761c2
                            0x00000000
                            0x013757e0
                            0x013757b7
                            0x013757bb
                            0x01376307
                            0x0137630a
                            0x0137630d
                            0x01376311
                            0x01376316
                            0x01376320
                            0x01376323
                            0x013bec54
                            0x013bec59
                            0x013bec59
                            0x01376323
                            0x01376329
                            0x01376329
                            0x0137632c
                            0x01376332
                            0x01376334
                            0x01376337
                            0x0137633a
                            0x0137633d
                            0x0137633f
                            0x01376342
                            0x01376344
                            0x013becc0
                            0x013becc0
                            0x013becc6
                            0x013beccb
                            0x00000000
                            0x0137634a
                            0x0137634a
                            0x0137634c
                            0x00000000
                            0x00000000
                            0x01376355
                            0x01376358
                            0x0137635e
                            0x01376361
                            0x01376363
                            0x01376496
                            0x01376496
                            0x01376499
                            0x0137649c
                            0x0137649e
                            0x013764a1
                            0x013764a5
                            0x01376c01
                            0x01376c06
                            0x01376c08
                            0x00000000
                            0x00000000
                            0x013becb7
                            0x013becb9
                            0x013becd0
                            0x013becd0
                            0x013becda
                            0x013bece4
                            0x013beceb
                            0x013becfb
                            0x00000000
                            0x013becfb
                            0x013764ab
                            0x013764ab
                            0x00000000
                            0x013764ab
                            0x01376369
                            0x01376370
                            0x01376370
                            0x01376373
                            0x01376375
                            0x00000000
                            0x00000000
                            0x01376718
                            0x0137671a
                            0x0137671c
                            0x013bec63
                            0x013bec63
                            0x00000000
                            0x013bec63
                            0x01376722
                            0x01376724
                            0x01376724
                            0x0137637b
                            0x01376384
                            0x01376389
                            0x0137638c
                            0x0137638f
                            0x01376393
                            0x013bec6b
                            0x01376399
                            0x01376399
                            0x01376399
                            0x0137639b
                            0x013763a2
                            0x013763a8
                            0x013763aa
                            0x013763af
                            0x013763b5
                            0x013763b8
                            0x013763bb
                            0x013763be
                            0x013763be
                            0x013763c1
                            0x013763c4
                            0x013763c6
                            0x01376bf5
                            0x01376bf5
                            0x013763d2
                            0x013763d8
                            0x00000000
                            0x013763de
                            0x013763de
                            0x013763e4
                            0x013763e7
                            0x013765ec
                            0x013765ef
                            0x013765f2
                            0x013765f2
                            0x013763ed
                            0x013763f0
                            0x013763f9
                            0x013763fc
                            0x013763ff
                            0x01376402
                            0x013bec95
                            0x013bec98
                            0x013bec9b
                            0x013beca4
                            0x00000000
                            0x013beca4
                            0x013bec9d
                            0x00000000
                            0x01376408
                            0x01376408
                            0x0137640b
                            0x0137646e
                            0x01376474
                            0x0137647b
                            0x0137647b
                            0x0137648e
                            0x01376493
                            0x01376493
                            0x01376493
                            0x00000000
                            0x01376493
                            0x0137640d
                            0x01376410
                            0x01376413
                            0x01376415
                            0x0137641b
                            0x0137641e
                            0x01376422
                            0x01376427
                            0x01376429
                            0x0137642f
                            0x01376432
                            0x01376438
                            0x01376447
                            0x0137644c
                            0x0137644e
                            0x013bec73
                            0x013bec82
                            0x013bec8d
                            0x013bec8d
                            0x01376454
                            0x01376454
                            0x0137645d
                            0x0137645d
                            0x0137645f
                            0x01376465
                            0x01376706
                            0x01376709
                            0x00000000
                            0x0137646b
                            0x0137646b
                            0x00000000
                            0x0137646b
                            0x01376465
                            0x01376402
                            0x013763d8
                            0x01376344
                            0x00000000
                            0x013757bb
                            0x0137572e
                            0x01375731
                            0x01376509
                            0x0137650f
                            0x00000000
                            0x00000000
                            0x01376515
                            0x0137651c
                            0x013bec26
                            0x013bec2d
                            0x00000000
                            0x00000000
                            0x013bec33
                            0x01376522
                            0x01376529
                            0x0137652f
                            0x0137652f
                            0x00000000
                            0x01376529
                            0x01375737
                            0x0137573d
                            0x00000000
                            0x00000000
                            0x0137574a
                            0x0137574c
                            0x01375755
                            0x01375758
                            0x01375764
                            0x013757ad
                            0x013757ad
                            0x00000000
                            0x013757ad
                            0x0137576c
                            0x0137576f
                            0x01375775
                            0x01375779
                            0x01375783
                            0x013766a6
                            0x013766a6
                            0x013766a9
                            0x013766ab
                            0x013bec38
                            0x013766b1
                            0x013766b1
                            0x013766b1
                            0x013766b3
                            0x013766ba
                            0x013769ac
                            0x013766c0
                            0x013766c0
                            0x013766c0
                            0x013766cb
                            0x013766ce
                            0x013766d3
                            0x013766d6
                            0x013769b3
                            0x013769ba
                            0x013bec42
                            0x013bec49
                            0x00000000
                            0x00000000
                            0x013bec4f
                            0x013769c0
                            0x013766dc
                            0x013766dc
                            0x013766df
                            0x013766ea
                            0x013766ed
                            0x013766ef
                            0x013766ef
                            0x00000000
                            0x013766d6
                            0x0137578f
                            0x0137669c
                            0x00000000
                            0x013757a3
                            0x013757a3
                            0x00000000
                            0x013757a3
                            0x013756c4
                            0x013756c4
                            0x013756ca
                            0x013756d4
                            0x013756d9
                            0x01376856
                            0x01376859
                            0x0137685c
                            0x013768c7
                            0x00000000
                            0x013768c7
                            0x0137685e
                            0x01376868
                            0x0137686f
                            0x013bebf3
                            0x013bebfd
                            0x013bec07
                            0x013bec0e
                            0x013bec1e
                            0x01375fcf
                            0x01375fcf
                            0x01375fd6
                            0x01375fe1
                            0x01375fe4
                            0x01375fe6
                            0x013bf58f
                            0x013bf592
                            0x00000000
                            0x00000000
                            0x013bf5a1
                            0x01375ff1
                            0x01375ff1
                            0x01375ff4
                            0x01375ff7
                            0x013bf5ab
                            0x013bf5ad
                            0x013bf5b3
                            0x013bf5b6
                            0x013bf5b8
                            0x013bf5c9
                            0x013bf5c9
                            0x013bf5b8
                            0x013bf5ad
                            0x01375ffd
                            0x01375fff
                            0x01376002
                            0x01376010
                            0x01376010
                            0x01375fec
                            0x01375fec
                            0x00000000
                            0x01375fec
                            0x01376875
                            0x01376885
                            0x0137688f
                            0x01376891
                            0x00000000
                            0x013756df
                            0x013756df
                            0x013756e2
                            0x013756e5
                            0x013756ec
                            0x013756ec
                            0x013756f6
                            0x013756fc
                            0x013756fc
                            0x01375700
                            0x0137570b
                            0x013769cc
                            0x013769ce
                            0x013769ce
                            0x01375711
                            0x00000000
                            0x01375711
                            0x013756d9
                            0x013756c2

                            Strings
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                            • API String ID: 0-3178619729
                            • Opcode ID: 6b3374ea0e273cd182201317c4b056d19e27a009c6ceead6e7c4be898698b175
                            • Instruction ID: 6d68b6f2b1bfd449eefa4abcecd10ca63580c50f686ee5abc316ef32c3441251
                            • Opcode Fuzzy Hash: 6b3374ea0e273cd182201317c4b056d19e27a009c6ceead6e7c4be898698b175
                            • Instruction Fuzzy Hash: 0623C070A00659DFEB29CF68C490BADBBF5FF49308F1481A9D549AB741D738A845CF50
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0138701D Relevance: 5.6, Strings: 4, Instructions: 569COMMONCrypto
                            Download Yara Rule
                            C-Code - Quality: 82%
                            			E0138701D(void* __ebx, signed int __ecx, signed int __edx, void* __edi, void* __esi, void* __eflags) {
				short _t253;
				short _t254;
				signed int* _t256;
				signed int* _t257;
				signed int _t258;
				signed char* _t259;
				signed int* _t261;
				signed int _t263;
				signed int* _t267;
				signed int _t268;
				signed int _t275;
				signed char _t281;
				signed int _t290;
				signed int _t298;
				signed int _t299;
				signed int _t300;
				signed int _t302;
				signed int _t303;
				signed int _t304;
				signed short _t308;
				signed int _t312;
				signed int _t319;
				signed int _t320;
				signed int _t321;
				signed int _t339;
				signed int _t348;
				signed int _t351;
				short _t357;
				signed char _t363;
				signed int _t366;
				signed char _t369;
				void* _t370;
				signed int _t371;
				signed int _t375;
				signed int _t386;
				signed int _t389;
				signed int* _t391;
				signed int _t398;
				signed int _t399;
				signed int _t401;
				signed int _t409;
				intOrPtr _t410;
				signed int _t414;
				signed int _t415;
				void* _t417;
				void* _t418;
				void* _t419;
				signed int _t426;
				void* _t428;

				_push(0x338);
				_push(0x1430060);
				E013AD0E8(__ebx, __edi, __esi);
				 *(_t418 - 0x2f4) = __edx;
				 *(_t418 - 0x2e8) = __ecx;
				 *(_t418 - 0x2f0) =  *(_t418 + 0xc);
				 *(_t418 - 0x304) =  *(_t418 + 0x14);
				 *(_t418 - 0x328) =  *(_t418 + 0x18);
				 *(_t418 - 0x30c) =  *(_t418 + 0x1c);
				 *(_t418 - 0x308) =  *(_t418 + 0x20);
				 *(_t418 - 0x2e4) = 0;
				 *((intOrPtr*)(_t418 - 0x31c)) = 0;
				 *((intOrPtr*)(_t418 - 0x318)) = 0;
				 *((intOrPtr*)(_t418 - 0x314)) = 0;
				 *((intOrPtr*)(_t418 - 0x310)) = 0;
				 *((char*)(_t418 - 0x2d9)) = 0;
				_t389 =  *(_t418 + 8);
				 *(_t418 - 0x334) = _t389 & 0x00000040;
				 *((char*)(_t418 - 0x2da)) = 0;
				 *((char*)(_t418 - 0x2db)) = 0;
				_t357 = 0x4a;
				 *((short*)(_t418 - 0x300)) = _t357;
				_t253 = 0x4c;
				 *((short*)(_t418 - 0x2fe)) = _t253;
				 *(_t418 - 0x2fc) = L"LdrpResSearchResourceMappedFile Enter";
				_t254 = 0x48;
				 *((short*)(_t418 - 0x348)) = _t254;
				 *((short*)(_t418 - 0x346)) = _t357;
				 *(_t418 - 0x344) = L"LdrpResSearchResourceMappedFile Exit";
				_t256 =  *( *[fs:0x30] + 0x50);
				if(_t256 != 0) {
					__eflags =  *_t256;
					if(__eflags == 0) {
						goto L1;
					}
					_t257 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
					L2:
					if(( *_t257 & 1) != 0) {
						_t258 = E01377D50();
						__eflags = _t258;
						if(_t258 == 0) {
							_t259 = 0x7ffe0384;
						} else {
							_t259 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
						}
						E013E6715(_t418 - 0x300,  *_t259 & 0x000000ff);
						_t389 =  *(_t418 + 8);
					}
					_t409 = 0;
					_t413 = _t389 & 0x00000080;
					if( *((intOrPtr*)(_t418 + 0x10)) == 3) {
						_t261 =  *(_t418 - 0x2f0);
						_t409 = _t261[2] & 0x0000ffff;
						 *(_t418 - 4) =  *(_t418 - 4) & 0x00000000;
						__eflags =  *_t261 & 0xffff0000;
						if(( *_t261 & 0xffff0000) != 0) {
							__eflags = E0139E490( *_t261, L"MUI");
							if(__eflags != 0) {
								goto L41;
							}
							_t263 = 1;
							L42:
							 *((char*)(_t418 - 0x2d9)) = _t263;
							 *(_t418 - 4) = 0xfffffffe;
							_t389 =  *(_t418 + 8);
							goto L4;
						}
						L41:
						_t263 = 0;
						__eflags = 0;
						goto L42;
					} else {
						L4:
						_t348 = _t413;
						if((_t389 & 0x00000010) == 0) {
							_t348 = _t413;
							__eflags =  *((intOrPtr*)(_t418 + 0x10)) - 1;
							if(__eflags < 0) {
								goto L5;
							}
							__eflags =  *((intOrPtr*)(_t418 + 0x10)) - 3;
							if(__eflags > 0) {
								goto L5;
							}
							_t351 =  *(_t418 - 0x2f0);
							if(__eflags != 0) {
								_t386 = 0;
							} else {
								_t386 =  *(_t351 + 8) & 0x0000ffff;
							}
							__eflags =  *_t351 - 0x10;
							if( *_t351 != 0x10) {
								__eflags =  *_t351 - 0x18;
								if( *_t351 == 0x18) {
									goto L55;
								}
								__eflags =  *((char*)(_t418 - 0x2d9));
								if(__eflags == 0) {
									goto L56;
								}
								goto L55;
							} else {
								L55:
								__eflags =  !_t389 & 0x00000008;
								if(__eflags != 0) {
									__eflags = _t386;
									if(__eflags != 0) {
										__eflags = _t386 - 0x400;
										if(__eflags == 0) {
											goto L65;
										}
										__eflags = _t386 - 0x800;
										if(__eflags != 0) {
											goto L56;
										}
									}
									L65:
									_t389 = _t389 | 0x00000010;
									 *(_t418 + 8) = _t389;
									_t348 = _t413;
									goto L5;
								}
								L56:
								_push(1);
								_push(_t389);
								_push(0);
								_push( *(_t418 - 0x2f4));
								_push( *(_t418 - 0x2e8));
								_t339 = E013662A0(_t351, _t409, _t413, __eflags);
								 *(_t418 - 0x2d8) = _t339;
								__eflags = _t339;
								if(_t339 >= 0) {
									_t348 = E01357406( *(_t418 - 0x2e8), _t351, _t386,  *(_t418 + 8)) | _t413;
									L59:
									_t389 =  *(_t418 + 8);
									goto L5;
								}
								__eflags = _t339 - 0xc000008a;
								if(_t339 != 0xc000008a) {
									L95:
									_t363 = 1;
									L36:
									_t391 = 0x7ffe0385;
									_t96 = _t391 - 1; // 0x7ffe0384
									_t349 = _t96;
									_t267 =  *( *[fs:0x30] + 0x50);
									if(_t267 != 0) {
										__eflags =  *_t267;
										if( *_t267 != 0) {
											_t391 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
										}
									}
									if(( *_t391 & _t363) != 0) {
										_t268 = E01377D50();
										__eflags = _t268;
										if(_t268 != 0) {
											_t349 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
											__eflags =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
										}
										E013E6715(_t418 - 0x348,  *_t349 & 0x000000ff);
										goto L38;
									} else {
										L38:
										L39:
										return E013AD130(_t349, _t409, _t413);
									}
								}
								_t348 = _t413 | 0x00080000;
								__eflags = _t348;
								goto L59;
							}
						}
						L5:
						if((_t348 & 0x00060000) == 0x60000) {
							 *(_t418 - 0x2d8) = 0xc000008a;
							goto L95;
						}
						_t366 =  !_t348;
						_t275 =  !_t389;
						_t426 = _t275 & 0x00000010;
						asm("bt ecx, 0x13");
						asm("bt ecx, 0x11");
						 *(_t418 - 0x2d1) = _t426 != 0;
						 *(_t418 - 0x2d0) = 1;
						 *((short*)(_t418 - 0x2cc)) = 0;
						if(((_t389 & 0xffffff00 | _t426 != 0x00000000) & (_t275 & 0xffffff00 | _t426 > 0x00000000) & ((_t275 & 0xffffff00 | _t426 > 0x00000000) & 0xffffff00 | _t426 > 0x00000000)) != 0) {
							L43:
							_t281 =  *(_t418 + 8);
							__eflags = _t281 & 0x00000010;
							if((_t281 & 0x00000010) != 0) {
								__eflags = _t281 & 0x00000020;
								if(__eflags == 0) {
									goto L44;
								}
								L8:
								_t413 =  *(_t418 - 0x2e8);
								_t409 =  *(_t418 - 0x2f4);
								L9:
								_t398 =  *(_t418 + 8);
								L10:
								asm("bt eax, 0x12");
								asm("bt ebx, 0x13");
								if(((( !_t349 & 0xffffff00 | _t428 >= 0x00000000) & 0xffffff00 | (_t398 & 0x00000010) == 0x00000000) & (_t366 & 0xffffff00 | _t428 >= 0x00000000) & ( !_t349 & 0xffffff00 | _t428 >= 0x00000000)) == 0) {
									_push(_t418 - 0x314);
									_push(_t418 - 0x31c);
									_push(_t398);
									_push(_t409);
									_push(_t413);
									_t290 = E01387620(_t349, _t409, _t413, __eflags);
									__eflags = _t290;
									if(_t290 >= 0) {
										do {
											goto L11;
											L34:
										} while (_t409 < 0 && _t299 != 0);
										goto L36;
									}
									goto L39;
								}
								L11:
								asm("sbb al, al");
								_t369 =  !( ~(_t349 & 0x00020000)) &  *(_t418 - 0x2d1);
								 *(_t418 - 0x2d1) = _t369;
								 *(_t418 - 0x2e9) = _t369;
								 *(_t418 - 0x2dc) = _t369;
								_t409 = 0;
								 *(_t418 - 0x2d8) = 0;
								 *(_t418 - 0x2e0) =  *(_t418 - 0x2e0) & 0;
								 *(_t418 - 0x2f8) = 0;
								_t414 = 0;
								while(1) {
									 *(_t418 - 0x2fc) = _t414;
									if(_t414 >= ( *(_t418 - 0x2d0) & 0x0000ffff)) {
										break;
									}
									if(_t369 != 0) {
										 *(_t418 - 0x2e4) =  *(_t418 - 0x2e4) & 0x00000000;
										 *(_t418 - 0x2e0) =  *(_t418 - 0x2e0) & 0x00000000;
										_t302 =  *(_t418 + _t414 * 8 - 0x2cc) & 0x0000ffff;
										__eflags = _t302;
										if(_t302 != 0) {
											__eflags =  *((intOrPtr*)(_t418 + _t414 * 8 - 0x2c8)) - 0xa;
											if( *((intOrPtr*)(_t418 + _t414 * 8 - 0x2c8)) == 0xa) {
												L68:
												_t409 = 0xc000000d;
												 *(_t418 - 0x2d8) = 0xc000000d;
												L121:
												_t414 = _t414 + 1;
												continue;
											}
											 *(_t418 - 0x2f8) = _t302;
											__eflags = _t369;
											if(__eflags == 0) {
												goto L14;
											}
											_push(_t349 | 0x00001000);
											_push(_t418 - 0x2e0);
											_push(_t418 - 0x2e4);
											_push( *(_t418 - 0x2f8));
											_push( *(_t418 - 0x2e8));
											_t409 = E0136BA00(_t349, _t409, _t414, __eflags);
											 *(_t418 - 0x2d8) = _t409;
											__eflags = _t409;
											if(_t409 < 0) {
												__eflags = _t409 - 0xc0000034;
												if(_t409 == 0xc0000034) {
													L106:
													_t409 = 0xc00b0001;
													 *(_t418 - 0x2d8) = 0xc00b0001;
													L120:
													_t369 =  *(_t418 - 0x2d1);
													goto L121;
												}
												__eflags = _t409 - 0xc000003a;
												if(_t409 != 0xc000003a) {
													goto L120;
												}
												goto L106;
											}
											 *((char*)(_t418 - 0x2da)) = 1;
											__eflags =  *(_t418 - 0x2e0);
											if(__eflags == 0) {
												_push(1);
												_push(0x200);
												_push(_t418 - 0x2e0);
												_push( *(_t418 - 0x2e4));
												_t409 = E013884E0(_t349, _t409, _t414, __eflags);
												 *(_t418 - 0x2d8) = _t409;
											}
											_t298 =  *(_t418 + 8);
											__eflags = _t298 & 0x00001000;
											if(__eflags == 0) {
												L76:
												_push(_t418 - 0x310);
												_push(_t418 - 0x318);
												_push(_t298);
												_push( *(_t418 - 0x2e0));
												_push( *(_t418 - 0x2e4));
												_t409 = E01387620(_t349, _t409, _t414, __eflags);
												 *(_t418 - 0x2d8) = _t409;
												_t369 =  *(_t418 - 0x2d1);
												__eflags = _t409;
												if(_t409 >= 0) {
													goto L14;
												}
												goto L121;
											} else {
												__eflags = _t409;
												if(__eflags < 0) {
													_t369 =  *(_t418 - 0x2d1);
													_t413 =  *(_t418 - 0x2f0);
													L29:
													if(_t369 != 0) {
														__eflags = _t298 & 0x00200000;
														if((_t298 & 0x00200000) == 0) {
															E01384CD4( *(_t418 - 0x2e4),  *(_t418 - 0x2e0), _t413,  *((intOrPtr*)(_t418 + 0x10)));
														}
													}
													if(_t409 >= 0) {
														L49:
														_t299 =  *(_t418 - 0x2d1);
														goto L32;
													} else {
														_t371 =  *(_t418 - 0x2e9);
														_t299 = _t371;
														 *(_t418 - 0x2d1) = _t299;
														if(_t371 != 0) {
															__eflags =  *((char*)(_t418 - 0x2db));
															if( *((char*)(_t418 - 0x2db)) != 0) {
																L137:
																_t370 = 0;
																__eflags = _t349 & 0x00040000;
																if((_t349 & 0x00040000) != 0) {
																	_t299 = 0;
																	__eflags = 0;
																} else {
																	_t349 = _t349 | 0x00020000;
																	_t299 =  *(_t418 - 0x2dc);
																}
																 *(_t418 - 0x2d1) = _t299;
																L33:
																_t363 = _t370 + 1;
																goto L34;
															}
															__eflags =  *((char*)(_t418 - 0x2da));
															if( *((char*)(_t418 - 0x2da)) != 0) {
																goto L137;
															}
															_t300 = L01356398( *(_t418 - 0x2e8));
															__eflags = _t300;
															if(_t300 < 0) {
																goto L137;
															}
															_t349 = _t349 | 0x00400000;
															_t363 = 1;
															 *((char*)(_t418 - 0x2db)) = 1;
															_t299 =  *(_t418 - 0x2dc);
															 *(_t418 - 0x2d1) = _t299;
															goto L34;
														}
														L32:
														_t370 = 0;
														goto L33;
													}
												}
												goto L76;
											}
										}
										__eflags =  *((intOrPtr*)(_t418 + _t414 * 8 - 0x2c8)) - 2;
										if( *((intOrPtr*)(_t418 + _t414 * 8 - 0x2c8)) == 2) {
											goto L121;
										}
										goto L68;
									}
									L14:
									 *(_t418 - 0x32c) =  *(_t418 - 0x32c) & 0x00000000;
									if(_t369 != 0) {
										 *(_t418 - 0x320) =  *(_t418 - 0x320) & 0x00000000;
									} else {
										 *(_t418 - 0x320) = _t418 - 0x2f8;
									}
									_t415 =  *(_t418 + 8);
									if(_t369 != 0) {
										_t415 = _t415 | 0x00000020;
									}
									_t303 =  *(_t418 - 0x328);
									if(_t303 == 0) {
										_t303 = _t418 - 0x32c;
									}
									 *(_t418 - 0x324) = _t303;
									_t410 =  *((intOrPtr*)(_t418 - 0x310));
									if(_t369 != 0) {
										_t399 =  *((intOrPtr*)(_t418 - 0x318));
									} else {
										_t410 =  *((intOrPtr*)(_t418 - 0x314));
										_t399 =  *((intOrPtr*)(_t418 - 0x31c));
									}
									_t304 =  *(_t418 - 0x2e0);
									if(_t369 != 0) {
										_t375 =  *(_t418 - 0x2e4);
									} else {
										_t304 =  *(_t418 - 0x2f4);
										_t375 =  *(_t418 - 0x2e8);
									}
									_t413 =  *(_t418 - 0x2f0);
									_t409 = E013878A0(_t375, 0, _t304, _t399, _t410, 0,  *(_t418 - 0x2f0),  *((intOrPtr*)(_t418 + 0x10)), _t418 - 0x2d0,  *(_t418 - 0x304),  *(_t418 - 0x324), _t415,  *(_t418 - 0x320));
									 *(_t418 - 0x2d8) = _t409;
									if( *(_t418 - 0x334) != 0) {
										__eflags =  !_t349 & 0x00040000;
										if(__eflags == 0) {
											goto L24;
										}
										_t369 =  *(_t418 - 0x2d1);
										__eflags = _t409;
										if(__eflags < 0) {
											goto L26;
										}
										_t404 =  *(_t418 - 0x304);
										__eflags =  *(_t418 - 0x304);
										if(__eflags == 0) {
											goto L25;
										}
										__eflags = _t369;
										if(__eflags == 0) {
											goto L25;
										}
										_t320 =  *(_t418 - 0x328);
										__eflags = _t320;
										if(_t320 == 0) {
											_t321 =  *(_t418 - 0x32c);
										} else {
											_t321 =  *_t320;
										}
										_t409 = E01390245( *(_t418 - 0x2e4),  *_t404, _t321,  *((intOrPtr*)(_t413 + 0xc)), 1);
										 *(_t418 - 0x2d8) = _t409;
										__eflags = _t409;
										if(__eflags < 0) {
											 *( *(_t418 - 0x304)) =  *( *(_t418 - 0x304)) & 0x00000000;
											__eflags = _t409 - 0xc000007b;
											if(__eflags == 0) {
												goto L95;
											}
										}
										goto L24;
									} else {
										L24:
										_t369 =  *(_t418 - 0x2d1);
										L25:
										if(_t409 >= 0) {
											L47:
											_t401 =  *(_t418 - 0x308);
											__eflags = _t401;
											if(_t401 == 0) {
												L28:
												_t298 =  *(_t418 + 8);
												goto L29;
											}
											_t308 =  *(_t418 - 0x2f8);
											__eflags = _t308;
											if(_t308 != 0) {
												 *((intOrPtr*)(_t418 - 0x33c)) = _t418 - 0xc8;
												 *((short*)(_t418 - 0x33e)) = 0xac;
												_t409 = E01364720(_t401, _t308 & 0x0000ffff, _t418 - 0x340, 2, 0);
												 *(_t418 - 0x2d8) = _t409;
												__eflags = _t409;
												if(_t409 < 0) {
													goto L95;
												}
												_t312 = ( *(_t418 - 0x340) & 0x0000ffff) >> 1;
												__eflags = _t312;
												_t401 =  *(_t418 - 0x308);
												goto L126;
											} else {
												_t312 = 0;
												 *((short*)(_t418 - 0xc8)) = 0;
												L126:
												 *(_t418 - 0x2fc) = _t312;
												_t363 = 1;
												 *(_t418 - 4) = 1;
												__eflags = _t312 -  *_t401;
												if(_t312 >=  *_t401) {
													L130:
													 *_t401 = _t312 + 1;
													 *(_t418 - 0x2d8) = 0xc0000023;
													 *(_t418 - 4) = 0xfffffffe;
													goto L36;
												}
												__eflags =  *(_t418 - 0x30c);
												if( *(_t418 - 0x30c) == 0) {
													goto L130;
												}
												_t417 = _t312 + _t312;
												E0139F3E0( *(_t418 - 0x30c), _t418 - 0xc8, _t417);
												_t419 = _t419 + 0xc;
												 *( *(_t418 - 0x308)) =  *(_t418 - 0x2fc) + 1;
												__eflags = 0;
												 *((short*)(_t417 +  *(_t418 - 0x30c))) = 0;
												 *(_t418 - 4) = 0xfffffffe;
												_t369 =  *(_t418 - 0x2d1);
												break;
											}
											goto L49;
										}
										L26:
										if(_t369 != 0) {
											_t319 = E013E9024(_t349,  *(_t418 - 0x2e8),  *(_t418 - 0x2f4), _t409, __eflags,  *(_t418 - 0x2e4),  *(_t418 - 0x2e0));
											__eflags = _t319;
											if(_t319 != 0) {
												_t369 =  *(_t418 - 0x2d1);
												goto L28;
											}
											_t414 =  *(_t418 - 0x2fc);
											goto L120;
										}
										if(_t409 >= 0) {
											goto L47;
										}
										goto L28;
									}
								}
								_t413 =  *(_t418 - 0x2f0);
								goto L28;
							}
							L44:
							__eflags = _t281 & 0x00000004;
							if((_t281 & 0x00000004) != 0) {
								_t349 = _t348 | 0x00000004;
							}
							_t409 =  *(_t418 - 0x2f4);
							_t413 =  *(_t418 - 0x2e8);
							_t366 = _t413;
							__eflags = E013699C7(_t366, _t409, _t409, _t349, _t418 - 0x2d0);
							if(__eflags >= 0) {
								goto L9;
							} else {
								_t398 =  *(_t418 + 8);
								__eflags = _t398 & 0x00001000;
								if(__eflags == 0) {
									goto L10;
								} else {
									goto L39;
								}
								goto L47;
							}
						}
						_t428 =  *((intOrPtr*)(_t418 + 0x10)) - 3;
						if(_t428 == 0) {
							goto L43;
						}
						goto L8;
					}
				}
				L1:
				_t257 = 0x7ffe0385;
				goto L2;
			}




















































                            0x0138701d
                            0x01387022
                            0x01387027
                            0x0138702c
                            0x01387032
                            0x0138703b
                            0x01387044
                            0x0138704d
                            0x01387056
                            0x0138705f
                            0x01387067
                            0x0138706d
                            0x01387073
                            0x01387079
                            0x0138707f
                            0x01387085
                            0x0138708b
                            0x01387093
                            0x01387099
                            0x0138709f
                            0x013870a7
                            0x013870a8
                            0x013870b1
                            0x013870b2
                            0x013870b9
                            0x013870c5
                            0x013870c6
                            0x013870cd
                            0x013870d4
                            0x013870e4
                            0x013870e9
                            0x013c841d
                            0x013c8420
                            0x00000000
                            0x00000000
                            0x013c842f
                            0x013870f4
                            0x013870f9
                            0x013c8439
                            0x013c843e
                            0x013c8440
                            0x013c8452
                            0x013c8442
                            0x013c844b
                            0x013c844b
                            0x013c8460
                            0x013c8465
                            0x013c8465
                            0x013870ff
                            0x01387103
                            0x0138710d
                            0x01387342
                            0x01387348
                            0x0138734c
                            0x01387350
                            0x01387356
                            0x013875ef
                            0x013875f1
                            0x00000000
                            0x00000000
                            0x013875f7
                            0x0138735e
                            0x0138735e
                            0x01387364
                            0x0138736b
                            0x00000000
                            0x0138736b
                            0x0138735c
                            0x0138735c
                            0x0138735c
                            0x00000000
                            0x01387113
                            0x01387113
                            0x01387113
                            0x01387118
                            0x013873cf
                            0x013873d1
                            0x013873d5
                            0x00000000
                            0x00000000
                            0x013873db
                            0x013873df
                            0x00000000
                            0x00000000
                            0x013873e5
                            0x013873eb
                            0x013c849c
                            0x013873f1
                            0x013873f1
                            0x013873f1
                            0x013873f5
                            0x013873f8
                            0x013875fe
                            0x01387601
                            0x00000000
                            0x00000000
                            0x01387607
                            0x0138760e
                            0x00000000
                            0x00000000
                            0x00000000
                            0x013873fe
                            0x013873fe
                            0x01387402
                            0x01387404
                            0x01387475
                            0x01387478
                            0x013c84a8
                            0x013c84ab
                            0x00000000
                            0x00000000
                            0x013c84b6
                            0x013c84b9
                            0x00000000
                            0x00000000
                            0x013c84bf
                            0x0138747e
                            0x0138747e
                            0x01387481
                            0x01387484
                            0x00000000
                            0x01387484
                            0x01387406
                            0x01387406
                            0x01387408
                            0x01387409
                            0x0138740b
                            0x01387411
                            0x01387417
                            0x0138741c
                            0x01387422
                            0x01387424
                            0x013874d8
                            0x0138743d
                            0x0138743d
                            0x00000000
                            0x0138743d
                            0x0138742a
                            0x0138742f
                            0x013c8494
                            0x013c8496
                            0x01387313
                            0x01387313
                            0x01387318
                            0x01387318
                            0x01387321
                            0x01387326
                            0x013c876e
                            0x013c8771
                            0x013c8780
                            0x013c8780
                            0x013c8771
                            0x0138732e
                            0x013c878b
                            0x013c8790
                            0x013c8792
                            0x013c879d
                            0x013c879d
                            0x013c879d
                            0x013c87ac
                            0x00000000
                            0x01387334
                            0x01387334
                            0x0138733a
                            0x0138733f
                            0x0138733f
                            0x0138732e
                            0x01387437
                            0x01387437
                            0x00000000
                            0x01387437
                            0x013873f8
                            0x0138711e
                            0x01387129
                            0x013c84c4
                            0x00000000
                            0x013c84c4
                            0x01387131
                            0x01387135
                            0x01387137
                            0x0138713c
                            0x01387145
                            0x0138714e
                            0x01387158
                            0x01387161
                            0x0138716a
                            0x01387373
                            0x01387373
                            0x01387376
                            0x01387378
                            0x01387468
                            0x0138746a
                            0x00000000
                            0x00000000
                            0x0138717a
                            0x0138717a
                            0x01387180
                            0x01387186
                            0x01387186
                            0x01387189
                            0x0138718d
                            0x01387194
                            0x013871a5
                            0x0138744b
                            0x01387452
                            0x01387453
                            0x01387454
                            0x01387455
                            0x01387456
                            0x0138745b
                            0x0138745d
                            0x013871ab
                            0x00000000
                            0x01387307
                            0x01387307
                            0x00000000
                            0x013871ab
                            0x00000000
                            0x01387463
                            0x013871ab
                            0x013871b4
                            0x013871be
                            0x013871c0
                            0x013871c6
                            0x013871cc
                            0x013871d2
                            0x013871d4
                            0x013871da
                            0x013871e2
                            0x013871e9
                            0x013871eb
                            0x013871eb
                            0x013871fa
                            0x00000000
                            0x00000000
                            0x01387202
                            0x0138748b
                            0x01387492
                            0x01387499
                            0x013874a1
                            0x013874a4
                            0x013874df
                            0x013874e7
                            0x013874b4
                            0x013874b4
                            0x013874b9
                            0x013c85ea
                            0x013c85ea
                            0x00000000
                            0x013c85ea
                            0x013874e9
                            0x013874f0
                            0x013874f2
                            0x00000000
                            0x00000000
                            0x013874ff
                            0x01387506
                            0x0138750d
                            0x0138750e
                            0x01387514
                            0x0138751f
                            0x01387521
                            0x01387527
                            0x01387529
                            0x013c84ec
                            0x013c84f2
                            0x013c8500
                            0x013c8500
                            0x013c8505
                            0x013c85e4
                            0x013c85e4
                            0x00000000
                            0x013c85e4
                            0x013c84f4
                            0x013c84fa
                            0x00000000
                            0x00000000
                            0x00000000
                            0x013c84fa
                            0x01387532
                            0x01387538
                            0x0138753f
                            0x013c8510
                            0x013c8511
                            0x013c851c
                            0x013c851d
                            0x013c8528
                            0x013c852a
                            0x013c852a
                            0x01387545
                            0x01387548
                            0x0138754d
                            0x01387557
                            0x0138755d
                            0x01387564
                            0x01387565
                            0x01387566
                            0x0138756c
                            0x01387577
                            0x01387579
                            0x0138757f
                            0x01387585
                            0x01387587
                            0x00000000
                            0x00000000
                            0x00000000
                            0x0138754f
                            0x0138754f
                            0x01387551
                            0x013c86ec
                            0x013c86f2
                            0x013872de
                            0x013872e0
                            0x013875bc
                            0x013875c1
                            0x013875d7
                            0x013875d7
                            0x013875c1
                            0x013872e8
                            0x013873c4
                            0x013873c4
                            0x00000000
                            0x013872ee
                            0x013872ee
                            0x013872f4
                            0x013872f6
                            0x013872fe
                            0x013c8708
                            0x013c870f
                            0x013c8749
                            0x013c8749
                            0x013c874b
                            0x013c8751
                            0x013c8761
                            0x013c8761
                            0x013c8753
                            0x013c8753
                            0x013c8759
                            0x013c8759
                            0x013c8763
                            0x01387306
                            0x01387306
                            0x00000000
                            0x01387306
                            0x013c8711
                            0x013c8718
                            0x00000000
                            0x00000000
                            0x013c8720
                            0x013c8725
                            0x013c8727
                            0x00000000
                            0x00000000
                            0x013c8729
                            0x013c8731
                            0x013c8732
                            0x013c8738
                            0x013c873e
                            0x00000000
                            0x013c873e
                            0x01387304
                            0x01387304
                            0x00000000
                            0x01387304
                            0x013872e8
                            0x00000000
                            0x01387551
                            0x0138754d
                            0x013874a6
                            0x013874ae
                            0x00000000
                            0x00000000
                            0x00000000
                            0x013874ae
                            0x01387208
                            0x01387208
                            0x01387211
                            0x01387592
                            0x01387217
                            0x0138721d
                            0x0138721d
                            0x01387223
                            0x01387228
                            0x0138759e
                            0x0138759e
                            0x0138722e
                            0x01387236
                            0x01387238
                            0x01387238
                            0x0138723e
                            0x01387246
                            0x0138724c
                            0x013875a6
                            0x01387252
                            0x01387252
                            0x01387258
                            0x01387258
                            0x01387260
                            0x01387266
                            0x013875b1
                            0x0138726c
                            0x0138726c
                            0x01387272
                            0x01387272
                            0x01387295
                            0x013872a8
                            0x013872aa
                            0x013872b7
                            0x013c8539
                            0x013c853e
                            0x00000000
                            0x00000000
                            0x013c8544
                            0x013c854a
                            0x013c854c
                            0x00000000
                            0x00000000
                            0x013c8552
                            0x013c8558
                            0x013c855a
                            0x00000000
                            0x00000000
                            0x013c8560
                            0x013c8562
                            0x00000000
                            0x00000000
                            0x013c8568
                            0x013c856e
                            0x013c8570
                            0x013c8576
                            0x013c8572
                            0x013c8572
                            0x013c8572
                            0x013c858f
                            0x013c8591
                            0x013c8597
                            0x013c8599
                            0x013c85a5
                            0x013c85a8
                            0x013c85ae
                            0x00000000
                            0x00000000
                            0x013c85b4
                            0x00000000
                            0x013872bd
                            0x013872bd
                            0x013872bd
                            0x013872c3
                            0x013872c5
                            0x013873b1
                            0x013873b1
                            0x013873b7
                            0x013873b9
                            0x013872db
                            0x013872db
                            0x00000000
                            0x013872db
                            0x013c85f0
                            0x013c85f7
                            0x013c85fa
                            0x013c860d
                            0x013c8618
                            0x013c8633
                            0x013c8635
                            0x013c863b
                            0x013c863d
                            0x00000000
                            0x00000000
                            0x013c864a
                            0x013c864a
                            0x013c864c
                            0x00000000
                            0x013c85fc
                            0x013c85fc
                            0x013c85fe
                            0x013c8652
                            0x013c8652
                            0x013c865a
                            0x013c865b
                            0x013c865e
                            0x013c8660
                            0x013c86b7
                            0x013c86b8
                            0x013c86ba
                            0x013c86c4
                            0x00000000
                            0x013c86c4
                            0x013c8662
                            0x013c8669
                            0x00000000
                            0x00000000
                            0x013c866b
                            0x013c867c
                            0x013c8681
                            0x013c8691
                            0x013c8693
                            0x013c869b
                            0x013c869f
                            0x013c86a6
                            0x00000000
                            0x013c86a6
                            0x00000000
                            0x013c85fa
                            0x013872cb
                            0x013872cd
                            0x013c85d1
                            0x013c85d6
                            0x013c85d8
                            0x013c86fd
                            0x00000000
                            0x013c86fd
                            0x013c85de
                            0x00000000
                            0x013c85de
                            0x013872d5
                            0x00000000
                            0x00000000
                            0x00000000
                            0x013872d5
                            0x013872b7
                            0x013c86ac
                            0x00000000
                            0x013c86ac
                            0x0138737e
                            0x0138737e
                            0x01387380
                            0x013c84d0
                            0x013c84d0
                            0x0138738f
                            0x01387397
                            0x0138739d
                            0x013873a4
                            0x013873a6
                            0x00000000
                            0x013873ac
                            0x013c84d8
                            0x013c84db
                            0x013c84e1
                            0x00000000
                            0x013c84e7
                            0x00000000
                            0x013c84e7
                            0x00000000
                            0x013c84e1
                            0x013873a6
                            0x01387170
                            0x01387174
                            0x00000000
                            0x00000000
                            0x00000000
                            0x01387174
                            0x0138710d
                            0x013870ef
                            0x013870ef
                            0x00000000

                            Strings
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID: #$LdrpResSearchResourceMappedFile Enter$LdrpResSearchResourceMappedFile Exit$MUI
                            • API String ID: 0-3266796247
                            • Opcode ID: 22b8661e8b1610b4935ac2c89e6f8ffb5a1647c0542746100bcbc2156b8e9928
                            • Instruction ID: 1077c8ee490775ff60bf85e735e41ec11aee8bcb03bff0ee5c4052ed60f085a4
                            • Opcode Fuzzy Hash: 22b8661e8b1610b4935ac2c89e6f8ffb5a1647c0542746100bcbc2156b8e9928
                            • Instruction Fuzzy Hash: BF32A131904369CBDF26DF18C884BE9BBBAAF45748F2440E9E849A7251D7709F81CF54
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 013E34A0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 130COMMON
                            Download Yara Rule
                            C-Code - Quality: 89%
                            			E013E34A0(void* __ebx, intOrPtr __edi, signed int __esi, void* __eflags) {
				signed short* _t37;
				void* _t40;
				signed short _t56;
				signed int _t57;
				signed short* _t78;
				void* _t86;

				_t85 = __esi;
				_t84 = __edi;
				_push(0x68);
				_push(0x1430870);
				E013AD0E8(__ebx, __edi, __esi);
				_t78 =  *(_t86 + 8);
				_t37 =  *(_t86 + 0xc);
				 *(_t86 - 0x50) = _t37;
				 *(_t86 - 0x4c) = _t37;
				if(( *0x1445cac & 0x00000004) == 0) {
					L17:
					L18:
					return E013AD130(_t78, _t84, _t85);
				}
				_t40 = E01382EB0(_t78[2]);
				if(_t40 == 0 || _t40 == 3 || _t40 == 5) {
					goto L17;
				} else {
					_t84 = 0;
					_t85 = E01374120(0, _t78, 0, _t86 - 0x5c, 0, 0, 0);
					if(_t85 >= 0) {
						 *((intOrPtr*)(_t86 - 0x74)) = 0x18;
						 *((intOrPtr*)(_t86 - 0x70)) = 0;
						 *((intOrPtr*)(_t86 - 0x68)) = 0x40;
						 *((intOrPtr*)(_t86 - 0x6c)) = _t86 - 0x5c;
						 *((intOrPtr*)(_t86 - 0x64)) = 0;
						 *((intOrPtr*)(_t86 - 0x60)) = 0;
						_push(_t86 - 0x48);
						_push(_t86 - 0x74);
						_t85 = E013998D0();
						L013777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t86 - 0x58)));
					}
					if( !_t85 < 0) {
						_t85 = E01374620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t84, ( *_t78 & 0x0000ffff) + 0xa);
						 *(_t86 - 0x54) = _t85;
						if(_t85 != 0) {
							_t23 = _t85 + 0xa; // 0xa
							E0139F3E0(_t23, _t78[2],  *_t78 & 0x0000ffff);
							 *((short*)(_t85 + 8)) =  *_t78;
							E01372280( *_t78, 0x1448610);
							 *((intOrPtr*)(_t86 - 4)) = _t84;
							_t56 = ( *0x1445764 & 0x0000ffff) + 2 + ( *_t78 & 0x0000ffff);
							 *(_t86 - 0x78) = _t56;
							if(_t56 <= 0xfffe) {
								 *0x1445764 = _t56;
								_t57 =  *0x144575c; // 0x77e1575c
								if( *(_t57 + 4) != 0x144575c) {
									0x144575c = 3;
									asm("int 0x29");
								}
								 *_t85 = _t57;
								 *(_t85 + 4) = 0x144575c;
								 *(_t57 + 4) = _t85;
								 *0x144575c = _t85;
								 *((intOrPtr*)(_t86 - 4)) = 0xfffffffe;
								_t78 =  *(_t86 - 0x50);
								E01372280(E013E3650(), 0x1448608);
								 *(_t86 - 0x4c) = E0138F6B2(0x1446e40);
								E0136FFB0(_t78, _t84, 0x1448608);
								_t62 =  *(_t86 - 0x4c);
								if( *(_t86 - 0x4c) != 0) {
									L013777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t84, _t62);
								}
								 *_t78 = _t85;
							} else {
								E0139D9D0(_t86, 0x144d360, _t86 - 0x10, 0xfffffffe);
							}
						}
					}
					goto L18;
				}
			}









                            0x013e34a0
                            0x013e34a0
                            0x013e34a0
                            0x013e34a2
                            0x013e34a7
                            0x013e34ac
                            0x013e34af
                            0x013e34b2
                            0x013e34b5
                            0x013e34bf
                            0x013e365b
                            0x013e3660
                            0x013e3665
                            0x013e3665
                            0x013e34c8
                            0x013e34cf
                            0x00000000
                            0x013e34e7
                            0x013e34e7
                            0x013e34fa
                            0x013e34fe
                            0x013e3500
                            0x013e3507
                            0x013e350a
                            0x013e3514
                            0x013e3517
                            0x013e351a
                            0x013e3520
                            0x013e3524
                            0x013e352a
                            0x013e3539
                            0x013e3539
                            0x013e3544
                            0x013e3563
                            0x013e3565
                            0x013e356a
                            0x013e357d
                            0x013e3581
                            0x013e358c
                            0x013e3595
                            0x013e359a
                            0x013e35aa
                            0x013e35ac
                            0x013e35b4
                            0x013e35d3
                            0x013e35d9
                            0x013e35e6
                            0x013e35ea
                            0x013e35eb
                            0x013e35eb
                            0x013e35ed
                            0x013e35ef
                            0x013e35f2
                            0x013e35f5
                            0x013e35fb
                            0x013e3602
                            0x013e360f
                            0x013e361e
                            0x013e3626
                            0x013e362b
                            0x013e3630
                            0x013e363d
                            0x013e363d
                            0x013e3642
                            0x013e35b6
                            0x013e35c1
                            0x013e35c9
                            0x013e35b4
                            0x013e356a
                            0x00000000
                            0x013e3544

                            APIs
                            • @_EH4_CallFilterFunc@8.LIBCMT ref: 013E35C1
                            Strings
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID: CallFilterFunc@8
                            • String ID: @$\Ww\Ww
                            • API String ID: 4062629308-2421293922
                            • Opcode ID: 8f8ca2c4d415a2ca5648635fbec50edf58313d9349073f3a104f27dba344b603
                            • Instruction ID: 9b9a894304ddef0edd8888d1272f4123c3942ba0d0e667ea203e1dbfd720c62b
                            • Opcode Fuzzy Hash: 8f8ca2c4d415a2ca5648635fbec50edf58313d9349073f3a104f27dba344b603
                            • Instruction Fuzzy Hash: AC415A71900229DBDF21EFA9C984A6EBBF8FF55B18F10412AE905DB3A4D634D900CB60
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0137A830 Relevance: 5.4, Strings: 4, Instructions: 350COMMONCrypto
                            Download Yara Rule
                            C-Code - Quality: 70%
                            			E0137A830(intOrPtr __ecx, signed int __edx, signed short _a4) {
				void* _v5;
				signed short _v12;
				intOrPtr _v16;
				signed int _v20;
				signed short _v24;
				signed short _v28;
				signed int _v32;
				signed short _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				signed short* _v52;
				void* __ebx;
				void* __edi;
				void* __ebp;
				signed int _t131;
				signed char _t134;
				signed int _t138;
				char _t141;
				signed short _t142;
				void* _t146;
				signed short _t147;
				intOrPtr* _t149;
				intOrPtr _t156;
				signed int _t167;
				signed int _t168;
				signed short* _t173;
				signed short _t174;
				intOrPtr* _t182;
				signed short _t184;
				intOrPtr* _t187;
				intOrPtr _t197;
				intOrPtr _t206;
				intOrPtr _t210;
				signed short _t211;
				intOrPtr* _t212;
				signed short _t214;
				signed int _t216;
				intOrPtr _t217;
				signed char _t225;
				signed short _t235;
				signed int _t237;
				intOrPtr* _t238;
				signed int _t242;
				unsigned int _t245;
				signed int _t251;
				intOrPtr* _t252;
				signed int _t253;
				intOrPtr* _t255;
				signed int _t256;
				void* _t257;
				void* _t260;

				_t256 = __edx;
				_t206 = __ecx;
				_t235 = _a4;
				_v44 = __ecx;
				_v24 = _t235;
				if(_t235 == 0) {
					L41:
					return _t131;
				}
				_t251 = ( *(__edx + 4) ^  *(__ecx + 0x54)) & 0x0000ffff;
				if(_t251 == 0) {
					__eflags =  *0x1448748 - 1;
					if( *0x1448748 >= 1) {
						__eflags =  *(__edx + 2) & 0x00000008;
						if(( *(__edx + 2) & 0x00000008) == 0) {
							_t110 = _t256 + 0xfff; // 0xfe7
							__eflags = (_t110 & 0xfffff000) - __edx;
							if((_t110 & 0xfffff000) != __edx) {
								_t197 =  *[fs:0x30];
								__eflags =  *(_t197 + 0xc);
								if( *(_t197 + 0xc) == 0) {
									_push("HEAP: ");
									E0135B150();
									_t260 = _t257 + 4;
								} else {
									E0135B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
									_t260 = _t257 + 8;
								}
								_push("((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))");
								E0135B150();
								_t257 = _t260 + 4;
								__eflags =  *0x1447bc8;
								if(__eflags == 0) {
									E01412073(_t206, 1, _t251, __eflags);
								}
								_t235 = _v24;
							}
						}
					}
				}
				_t134 =  *((intOrPtr*)(_t256 + 6));
				if(_t134 == 0) {
					_t210 = _t206;
					_v48 = _t206;
				} else {
					_t210 = (_t256 & 0xffff0000) - ((_t134 & 0x000000ff) << 0x10) + 0x10000;
					_v48 = _t210;
				}
				_v5 =  *(_t256 + 2);
				do {
					if(_t235 > 0xfe00) {
						_v12 = 0xfe00;
						__eflags = _t235 - 0xfe01;
						if(_t235 == 0xfe01) {
							_v12 = 0xfdf0;
						}
						_t138 = 0;
					} else {
						_v12 = _t235 & 0x0000ffff;
						_t138 = _v5;
					}
					 *(_t256 + 2) = _t138;
					 *(_t256 + 4) =  *(_t206 + 0x54) ^ _t251;
					_t236 =  *((intOrPtr*)(_t210 + 0x18));
					if( *((intOrPtr*)(_t210 + 0x18)) == _t210) {
						_t141 = 0;
					} else {
						_t141 = (_t256 - _t210 >> 0x10) + 1;
						_v40 = _t141;
						if(_t141 >= 0xfe) {
							_push(_t210);
							E0141A80D(_t236, _t256, _t210, 0);
							_t141 = _v40;
						}
					}
					 *(_t256 + 2) =  *(_t256 + 2) & 0x000000f0;
					 *((char*)(_t256 + 6)) = _t141;
					_t142 = _v12;
					 *_t256 = _t142;
					 *(_t256 + 3) = 0;
					_t211 = _t142 & 0x0000ffff;
					 *((char*)(_t256 + 7)) = 0;
					_v20 = _t211;
					if(( *(_t206 + 0x40) & 0x00000040) != 0) {
						_t119 = _t256 + 0x10; // -8
						E013AD5E0(_t119, _t211 * 8 - 0x10, 0xfeeefeee);
						 *(_t256 + 2) =  *(_t256 + 2) | 0x00000004;
						_t211 = _v20;
					}
					_t252 =  *((intOrPtr*)(_t206 + 0xb4));
					if(_t252 == 0) {
						L56:
						_t212 =  *((intOrPtr*)(_t206 + 0xc0));
						_t146 = _t206 + 0xc0;
						goto L19;
					} else {
						if(_t211 <  *((intOrPtr*)(_t252 + 4))) {
							L15:
							_t185 = _t211;
							goto L17;
						} else {
							while(1) {
								_t187 =  *_t252;
								if(_t187 == 0) {
									_t185 =  *((intOrPtr*)(_t252 + 4)) - 1;
									__eflags =  *((intOrPtr*)(_t252 + 4)) - 1;
									goto L17;
								}
								_t252 = _t187;
								if(_t211 >=  *((intOrPtr*)(_t252 + 4))) {
									continue;
								}
								goto L15;
							}
							while(1) {
								L17:
								_t212 = E0137AB40(_t206, _t252, 1, _t185, _t211);
								if(_t212 != 0) {
									_t146 = _t206 + 0xc0;
									break;
								}
								_t252 =  *_t252;
								_t211 = _v20;
								_t185 =  *(_t252 + 0x14);
							}
							L19:
							if(_t146 != _t212) {
								_t237 =  *(_t206 + 0x4c);
								_t253 = _v20;
								while(1) {
									__eflags = _t237;
									if(_t237 == 0) {
										_t147 =  *(_t212 - 8) & 0x0000ffff;
									} else {
										_t184 =  *(_t212 - 8);
										_t237 =  *(_t206 + 0x4c);
										__eflags = _t184 & _t237;
										if((_t184 & _t237) != 0) {
											_t184 = _t184 ^  *(_t206 + 0x50);
											__eflags = _t184;
										}
										_t147 = _t184 & 0x0000ffff;
									}
									__eflags = _t253 - (_t147 & 0x0000ffff);
									if(_t253 <= (_t147 & 0x0000ffff)) {
										goto L20;
									}
									_t212 =  *_t212;
									__eflags = _t206 + 0xc0 - _t212;
									if(_t206 + 0xc0 != _t212) {
										continue;
									} else {
										goto L20;
									}
									goto L56;
								}
							}
							L20:
							_t149 =  *((intOrPtr*)(_t212 + 4));
							_t33 = _t256 + 8; // -16
							_t238 = _t33;
							_t254 =  *_t149;
							if( *_t149 != _t212) {
								_push(_t212);
								E0141A80D(0, _t212, 0, _t254);
							} else {
								 *_t238 = _t212;
								 *((intOrPtr*)(_t238 + 4)) = _t149;
								 *_t149 = _t238;
								 *((intOrPtr*)(_t212 + 4)) = _t238;
							}
							 *((intOrPtr*)(_t206 + 0x74)) =  *((intOrPtr*)(_t206 + 0x74)) + ( *_t256 & 0x0000ffff);
							_t255 =  *((intOrPtr*)(_t206 + 0xb4));
							if(_t255 == 0) {
								L36:
								if( *(_t206 + 0x4c) != 0) {
									 *(_t256 + 3) =  *(_t256 + 1) ^  *(_t256 + 2) ^  *_t256;
									 *_t256 =  *_t256 ^  *(_t206 + 0x50);
								}
								_t210 = _v48;
								_t251 = _v12 & 0x0000ffff;
								_t131 = _v20;
								_t235 = _v24 - _t131;
								_v24 = _t235;
								_t256 = _t256 + _t131 * 8;
								if(_t256 >=  *((intOrPtr*)(_t210 + 0x28))) {
									goto L41;
								} else {
									goto L39;
								}
							} else {
								_t216 =  *_t256 & 0x0000ffff;
								_v28 = _t216;
								if(_t216 <  *((intOrPtr*)(_t255 + 4))) {
									L28:
									_t242 = _t216 -  *((intOrPtr*)(_t255 + 0x14));
									_v32 = _t242;
									if( *((intOrPtr*)(_t255 + 8)) != 0) {
										_t167 = _t242 + _t242;
									} else {
										_t167 = _t242;
									}
									 *((intOrPtr*)(_t255 + 0xc)) =  *((intOrPtr*)(_t255 + 0xc)) + 1;
									_t168 = _t167 << 2;
									_v40 = _t168;
									_t206 = _v44;
									_v16 =  *((intOrPtr*)(_t168 +  *((intOrPtr*)(_t255 + 0x20))));
									if(_t216 ==  *((intOrPtr*)(_t255 + 4)) - 1) {
										 *((intOrPtr*)(_t255 + 0x10)) =  *((intOrPtr*)(_t255 + 0x10)) + 1;
									}
									_t217 = _v16;
									if(_t217 != 0) {
										_t173 = _t217 - 8;
										_v52 = _t173;
										_t174 =  *_t173;
										__eflags =  *(_t206 + 0x4c);
										if( *(_t206 + 0x4c) != 0) {
											_t245 =  *(_t206 + 0x50) ^ _t174;
											_v36 = _t245;
											_t225 = _t245 >> 0x00000010 ^ _t245 >> 0x00000008 ^ _t245;
											__eflags = _t245 >> 0x18 - _t225;
											if(_t245 >> 0x18 != _t225) {
												_push(_t225);
												E0141A80D(_t206, _v52, 0, 0);
											}
											_t174 = _v36;
											_t217 = _v16;
											_t242 = _v32;
										}
										_v28 = _v28 - (_t174 & 0x0000ffff);
										__eflags = _v28;
										if(_v28 > 0) {
											goto L34;
										} else {
											goto L33;
										}
									} else {
										L33:
										_t58 = _t256 + 8; // -16
										 *((intOrPtr*)(_v40 +  *((intOrPtr*)(_t255 + 0x20)))) = _t58;
										_t206 = _v44;
										_t217 = _v16;
										L34:
										if(_t217 == 0) {
											asm("bts eax, edx");
										}
										goto L36;
									}
								} else {
									goto L24;
								}
								while(1) {
									L24:
									_t182 =  *_t255;
									if(_t182 == 0) {
										_t216 =  *((intOrPtr*)(_t255 + 4)) - 1;
										__eflags = _t216;
										goto L28;
									}
									_t255 = _t182;
									if(_t216 >=  *((intOrPtr*)(_t255 + 4))) {
										continue;
									} else {
										goto L28;
									}
								}
								goto L28;
							}
						}
					}
					L39:
				} while (_t235 != 0);
				_t214 = _v12;
				_t131 =  *(_t206 + 0x54) ^ _t214;
				 *(_t256 + 4) = _t131;
				if(_t214 == 0) {
					__eflags =  *0x1448748 - 1;
					if( *0x1448748 >= 1) {
						_t127 = _t256 + 0xfff; // 0xfff
						_t131 = _t127 & 0xfffff000;
						__eflags = _t131 - _t256;
						if(_t131 != _t256) {
							_t156 =  *[fs:0x30];
							__eflags =  *(_t156 + 0xc);
							if( *(_t156 + 0xc) == 0) {
								_push("HEAP: ");
								E0135B150();
							} else {
								E0135B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push("ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock");
							_t131 = E0135B150();
							__eflags =  *0x1447bc8;
							if(__eflags == 0) {
								_t131 = E01412073(_t206, 1, _t251, __eflags);
							}
						}
					}
				}
				goto L41;
			}























































                            0x0137a83a
                            0x0137a83c
                            0x0137a83e
                            0x0137a841
                            0x0137a844
                            0x0137a84a
                            0x0137aa53
                            0x0137aa59
                            0x0137aa59
                            0x0137a858
                            0x0137a85e
                            0x0137aaf5
                            0x0137aafc
                            0x013c229e
                            0x013c22a2
                            0x013c22a8
                            0x013c22b3
                            0x013c22b5
                            0x013c22bb
                            0x013c22c1
                            0x013c22c5
                            0x013c22e6
                            0x013c22eb
                            0x013c22f0
                            0x013c22c7
                            0x013c22dc
                            0x013c22e1
                            0x013c22e1
                            0x013c22f3
                            0x013c22f8
                            0x013c22fd
                            0x013c2300
                            0x013c2307
                            0x013c230e
                            0x013c230e
                            0x013c2313
                            0x013c2313
                            0x013c22b5
                            0x013c22a2
                            0x0137aafc
                            0x0137a864
                            0x0137a869
                            0x0137aa5c
                            0x0137aa5e
                            0x0137a86f
                            0x0137a87f
                            0x0137a885
                            0x0137a885
                            0x0137a88b
                            0x0137a890
                            0x0137a896
                            0x0137ab0c
                            0x0137ab0f
                            0x0137ab15
                            0x013c2320
                            0x013c2320
                            0x0137ab1b
                            0x0137a89c
                            0x0137a89f
                            0x0137a8a2
                            0x0137a8a2
                            0x0137a8a5
                            0x0137a8af
                            0x0137a8b3
                            0x0137a8b8
                            0x0137aa66
                            0x0137a8be
                            0x0137a8c5
                            0x0137a8c6
                            0x0137a8ce
                            0x013c2328
                            0x013c2332
                            0x013c2337
                            0x013c2337
                            0x0137a8ce
                            0x0137a8d4
                            0x0137a8d8
                            0x0137a8db
                            0x0137a8de
                            0x0137a8e1
                            0x0137a8e5
                            0x0137a8e8
                            0x0137a8f0
                            0x0137a8f3
                            0x013c234c
                            0x013c2350
                            0x013c2355
                            0x013c2359
                            0x013c2359
                            0x0137a8f9
                            0x0137a901
                            0x0137aae4
                            0x0137aae4
                            0x0137aaea
                            0x00000000
                            0x0137a907
                            0x0137a90a
                            0x0137a91d
                            0x0137a91d
                            0x00000000
                            0x0137a910
                            0x0137a910
                            0x0137a910
                            0x0137a914
                            0x0137a924
                            0x0137a924
                            0x0137a924
                            0x0137a924
                            0x0137a916
                            0x0137a91b
                            0x00000000
                            0x00000000
                            0x00000000
                            0x0137a91b
                            0x0137a925
                            0x0137a925
                            0x0137a932
                            0x0137a936
                            0x0137a93c
                            0x0137a93c
                            0x0137a93c
                            0x0137ab22
                            0x0137ab24
                            0x0137ab27
                            0x0137ab27
                            0x0137a942
                            0x0137a944
                            0x0137aaba
                            0x0137aabd
                            0x0137aac0
                            0x0137aac0
                            0x0137aac2
                            0x0137ab2f
                            0x0137aac4
                            0x0137aac4
                            0x0137aac7
                            0x0137aaca
                            0x0137aacc
                            0x0137aace
                            0x0137aace
                            0x0137aace
                            0x0137aad1
                            0x0137aad1
                            0x0137aad7
                            0x0137aad9
                            0x00000000
                            0x00000000
                            0x013c2361
                            0x013c2369
                            0x013c236b
                            0x00000000
                            0x013c2371
                            0x00000000
                            0x013c2371
                            0x00000000
                            0x013c236b
                            0x0137aac0
                            0x0137a94a
                            0x0137a94a
                            0x0137a94d
                            0x0137a94d
                            0x0137a950
                            0x0137a954
                            0x013c2376
                            0x013c2380
                            0x0137a95a
                            0x0137a95a
                            0x0137a95c
                            0x0137a95f
                            0x0137a961
                            0x0137a961
                            0x0137a967
                            0x0137a96a
                            0x0137a972
                            0x0137aa02
                            0x0137aa06
                            0x0137aa10
                            0x0137aa16
                            0x0137aa16
                            0x0137aa1b
                            0x0137aa21
                            0x0137aa24
                            0x0137aa27
                            0x0137aa29
                            0x0137aa2c
                            0x0137aa32
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x0137a978
                            0x0137a978
                            0x0137a97b
                            0x0137a981
                            0x0137a996
                            0x0137a998
                            0x0137a99f
                            0x0137a9a2
                            0x013c238a
                            0x0137a9a8
                            0x0137a9a8
                            0x0137a9a8
                            0x0137a9aa
                            0x0137a9ad
                            0x0137a9b0
                            0x0137a9bb
                            0x0137a9be
                            0x0137a9c7
                            0x0137a9c9
                            0x0137a9c9
                            0x0137a9cc
                            0x0137a9d1
                            0x0137aa6d
                            0x0137aa70
                            0x0137aa73
                            0x0137aa75
                            0x0137aa79
                            0x0137aa7e
                            0x0137aa82
                            0x0137aa8f
                            0x0137aa94
                            0x0137aa96
                            0x013c2392
                            0x013c23a1
                            0x013c23a1
                            0x0137aa9c
                            0x0137aa9f
                            0x0137aaa2
                            0x0137aaa2
                            0x0137aaa8
                            0x0137aaab
                            0x0137aaaf
                            0x00000000
                            0x0137aab5
                            0x00000000
                            0x0137aab5
                            0x0137a9d7
                            0x0137a9d7
                            0x0137a9da
                            0x0137a9e0
                            0x0137a9e3
                            0x0137a9e6
                            0x0137a9e9
                            0x0137a9eb
                            0x0137a9fd
                            0x0137a9fd
                            0x00000000
                            0x0137a9eb
                            0x00000000
                            0x00000000
                            0x00000000
                            0x0137a983
                            0x0137a983
                            0x0137a983
                            0x0137a987
                            0x0137a995
                            0x0137a995
                            0x0137a995
                            0x0137a995
                            0x0137a989
                            0x0137a98e
                            0x00000000
                            0x0137a990
                            0x00000000
                            0x0137a990
                            0x0137a98e
                            0x00000000
                            0x0137a983
                            0x0137a972
                            0x0137a90a
                            0x0137aa34
                            0x0137aa34
                            0x0137aa40
                            0x0137aa43
                            0x0137aa46
                            0x0137aa4d
                            0x013c23ab
                            0x013c23b2
                            0x013c23b8
                            0x013c23be
                            0x013c23c3
                            0x013c23c5
                            0x013c23cb
                            0x013c23d1
                            0x013c23d5
                            0x013c23f6
                            0x013c23fb
                            0x013c23d7
                            0x013c23ec
                            0x013c23f1
                            0x013c2403
                            0x013c2408
                            0x013c2410
                            0x013c2417
                            0x013c2422
                            0x013c2422
                            0x013c2417
                            0x013c23c5
                            0x013c23b2
                            0x00000000

                            Strings
                            • HEAP: , xrefs: 013C22E6, 013C23F6
                            • ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock)), xrefs: 013C22F3
                            • ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock, xrefs: 013C2403
                            • HEAP[%wZ]: , xrefs: 013C22D7, 013C23E7
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID: ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))$HEAP: $HEAP[%wZ]: $ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock
                            • API String ID: 0-1657114761
                            • Opcode ID: e171943fef4b6f713bd16f1904b4d056800dcce5ddb0b83aa305d493c5cab69d
                            • Instruction ID: bb8f680c1dc2ec75f63e60857c68f14e32245b567d36a03ae8ee41c0c1ca6b54
                            • Opcode Fuzzy Hash: e171943fef4b6f713bd16f1904b4d056800dcce5ddb0b83aa305d493c5cab69d
                            • Instruction Fuzzy Hash: 8AD1D274A002499FEB29CF68C490BBEBBF1FF48308F19856DD9569B745D338A941CB50
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0138C707 Relevance: 5.3, Strings: 4, Instructions: 251COMMON
                            Download Yara Rule
                            C-Code - Quality: 84%
                            			E0138C707(signed char __ecx, signed int __edx, intOrPtr _a4, signed int* _a8, signed int* _a12, signed int* _a16) {
				signed int _v8;
				char _v532;
				signed int _v536;
				signed int _v540;
				char* _v544;
				short _v546;
				signed int _v548;
				signed int _v552;
				signed int* _v556;
				signed int* _v560;
				signed int* _v564;
				signed int _v568;
				void* __ebx;
				void* __edi;
				void* __esi;
				short _t97;
				intOrPtr _t98;
				void* _t106;
				signed int _t107;
				signed int* _t109;
				void* _t115;
				void* _t121;
				intOrPtr _t122;
				void* _t123;
				char* _t130;
				void* _t131;
				signed int _t133;
				signed short _t141;
				signed int _t144;
				signed int _t149;
				signed int _t151;
				signed int _t156;

				_t143 = __edx;
				_v8 =  *0x144d360 ^ _t156;
				_v556 = _a12;
				_t130 =  &_v532;
				_v560 = _a8;
				_t149 = 0;
				_v564 = _a16;
				_t144 = 0;
				_v540 = __ecx;
				_t133 = 0;
				_v532 = 0;
				_v548 = _v548 & 0;
				_v548 = 0;
				_t97 = 2;
				_v546 = _t97;
				_t98 = _a4;
				_v536 = 0;
				_v552 = 0;
				_v544 = _t130;
				if(_t98 == 0x133127c) {
					E013E5720(0x33, 0, "SXS: %s() passed the empty activation context\n", "RtlpGetActivationContextDataStorageMapAndRosterHeader");
					_t150 = 0xc000000d;
					L21:
					return E0139B640(_t150, _t130, _v8 ^ _t156, _t143, _t144, _t150);
				}
				if(_v560 != 0) {
					 *_v560 =  *_v560 & 0;
					_t149 = 0;
				}
				if(_v556 != _t133) {
					 *_v556 =  *_v556 & _t133;
					_t149 = _t133;
				}
				if(_v564 != _t133) {
					 *_v564 =  *_v564 & _t144;
					_t133 = _t144;
				}
				if((_v540 & 0xfffffffc) != 0 || _t143 == 0 || _v560 == _t144 || _v556 == _t144) {
					_push(_v556);
					_push(_v560);
					_push(_t143);
					_push(_v540);
					E013E5720(0x33, 0, "SXS: %s() bad parameters:\nSXS:    Flags                : 0x%lx\nSXS:    Peb                  : %p\nSXS:    ActivationContextData: %p\nSXS:    AssemblyStorageMap   : %p\n", "RtlpGetActivationContextDataStorageMapAndRosterHeader");
					_t150 = 0xc000000d;
					goto L19;
				} else {
					if(_t98 == 0) {
						L22:
						if(_t98 == 0xfffffffc || (_v540 & 0x00000002) != 0) {
							L24:
							_t43 = _t143 + 0x200; // 0x230
							_t133 = _t43;
							_t106 =  *_t133;
							_t44 = _t143 + 0x204; // 0x234
							_t149 = _t44;
							_v536 = _t133;
							_v552 = _t149;
							if(_t106 == 0) {
								goto L33;
							}
							_t144 =  *((intOrPtr*)(_t106 + 0x18)) + _t106;
							goto L26;
						} else {
							if(_t98 != 0) {
								if((_v540 & 0x00000001) == 0) {
									L26:
									_t143 = 0;
									if( *_t133 == 0 ||  *_t149 != 0) {
										L33:
										_t107 =  *_t149;
										L16:
										_t143 = _v556;
										 *_v556 = _t107;
										 *_v560 =  *_t133;
										_t109 = _v564;
										if(_t109 != 0) {
											 *_t109 = _t144;
										}
										_t150 = 0;
										goto L19;
									} else {
										_t110 =  *(_t144 + 8);
										if( *(_t144 + 8) > 0x3ffffffc) {
											_t150 = 0xc0000095;
											L19:
											if(_t130 != 0 && _t130 !=  &_v532) {
												L01372400( &_v548);
											}
											goto L21;
										}
										_t131 = E01374620(_t133,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0xc + _t110 * 4);
										if(_t131 == 0) {
											_t150 = 0xc0000017;
											L51:
											_t130 = _v544;
											goto L19;
										}
										_t143 =  *(_t144 + 8);
										_t53 = _t131 + 0xc; // 0xc
										_t115 = E0138D4B0(_t131,  *(_t144 + 8), _t53);
										_t150 = _t115;
										if(_t115 < 0) {
											L013777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t131);
											goto L51;
										}
										_t149 = _v552;
										asm("lock cmpxchg [esi], ecx");
										if(0 != 0) {
											E013570C0(_t131);
											L013777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t131);
										}
										_t133 = _v536;
										_t130 = _v544;
										goto L33;
									}
								}
							}
							_t57 = _t143 + 0x1f8; // 0x228
							_t133 = _t57;
							_t121 =  *_t133;
							_t58 = _t143 + 0x1fc; // 0x22c
							_t149 = _t58;
							_v536 = _t133;
							_v552 = _t149;
							if(_t121 == 0) {
								goto L33;
							}
							_t144 =  *((intOrPtr*)(_t121 + 0x18)) + _t121;
							_v568 = _t144;
							if( *_t149 != 0) {
								goto L26;
							}
							_t122 =  *((intOrPtr*)(_t143 + 0x10));
							_t143 = 0x208;
							_t141 =  *(_t122 + 0x38);
							_t144 =  *(_t122 + 0x3c);
							_t151 = _t141 & 0x0000ffff;
							_v540 = _t141;
							_t67 = _t151 + 0xe; // 0x23a
							_t123 = _t67;
							if(_t123 > 0x208) {
								if(_t123 <= 0xfffe) {
									_t81 = _t141 + 0xe; // 0x1366175
									_v546 = _t81;
									_t130 = E01373A1C(_t81 & 0x0000ffff);
									_v544 = _t130;
									if(_t130 != 0) {
										L39:
										E0139F3E0(_t130, _t144, _t151);
										_t133 = _v536;
										_v548 = _v540 + 0xc;
										asm("movsd");
										asm("movsd");
										asm("movsd");
										asm("movsw");
										_t144 = _v568;
										_t149 = _v552;
										goto L26;
									}
									_t150 = 0xc0000017;
									goto L21;
								}
								_t150 = 0xc0000106;
								goto L21;
							}
							_t130 =  &_v532;
							_v546 = 0x208;
							_v544 = _t130;
							goto L39;
						}
					}
					if(_t98 == 0xfffffffc) {
						goto L24;
					}
					if((_v540 & 0x00000003) != 0) {
						goto L22;
					}
					_t33 = _t98 + 0x10; // 0x10
					_t133 = _t33;
					_t143 =  *_t133;
					if(_t143 == 0) {
						_t150 = 0xc00000e5;
						goto L21;
					}
					_t144 =  *((intOrPtr*)(_t143 + 0x18)) + _t143;
					_t107 = _t98 + 0x5c;
					goto L16;
				}
			}



































                            0x0138c707
                            0x0138c719
                            0x0138c720
                            0x0138c726
                            0x0138c730
                            0x0138c736
                            0x0138c73c
                            0x0138c742
                            0x0138c746
                            0x0138c74c
                            0x0138c74e
                            0x0138c755
                            0x0138c75b
                            0x0138c764
                            0x0138c765
                            0x0138c76c
                            0x0138c76f
                            0x0138c775
                            0x0138c77b
                            0x0138c786
                            0x013ca7ef
                            0x013ca7f7
                            0x0138c84b
                            0x0138c85d
                            0x0138c85d
                            0x0138c792
                            0x0138c79a
                            0x0138c79c
                            0x0138c79c
                            0x0138c7a4
                            0x0138c7ac
                            0x0138c7ae
                            0x0138c7ae
                            0x0138c7b6
                            0x0138c7be
                            0x0138c7c0
                            0x0138c7c0
                            0x0138c7cc
                            0x013ca8a6
                            0x013ca8ac
                            0x013ca8b2
                            0x013ca8b3
                            0x013ca8c7
                            0x013ca8cf
                            0x00000000
                            0x0138c7f2
                            0x0138c7f4
                            0x0138c860
                            0x0138c863
                            0x0138c872
                            0x0138c872
                            0x0138c872
                            0x0138c878
                            0x0138c87a
                            0x0138c87a
                            0x0138c880
                            0x0138c886
                            0x0138c88e
                            0x00000000
                            0x00000000
                            0x0138c893
                            0x00000000
                            0x0138c90f
                            0x0138c911
                            0x013ca812
                            0x0138c895
                            0x0138c895
                            0x0138c899
                            0x0138c908
                            0x0138c908
                            0x0138c819
                            0x0138c819
                            0x0138c81f
                            0x0138c829
                            0x0138c82b
                            0x0138c833
                            0x0138c835
                            0x0138c835
                            0x0138c837
                            0x00000000
                            0x0138c89f
                            0x0138c89f
                            0x0138c8a7
                            0x013ca85b
                            0x0138c839
                            0x0138c83b
                            0x013ca8e0
                            0x013ca8e0
                            0x00000000
                            0x0138c83b
                            0x0138c8c4
                            0x0138c8c8
                            0x013ca865
                            0x013ca87e
                            0x013ca87e
                            0x00000000
                            0x013ca87e
                            0x0138c8ce
                            0x0138c8d1
                            0x0138c8d7
                            0x0138c8dc
                            0x0138c8e0
                            0x013ca879
                            0x00000000
                            0x013ca879
                            0x0138c8e6
                            0x0138c8f0
                            0x0138c8f6
                            0x013ca88b
                            0x013ca89c
                            0x013ca89c
                            0x0138c8fc
                            0x0138c902
                            0x00000000
                            0x0138c902
                            0x0138c899
                            0x013ca818
                            0x0138c917
                            0x0138c917
                            0x0138c91d
                            0x0138c91f
                            0x0138c91f
                            0x0138c925
                            0x0138c92b
                            0x0138c933
                            0x00000000
                            0x00000000
                            0x0138c938
                            0x0138c93d
                            0x0138c943
                            0x00000000
                            0x00000000
                            0x0138c949
                            0x0138c94c
                            0x0138c951
                            0x0138c954
                            0x0138c957
                            0x0138c95a
                            0x0138c960
                            0x0138c960
                            0x0138c965
                            0x013ca822
                            0x013ca82e
                            0x013ca831
                            0x013ca841
                            0x013ca843
                            0x013ca84b
                            0x0138c97e
                            0x0138c981
                            0x0138c994
                            0x0138c99a
                            0x0138c9a9
                            0x0138c9aa
                            0x0138c9ab
                            0x0138c9ac
                            0x0138c9ae
                            0x0138c9b4
                            0x00000000
                            0x0138c9b4
                            0x013ca851
                            0x00000000
                            0x013ca851
                            0x013ca824
                            0x00000000
                            0x013ca824
                            0x0138c96b
                            0x0138c971
                            0x0138c978
                            0x00000000
                            0x0138c978
                            0x0138c863
                            0x0138c7f9
                            0x00000000
                            0x00000000
                            0x0138c802
                            0x00000000
                            0x00000000
                            0x0138c804
                            0x0138c804
                            0x0138c807
                            0x0138c80b
                            0x013ca801
                            0x00000000
                            0x013ca801
                            0x0138c814
                            0x0138c816
                            0x00000000
                            0x0138c816

                            Strings
                            • SXS: %s() passed the empty activation context, xrefs: 013CA7E6
                            • .Local, xrefs: 0138C9A4
                            • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 013CA8BE
                            • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 013CA7E1, 013CA8B9
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                            • API String ID: 0-1239276146
                            • Opcode ID: 2f02bcfe8867543c5212ec72cdbc23095dbc8aaa7329686aa692ba4abcc4ac25
                            • Instruction ID: f1fd38d9691ad6d025c5599121d1932a288bade98c29b10ae25092be67d856c3
                            • Opcode Fuzzy Hash: 2f02bcfe8867543c5212ec72cdbc23095dbc8aaa7329686aa692ba4abcc4ac25
                            • Instruction Fuzzy Hash: 54A1AF3194032EDFDB24DF58D888BE9BBB5AF58718F1501E9D909A7251D7309E81CFA0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 01387620 Relevance: 5.2, Strings: 4, Instructions: 220COMMON
                            Download Yara Rule
                            C-Code - Quality: 69%
                            			E01387620(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				short _t84;
				short _t85;
				intOrPtr* _t87;
				signed char* _t88;
				void* _t89;
				signed char* _t90;
				signed int _t95;
				void* _t97;
				intOrPtr* _t99;
				signed int _t105;
				signed int _t106;
				signed short _t110;
				void* _t115;
				signed char _t118;
				signed char _t119;
				signed int _t125;
				short _t127;
				signed int _t129;
				signed char* _t130;
				signed int _t133;
				intOrPtr _t135;
				signed short _t137;
				signed int _t141;
				signed int _t144;
				signed int _t146;
				signed int _t157;
				intOrPtr _t165;
				void* _t167;
				void* _t169;
				signed char _t180;

				_push(0x12c);
				_push(0x1430088);
				E013AD08C(__ebx, __edi, __esi);
				 *((char*)(_t169 - 0x1d)) = 1;
				 *(_t169 - 0x24) = 1;
				_t127 = 0x42;
				 *((short*)(_t169 - 0x44)) = _t127;
				_t84 = 0x44;
				 *((short*)(_t169 - 0x42)) = _t84;
				 *(_t169 - 0x40) = L"LdrpResGetResourceDirectory Enter";
				_t85 = 0x40;
				 *((short*)(_t169 - 0x4c)) = _t85;
				 *((short*)(_t169 - 0x4a)) = _t127;
				 *(_t169 - 0x48) = L"LdrpResGetResourceDirectory Exit";
				_t87 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t87 != 0) {
					if( *_t87 == 0) {
						goto L1;
					}
					_t88 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					L2:
					if(( *_t88 & 0x00000001) != 0) {
						_t89 = E01377D50();
						_t162 = 0x7ffe0384;
						if(_t89 == 0) {
							_t90 = 0x7ffe0384;
						} else {
							_t90 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						}
						E013E6715(_t169 - 0x44,  *_t90 & 0x000000ff);
					} else {
						_t162 = 0x7ffe0384;
					}
					_t125 =  *(_t169 + 8);
					if(_t125 == 0 ||  *(_t169 + 0x14) == 0 ||  *(_t169 + 0x18) == 0) {
						_t92 = 0xc000000d;
						goto L33;
					} else {
						if((_t125 & 0x00000003) != 0) {
							_t118 = _t125 & 0x00000001;
							_t125 = _t125 & 0xfffffffc;
							_t119 = _t118 ^ 0x00000001;
							_t180 = _t119;
							 *(_t169 - 0x24) = _t119;
						}
						 *(_t169 + 0x10) =  *(_t169 + 0x10) & 0x00001000;
						_push(_t169 - 0x28);
						_push(0);
						_push( *((intOrPtr*)(_t169 + 0xc)));
						_push(_t125);
						_t95 = 0;
						_push(_t95 & 0xffffff00 | _t180 == 0x00000000);
						if(E0136E9C0() < 0) {
							L33:
							return E013AD0D1(_t92);
						} else {
							 *(_t169 - 4) =  *(_t169 - 4) & 0x00000000;
							_t144 =  *(_t169 - 0x28);
							_t27 = _t144 + 0x18; // 0x1334f9c
							_t97 = _t27;
							_t129 =  *_t97 & 0x0000ffff;
							if(_t129 != 0x10b) {
								if(_t129 != 0x20b) {
									 *(_t169 - 0x1c) = 0xc000007b;
									 *(_t169 - 4) = 0xfffffffe;
									L30:
									_t130 = 0x7ffe0385;
									_t99 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
									if(_t99 != 0) {
										if( *_t99 != 0) {
											_t130 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
										}
									}
									if(( *_t130 & 0x00000001) != 0) {
										if(E01377D50() != 0) {
											_t162 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
										}
										E013E6715(_t169 - 0x4c,  *_t162 & 0x000000ff);
									}
									_t92 =  *(_t169 - 0x1c);
									goto L33;
								}
								_t133 = 0x3c;
								memcpy(_t169 - 0x13c, _t97, _t133 << 2);
								_t135 = 0;
								L12:
								_t105 =  *(_t169 - 0xe0);
								if(_t135 == 0) {
									_t105 =  *(_t169 - 0xd0);
								}
								if(_t105 <= 2) {
									L38:
									 *(_t169 - 0x1c) = 0xc0000089;
									goto L39;
								} else {
									_t165 =  *((intOrPtr*)(_t169 - 0xcc));
									if(_t135 == 0) {
										_t165 =  *((intOrPtr*)(_t169 - 0xbc));
									}
									if(_t165 == 0) {
										goto L38;
									} else {
										if( *(_t169 - 0x24) == 0) {
											if(_t165 <  *((intOrPtr*)(_t169 - 0x100))) {
												goto L17;
											}
											_t157 =  *(_t169 + 0x10);
											_t115 = E013547A3(_t125,  *((intOrPtr*)(_t169 + 0xc)), _t144, 0, _t165, (_t105 & 0xffffff00 | _t157 != 0x00000000) & 0x000000ff);
											if(_t115 == 0) {
												L44:
												 *(_t169 - 0x1c) = 0xc000007b;
												L39:
												 *(_t169 - 4) = 0xfffffffe;
												L29:
												_t162 = 0x7ffe0384;
												goto L30;
											}
											if( *((intOrPtr*)(_t115 + 0x10)) == 0) {
												goto L38;
											}
											_t146 =  *((intOrPtr*)(_t115 + 0x14)) -  *((intOrPtr*)(_t115 + 0xc)) + _t165 + _t125;
											L21:
											 *(_t169 - 0x34) = _t146;
											 *(_t169 - 4) = 0xfffffffe;
											if(_t146 == 0) {
												 *(_t169 - 0x1c) = 0xc0000089;
												goto L29;
											}
											if(_t157 == 0) {
												L28:
												 *( *(_t169 + 0x14)) = _t146;
												 *( *(_t169 + 0x18)) =  *(_t169 - 0x28);
												 *(_t169 - 0x1c) =  *(_t169 - 0x1c) & 0x00000000;
												goto L29;
											}
											if(_t146 <= _t125) {
												L52:
												 *(_t169 - 0x1c) = 0xc000007b;
												goto L29;
											}
											_t167 =  *((intOrPtr*)(_t169 + 0xc)) + (_t125 & 0xfffffffc);
											if(_t146 + 0x10 > _t167) {
												goto L52;
											}
											 *(_t169 - 4) = 1;
											_t110 =  *((intOrPtr*)(_t146 + 0xc));
											 *(_t169 - 0x2c) = _t110;
											_t137 =  *((intOrPtr*)(_t146 + 0xe));
											 *(_t169 - 0x30) = _t137;
											 *(_t169 - 4) = 0xfffffffe;
											if(_t110 != 0 || _t137 != 0) {
												if(_t146 + ((_t137 & 0x0000ffff) + (_t110 & 0x0000ffff)) * 8 > _t167) {
													goto L52;
												}
												goto L28;
											} else {
												 *(_t169 - 0x1c) = 0xc000008a;
												goto L29;
											}
										}
										L17:
										_t106 = _t165 + _t125;
										if(_t106 < _t125) {
											_t146 = _t144 | 0xffffffff;
										} else {
											_t146 = _t106;
										}
										if(_t106 < _t125) {
											goto L44;
										} else {
											_t157 =  *(_t169 + 0x10);
											goto L21;
										}
									}
								}
							}
							_t141 = 0x38;
							memcpy(_t169 - 0x13c, _t97, _t141 << 2);
							_t135 =  *((intOrPtr*)(_t169 - 0x1d));
							goto L12;
						}
					}
				}
				L1:
				_t88 = 0x7ffe0385;
				goto L2;
			}

































                            0x01387620
                            0x01387625
                            0x0138762a
                            0x0138762f
                            0x01387633
                            0x01387639
                            0x0138763a
                            0x01387640
                            0x01387641
                            0x01387645
                            0x0138764e
                            0x0138764f
                            0x01387653
                            0x01387657
                            0x01387664
                            0x01387669
                            0x013c87b9
                            0x00000000
                            0x00000000
                            0x013c87c8
                            0x01387674
                            0x01387677
                            0x013c87d2
                            0x013c87d7
                            0x013c87de
                            0x013c87f0
                            0x013c87e0
                            0x013c87e9
                            0x013c87e9
                            0x013c87f8
                            0x0138767d
                            0x0138767d
                            0x0138767d
                            0x01387682
                            0x01387687
                            0x013c88b5
                            0x00000000
                            0x013876a1
                            0x013876a4
                            0x013876a8
                            0x013876ab
                            0x013876ae
                            0x013876ae
                            0x013876b0
                            0x013876b0
                            0x013876b3
                            0x013876bd
                            0x013876be
                            0x013876c0
                            0x013876c3
                            0x013876c6
                            0x013876ca
                            0x013876d2
                            0x013877fa
                            0x013877ff
                            0x013876d8
                            0x013876d8
                            0x013876dc
                            0x013876df
                            0x013876df
                            0x013876e2
                            0x013876ed
                            0x01387859
                            0x013c8841
                            0x013c8848
                            0x013877d8
                            0x013877d8
                            0x013877e3
                            0x013877e8
                            0x013c8873
                            0x013c8882
                            0x013c8882
                            0x013c8873
                            0x013877f1
                            0x013c8894
                            0x013c889f
                            0x013c889f
                            0x013c88ab
                            0x013c88ab
                            0x013877f7
                            0x00000000
                            0x013877f7
                            0x01387861
                            0x0138786a
                            0x0138786c
                            0x01387703
                            0x01387705
                            0x0138770b
                            0x01387873
                            0x01387873
                            0x01387714
                            0x01387841
                            0x01387841
                            0x00000000
                            0x0138771a
                            0x0138771c
                            0x01387722
                            0x0138787e
                            0x0138787e
                            0x0138772a
                            0x00000000
                            0x01387730
                            0x01387734
                            0x01387808
                            0x00000000
                            0x00000000
                            0x0138780e
                            0x01387823
                            0x0138782a
                            0x01387889
                            0x01387889
                            0x01387848
                            0x01387848
                            0x013877d3
                            0x013877d3
                            0x00000000
                            0x013877d3
                            0x01387830
                            0x00000000
                            0x00000000
                            0x0138783a
                            0x01387752
                            0x01387752
                            0x01387755
                            0x0138775e
                            0x013c8835
                            0x00000000
                            0x013c8835
                            0x01387766
                            0x013877c2
                            0x013877c5
                            0x013877cd
                            0x013877cf
                            0x00000000
                            0x013877cf
                            0x0138776a
                            0x013c880a
                            0x013c880a
                            0x00000000
                            0x013c880a
                            0x01387776
                            0x0138777d
                            0x00000000
                            0x00000000
                            0x01387783
                            0x0138778a
                            0x0138778e
                            0x01387792
                            0x01387796
                            0x0138779a
                            0x013877a4
                            0x013877bc
                            0x00000000
                            0x00000000
                            0x00000000
                            0x013c8816
                            0x013c8816
                            0x00000000
                            0x013c8816
                            0x013877a4
                            0x0138773a
                            0x0138773a
                            0x0138773f
                            0x013c8802
                            0x01387745
                            0x01387745
                            0x01387745
                            0x01387749
                            0x00000000
                            0x0138774f
                            0x0138774f
                            0x00000000
                            0x0138774f
                            0x01387749
                            0x0138772a
                            0x01387714
                            0x013876f5
                            0x013876fe
                            0x01387700
                            0x00000000
                            0x01387700
                            0x013876d2
                            0x01387687
                            0x0138766f
                            0x0138766f
                            0x00000000

                            Strings
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID: LdrpResGetResourceDirectory Enter$LdrpResGetResourceDirectory Exit$MUI${
                            • API String ID: 0-3203766739
                            • Opcode ID: 07ffcc28f57cdf01778d9926529f5b136114955f05e420b13024e49d81ac7c64
                            • Instruction ID: d871dfab989a724292032bcb03a876d83c27edce99f9ade25f77a64b0e5b5167
                            • Opcode Fuzzy Hash: 07ffcc28f57cdf01778d9926529f5b136114955f05e420b13024e49d81ac7c64
                            • Instruction Fuzzy Hash: 9981D131900319CBEB21EF58C8407BE7BB6BF0075CF284199E915AB6D0D7789E81CB91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0137D1EF Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                            Download Yara Rule
                            C-Code - Quality: 58%
                            			E0137D1EF(signed int __ecx) {
				signed int _v8;
				intOrPtr _v68;
				intOrPtr _v72;
				char _v76;
				char _v92;
				char _v100;
				char _v104;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t88;
				intOrPtr _t100;
				signed int _t121;
				void* _t122;
				signed char _t126;
				void* _t128;
				void* _t131;
				void* _t133;
				signed int _t136;
				signed int _t138;

				_t123 = __ecx;
				_t138 = (_t136 & 0xfffffff8) - 0x64;
				_t83 =  *0x144d360 ^ _t138;
				_v8 =  *0x144d360 ^ _t138;
				_t121 = __ecx;
				if(__ecx == 0) {
					L15:
					_pop(_t128);
					_pop(_t133);
					_pop(_t122);
					return E0139B640(_t83, _t122, _v8 ^ _t138, _t126, _t128, _t133);
				} else {
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					_v104 = 0;
					_v100 = 0;
					_t88 = E0139F380( *[fs:0x18] + 0x19c,  &_v104, 8);
					_t138 = _t138 + 0xc;
					if(_t88 != 0) {
						_push(8);
						_push( &_v104);
						_push(0x2c);
						_push(0xfffffffe);
						if(E013995B0() >= 0) {
							_t123 =  *[fs:0x18];
							 *((intOrPtr*)(_t123 + 0x19c)) = _v104;
							 *((intOrPtr*)(_t123 + 0x1a0)) = _v100;
						}
					}
					if(( *(_t121 + 0x28) & 0x00000001) != 0) {
						if(( *(_t121 + 0x38) & 0x00000001) == 0) {
							_t123 = _t121;
							L013720A0(_t121);
							 *(_t121 + 0x28) =  *(_t121 + 0x28) & 0x000000fe;
						}
					}
					if( *((intOrPtr*)(_t121 + 0x2c)) != 0) {
						if(( *(_t121 + 0x38) & 0x00000002) == 0) {
							E01353E80(0);
							 *((intOrPtr*)(_t121 + 0x2c)) = 0;
						}
					}
					_t83 =  *(_t121 + 0x48);
					if(_t83 != 0 && ( *(_t83 + 0x10c) & 0x00000001) == 0) {
						_t83 =  *[fs:0x18];
						_t131 = 0x50;
						if( *((intOrPtr*)( *[fs:0x18] + 0xf9c)) != 0) {
							if(( *(_t121 + 0x38) & 0x00000004) == 0) {
								E0139FA60( &_v92, 0, _t131);
								_t138 = _t138 + 0xc;
								_v72 =  *((intOrPtr*)(_t121 + 0x30));
								_v68 =  *((intOrPtr*)(_t121 + 0x34));
								_push( &_v92);
								_v92 = 0xc0000710;
								_v76 = 2;
								E013ADEF0(_t123, _t126);
								_push(4);
								_v100 = 0;
								_push( &_v100);
								_push(5);
								_push(0xfffffffe);
								_t83 = E013995B0();
							}
						}
						_t126 =  *(_t121 + 0x38);
						if((_t126 & 0x00000010) == 0 && E0137D8FC() != 0) {
							_push( *((intOrPtr*)(_t121 + 0x34)));
							E013E5720(0x54, 0, "ThreadPool: callback %p(%p) returned with a transaction uncleared\n",  *((intOrPtr*)(_t121 + 0x30)));
							E0139FA60( &_v92, 0, _t131);
							_t138 = _t138 + 0x20;
							_v92 = 0xc000071d;
							_v76 = 0;
							_push( &_v92);
							_t83 = E013ADEF0(_t123, _t126);
							_t126 =  *(_t121 + 0x38);
						}
						if((_t126 & 0x00000020) == 0) {
							_t123 =  *[fs:0x18];
							_t100 =  *((intOrPtr*)( *[fs:0x30] + 0xa0));
							_t83 =  *(_t100 + 0xc);
							if( *(_t100 + 0xc) ==  *((intOrPtr*)( *[fs:0x18] + 0x24))) {
								_push( *((intOrPtr*)(_t121 + 0x34)));
								E013E5720(0x54, 0, "ThreadPool: callback %p(%p) returned with the loader lock held\n",  *((intOrPtr*)(_t121 + 0x30)));
								E0139FA60( &_v92, 0, _t131);
								_t138 = _t138 + 0x20;
								_v92 = 0xc000071e;
								_v76 = 0;
								_push( &_v92);
								_t83 = E013ADEF0(_t123, _t126);
								_t126 =  *(_t121 + 0x38);
							}
						}
						if((_t126 & 0x00000040) == 0) {
							_t83 =  *[fs:0x18];
							if( *((intOrPtr*)( *[fs:0x18] + 0xfb8)) != 0) {
								_push( *((intOrPtr*)(_t121 + 0x34)));
								E013E5720(0x54, 0, "ThreadPool: callback %p(%p) returned with preferred languages set\n",  *((intOrPtr*)(_t121 + 0x30)));
								E0139FA60( &_v92, 0, _t131);
								_t138 = _t138 + 0x20;
								_v92 = 0xc000071f;
								_v76 = 0;
								_push( &_v92);
								_t83 = E013ADEF0(_t123, _t126);
								_t126 =  *(_t121 + 0x38);
							}
						}
						if(_t126 >= 0) {
							_t83 =  *[fs:0x18];
							if( *((intOrPtr*)( *[fs:0x18] + 0xf88)) != 0) {
								_push( *((intOrPtr*)(_t121 + 0x34)));
								E013E5720(0x54, 0, "ThreadPool: callback %p(%p) returned with background priorities set\n",  *((intOrPtr*)(_t121 + 0x30)));
								E0139FA60( &_v92, 0, _t131);
								_t138 = _t138 + 0x20;
								_v92 = 0xc0000720;
								_v76 = 0;
								_push( &_v92);
								_t83 = E013ADEF0(_t123, _t126);
							}
						}
					}
					goto L15;
				}
			}
























                            0x0137d1ef
                            0x0137d1f7
                            0x0137d1ff
                            0x0137d201
                            0x0137d206
                            0x0137d20c
                            0x0137d2f8
                            0x0137d2fc
                            0x0137d2fd
                            0x0137d2fe
                            0x0137d309
                            0x0137d212
                            0x0137d232
                            0x0137d239
                            0x0137d23a
                            0x0137d23b
                            0x0137d23e
                            0x0137d242
                            0x0137d246
                            0x0137d24b
                            0x0137d250
                            0x013c3380
                            0x013c3386
                            0x013c3387
                            0x013c3389
                            0x013c3392
                            0x013c3398
                            0x013c33a3
                            0x013c33ad
                            0x013c33ad
                            0x013c3392
                            0x0137d25a
                            0x013c33bc
                            0x013c33c2
                            0x013c33c4
                            0x013c33c9
                            0x013c33c9
                            0x013c33bc
                            0x0137d263
                            0x013c33d6
                            0x013c33dd
                            0x013c33e2
                            0x013c33e2
                            0x013c33d6
                            0x0137d269
                            0x0137d26e
                            0x0137d27d
                            0x0137d285
                            0x0137d28c
                            0x013c33ee
                            0x013c33fb
                            0x013c3403
                            0x013c3406
                            0x013c340d
                            0x013c3415
                            0x013c3416
                            0x013c341e
                            0x013c3426
                            0x013c342b
                            0x013c3431
                            0x013c3435
                            0x013c3436
                            0x013c3438
                            0x013c343a
                            0x013c343a
                            0x013c33ee
                            0x0137d292
                            0x0137d298
                            0x013c3444
                            0x013c3452
                            0x013c3461
                            0x013c3466
                            0x013c3469
                            0x013c3475
                            0x013c3479
                            0x013c347a
                            0x013c347f
                            0x013c347f
                            0x0137d2aa
                            0x0137d2b2
                            0x0137d2b9
                            0x0137d2bf
                            0x0137d2c5
                            0x013c3487
                            0x013c3495
                            0x013c34a4
                            0x013c34a9
                            0x013c34ac
                            0x013c34b8
                            0x013c34bc
                            0x013c34bd
                            0x013c34c2
                            0x013c34c2
                            0x0137d2c5
                            0x0137d2ce
                            0x0137d2d0
                            0x0137d2dc
                            0x013c34ca
                            0x013c34d8
                            0x013c34e7
                            0x013c34ec
                            0x013c34ef
                            0x013c34fb
                            0x013c34ff
                            0x013c3500
                            0x013c3505
                            0x013c3505
                            0x0137d2dc
                            0x0137d2e4
                            0x0137d2e6
                            0x0137d2f2
                            0x013c350d
                            0x013c351b
                            0x013c352a
                            0x013c352f
                            0x013c3532
                            0x013c353e
                            0x013c3542
                            0x013c3543
                            0x013c3543
                            0x0137d2f2
                            0x0137d2e4
                            0x00000000
                            0x0137d26e

                            Strings
                            • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 013C34D0
                            • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 013C348D
                            • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 013C3513
                            • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 013C344A
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                            • API String ID: 0-1468400865
                            • Opcode ID: ee8bd2a0f9c3c8b99092de03f559a2f6d709ae620533acfb509bb145a186e993
                            • Instruction ID: 4969b7c158b24f193e0760760dce1004b2ad5e5c615169dc08952c392e8febde
                            • Opcode Fuzzy Hash: ee8bd2a0f9c3c8b99092de03f559a2f6d709ae620533acfb509bb145a186e993
                            • Instruction Fuzzy Hash: 7571B1B19043059FCB21DF98C884F977FA8EF55BA8F404468F9498B642D738D589CBD2
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0137A229 Relevance: 5.2, Strings: 4, Instructions: 183COMMON
                            Download Yara Rule
                            C-Code - Quality: 69%
                            			E0137A229(void* __ecx, void* __edx) {
				signed int _v20;
				char _v24;
				char _v28;
				void* _v44;
				void* _v48;
				void* _v56;
				void* _v60;
				void* __ebx;
				signed int _t55;
				signed int _t57;
				void* _t61;
				intOrPtr _t62;
				void* _t65;
				void* _t71;
				signed char* _t74;
				intOrPtr _t75;
				signed char* _t80;
				intOrPtr _t81;
				void* _t82;
				signed char* _t85;
				signed char _t91;
				void* _t103;
				void* _t105;
				void* _t121;
				void* _t129;
				signed int _t131;
				void* _t133;

				_t105 = __ecx;
				_t133 = (_t131 & 0xfffffff8) - 0x1c;
				_t103 = __edx;
				_t129 = __ecx;
				E0137DF24(__edx,  &_v28, _t133);
				_t55 =  *(_t129 + 0x40) & 0x00040000;
				asm("sbb edi, edi");
				_t121 = ( ~_t55 & 0x0000003c) + 4;
				if(_t55 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t129);
					_push(0xffffffff);
					_t57 = E01399730();
					__eflags = _t57;
					if(_t57 < 0) {
						L17:
						_push(_t105);
						E0141A80D(_t129, 1, _v20, 0);
						_t121 = 4;
						goto L1;
					}
					__eflags = _v20 & 0x00000060;
					if((_v20 & 0x00000060) == 0) {
						goto L17;
					}
					__eflags = _v24 - _t129;
					if(_v24 == _t129) {
						goto L1;
					}
					goto L17;
				}
				L1:
				_push(_t121);
				_push(0x1000);
				_push(_t133 + 0x14);
				_push(0);
				_push(_t133 + 0x20);
				_push(0xffffffff);
				_t61 = E01399660();
				_t122 = _t61;
				if(_t61 < 0) {
					_t62 =  *[fs:0x30];
					 *((intOrPtr*)(_t129 + 0x218)) =  *((intOrPtr*)(_t129 + 0x218)) + 1;
					__eflags =  *(_t62 + 0xc);
					if( *(_t62 + 0xc) == 0) {
						_push("HEAP: ");
						E0135B150();
					} else {
						E0135B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push( *((intOrPtr*)(_t133 + 0xc)));
					_push( *((intOrPtr*)(_t133 + 0x14)));
					_push(_t129);
					E0135B150("ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)\n", _t122);
					_t65 = 0;
					L13:
					return _t65;
				}
				_t71 = E01377D50();
				_t124 = 0x7ffe0380;
				if(_t71 != 0) {
					_t74 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				} else {
					_t74 = 0x7ffe0380;
				}
				if( *_t74 != 0) {
					_t75 =  *[fs:0x30];
					__eflags =  *(_t75 + 0x240) & 0x00000001;
					if(( *(_t75 + 0x240) & 0x00000001) != 0) {
						E0141138A(_t103, _t129,  *((intOrPtr*)(_t133 + 0x10)),  *((intOrPtr*)(_t133 + 0x10)), 8);
					}
				}
				 *((intOrPtr*)(_t129 + 0x230)) =  *((intOrPtr*)(_t129 + 0x230)) - 1;
				 *((intOrPtr*)(_t129 + 0x234)) =  *((intOrPtr*)(_t129 + 0x234)) -  *((intOrPtr*)(_t133 + 0xc));
				if(E01377D50() != 0) {
					_t80 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				} else {
					_t80 = _t124;
				}
				if( *_t80 != 0) {
					_t81 =  *[fs:0x30];
					__eflags =  *(_t81 + 0x240) & 0x00000001;
					if(( *(_t81 + 0x240) & 0x00000001) != 0) {
						__eflags = E01377D50();
						if(__eflags != 0) {
							_t124 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
						}
						E01411582(_t103, _t129,  *((intOrPtr*)(_t133 + 0x10)), __eflags,  *((intOrPtr*)(_t133 + 0x14)),  *(_t129 + 0x74) << 3,  *_t124 & 0x000000ff);
					}
				}
				_t82 = E01377D50();
				_t125 = 0x7ffe038a;
				if(_t82 != 0) {
					_t85 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
				} else {
					_t85 = 0x7ffe038a;
				}
				if( *_t85 != 0) {
					__eflags = E01377D50();
					if(__eflags != 0) {
						_t125 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
						__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
					}
					E01411582(_t103, _t129,  *((intOrPtr*)(_t133 + 0x10)), __eflags,  *((intOrPtr*)(_t133 + 0x14)),  *(_t129 + 0x74) << 3,  *_t125 & 0x000000ff);
				}
				 *((intOrPtr*)(_t129 + 0x20c)) =  *((intOrPtr*)(_t129 + 0x20c)) + 1;
				_t91 =  *(_t103 + 2);
				if((_t91 & 0x00000004) != 0) {
					E013AD5E0( *((intOrPtr*)(_t133 + 0x18)),  *((intOrPtr*)(_t133 + 0x10)), 0xfeeefeee);
					_t91 =  *(_t103 + 2);
				}
				 *(_t103 + 2) = _t91 & 0x00000017;
				_t65 = 1;
				goto L13;
			}






























                            0x0137a229
                            0x0137a231
                            0x0137a23f
                            0x0137a242
                            0x0137a244
                            0x0137a24c
                            0x0137a255
                            0x0137a25a
                            0x0137a25f
                            0x013c1c76
                            0x013c1c78
                            0x013c1c7e
                            0x013c1c7f
                            0x013c1c81
                            0x013c1c82
                            0x013c1c84
                            0x013c1c89
                            0x013c1c8b
                            0x013c1c9e
                            0x013c1c9e
                            0x013c1cab
                            0x013c1cb2
                            0x00000000
                            0x013c1cb2
                            0x013c1c8d
                            0x013c1c92
                            0x00000000
                            0x00000000
                            0x013c1c94
                            0x013c1c98
                            0x00000000
                            0x00000000
                            0x00000000
                            0x013c1c98
                            0x0137a265
                            0x0137a265
                            0x0137a266
                            0x0137a26f
                            0x0137a270
                            0x0137a276
                            0x0137a277
                            0x0137a279
                            0x0137a27e
                            0x0137a282
                            0x013c1db5
                            0x013c1dbb
                            0x013c1dc1
                            0x013c1dc5
                            0x013c1de4
                            0x013c1de9
                            0x013c1dc7
                            0x013c1ddc
                            0x013c1de1
                            0x013c1def
                            0x013c1df3
                            0x013c1df7
                            0x013c1dfe
                            0x013c1e06
                            0x0137a302
                            0x0137a308
                            0x0137a308
                            0x0137a288
                            0x0137a28d
                            0x0137a294
                            0x013c1cc1
                            0x0137a29a
                            0x0137a29a
                            0x0137a29a
                            0x0137a29f
                            0x013c1ccb
                            0x013c1cd1
                            0x013c1cd8
                            0x013c1cea
                            0x013c1cea
                            0x013c1cd8
                            0x0137a2a9
                            0x0137a2af
                            0x0137a2bc
                            0x013c1cfd
                            0x0137a2c2
                            0x0137a2c2
                            0x0137a2c2
                            0x0137a2c7
                            0x013c1d07
                            0x013c1d0d
                            0x013c1d14
                            0x013c1d1f
                            0x013c1d21
                            0x013c1d2c
                            0x013c1d2c
                            0x013c1d2c
                            0x013c1d47
                            0x013c1d47
                            0x013c1d14
                            0x0137a2cd
                            0x0137a2d2
                            0x0137a2d9
                            0x013c1d5a
                            0x0137a2df
                            0x0137a2df
                            0x0137a2df
                            0x0137a2e4
                            0x013c1d69
                            0x013c1d6b
                            0x013c1d76
                            0x013c1d76
                            0x013c1d76
                            0x013c1d91
                            0x013c1d91
                            0x0137a2ea
                            0x0137a2f0
                            0x0137a2f5
                            0x013c1da8
                            0x013c1dad
                            0x013c1dad
                            0x0137a2fd
                            0x0137a300
                            0x00000000

                            Strings
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID: InitializeThunk
                            • String ID: HEAP: $HEAP[%wZ]: $ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)$`
                            • API String ID: 2994545307-2586055223
                            • Opcode ID: 1b8cdca15e87484cd263310f9ed9b028d58396322356d6648b80190c696ba2f9
                            • Instruction ID: 1d080f3921d948d4ddab6582512fe8b868b49d2063ee093a2922fe828a1fa7f1
                            • Opcode Fuzzy Hash: 1b8cdca15e87484cd263310f9ed9b028d58396322356d6648b80190c696ba2f9
                            • Instruction Fuzzy Hash: 6C5107322056819FE722EB6CC848F7B77E9FF84B58F080468F9518B292D739D900CB61
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 014149A4 Relevance: 5.1, Strings: 4, Instructions: 114COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID: InitializeThunk
                            • String ID: This is located in the %s field of the heap header.$HEAP: $HEAP[%wZ]: $Heap %p - headers modified (%p is %lx instead of %lx)
                            • API String ID: 2994545307-336120773
                            • Opcode ID: 1fc7bf173f07603668402f86727d00d9bf9b23b24ef0797419c0e6ba93ca186d
                            • Instruction ID: d9403cb10ddf31bdd13291c4b1e384c8605603ead0827b01e6508aa618568abc
                            • Opcode Fuzzy Hash: 1fc7bf173f07603668402f86727d00d9bf9b23b24ef0797419c0e6ba93ca186d
                            • Instruction Fuzzy Hash: 37310772200101EFDB50DBADC885F6777E9EF04BA8F194156F5059B3A5D770EA40CB58
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0135751A Relevance: 5.1, Strings: 4, Instructions: 101COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID: HEAP: $HEAP[%wZ]: $VirtualProtect Failed 0x%p %x$VirtualQuery Failed 0x%p %x
                            • API String ID: 0-1391187441
                            • Opcode ID: f8324d9edfc1d4c789975207a27335934ce86bb0104b7cb1f0aba007c8a4ecd2
                            • Instruction ID: 0c41b282f8b41c68b8c309b0f2430d22edb00006fd6c502bfcdbe7678120a647
                            • Opcode Fuzzy Hash: f8324d9edfc1d4c789975207a27335934ce86bb0104b7cb1f0aba007c8a4ecd2
                            • Instruction Fuzzy Hash: 6E312672A00248EFDB51DB59CC85FABBBB9EF44B28F144165FD14A7381E770E940CA60
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 01413518 Relevance: 5.1, Strings: 4, Instructions: 55COMMON
                            Download Yara Rule
                            C-Code - Quality: 66%
                            			E01413518(signed int* __ecx) {
				char _v8;
				void* _t11;
				signed int* _t34;

				_push(__ecx);
				_t34 = __ecx;
				if(__ecx !=  *((intOrPtr*)( *[fs:0x30] + 0x18))) {
					if(E013540E1("RtlDestroyHeap") == 0 || E01414496(__ecx, 0) == 0) {
						goto L5;
					} else {
						_t32 = __ecx + 0x80;
						 *((intOrPtr*)(__ecx + 0x60)) = 0;
						if( *((intOrPtr*)(__ecx + 0x80)) != 0) {
							_v8 = 0;
							E0138174B(_t32,  &_v8, 0x8000);
						}
						_t11 = 1;
					}
				} else {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push("HEAP: ");
						E0135B150();
					} else {
						E0135B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E0135B150("May not destroy the process heap at %p\n", _t34);
					L5:
					_t11 = 0;
				}
				return _t11;
			}






                            0x0141351d
                            0x01413525
                            0x0141352a
                            0x0141357d
                            0x00000000
                            0x0141358c
                            0x0141358e
                            0x01413594
                            0x01413599
                            0x0141359b
                            0x014135a7
                            0x014135a7
                            0x014135ac
                            0x014135ac
                            0x0141352c
                            0x01413536
                            0x01413555
                            0x0141355a
                            0x01413538
                            0x0141354d
                            0x01413552
                            0x01413566
                            0x0141356d
                            0x0141356d
                            0x0141356d
                            0x014135b2

                            Strings
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID: HEAP: $HEAP[%wZ]: $May not destroy the process heap at %p$RtlDestroyHeap
                            • API String ID: 0-4256168463
                            • Opcode ID: b6a2449a1c5e4a046b23eb7bc611d74e72f26950a6e4386776717b1e2ef48324
                            • Instruction ID: 816d9982094689cb47307eac5111f0c29fa392b23f0315139ccc9667f0d4ed53
                            • Opcode Fuzzy Hash: b6a2449a1c5e4a046b23eb7bc611d74e72f26950a6e4386776717b1e2ef48324
                            • Instruction Fuzzy Hash: B90149361102009FCB61EF7DC444FA6B3E9FF41E34F04845AE80A9B395DA70EA45CA54
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 013895EC Relevance: 4.7, APIs: 3, Instructions: 165timeCOMMON
                            Download Yara Rule
                            C-Code - Quality: 58%
                            			E013895EC(intOrPtr __ecx, signed int __edx, intOrPtr _a4) {
				intOrPtr _v0;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				char _v20;
				signed int _v24;
				intOrPtr _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t55;
				signed int _t59;
				signed int* _t62;
				void* _t68;
				intOrPtr _t86;
				void* _t90;
				signed int _t91;
				signed int _t92;
				signed int _t95;
				signed int _t111;
				signed int _t114;
				signed int _t116;

				_v8 =  *0x144d360 ^ _t116;
				_t114 = __edx;
				_v28 = __ecx;
				_v24 = 0;
				_v20 = 0;
				_t115 =  *((intOrPtr*)(__edx + 0x58));
				if(_t115 != 0) {
					_push( &_v20);
					_push(0);
					_push(0);
					E01393720(_t90, __edx, __edx, _t115, __eflags);
				}
				_t91 = _t114 + 0x8c;
				_t95 =  *_t91;
				do {
					_t111 = _t95;
					_t55 = _t95 >> 1;
					if(_t55 == 0) {
						_v16 = _v16 & 0x00000000;
						_v12 = _v12 & 0x00000000;
					} else {
						_v16 = 1;
						_v12 = 1;
						if((_t95 & 0x00000001 | _t55 * 0x00000002 - 0x00000002) < 2) {
							_v12 = _v12 & 0x00000000;
						}
					}
					asm("lock cmpxchg [ebx], ecx");
					_t95 = _t111;
				} while (_t95 != _t111);
				_t92 = _t91 | 0xffffffff;
				if(_t115 != 0) {
					__eflags = _v16;
					if(__eflags != 0) {
						__eflags = E0138EAA0(_t95, 0, _t115);
						if(__eflags >= 0) {
							_t86 = _v28;
							_t35 = _t86 + 0x50;
							 *_t35 =  *(_t86 + 0x50) | 0x00000100;
							__eflags =  *_t35;
							 *((intOrPtr*)(_t86 + 0x64)) = _t115;
						} else {
							_v16 = _v16 & 0x00000000;
							_v12 = _v12 & 0x00000000;
							_v24 = 1;
						}
					}
					_push(_v20);
					_push(0);
					E01394520(_t92, _t114, _t115, __eflags);
					__eflags = _v24;
					if(_v24 != 0) {
						_t113 = _t92;
						E01389ED0(_t114 + 0x20, _t92, 0);
						E01428450(_t114);
					}
				}
				if(_v12 != 0) {
					_push(2);
					asm("lock xadd [edi], eax");
					_t59 = E01377D50();
					__eflags = _t59;
					if(_t59 != 0) {
						_t62 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					} else {
						_t62 = 0x7ffe0386;
					}
					__eflags =  *_t62;
					if( *_t62 != 0) {
						E01428A62( *(_t114 + 0x5c), _t114 + 0x78,  *((intOrPtr*)(_t114 + 0x30)),  *((intOrPtr*)(_t114 + 0x34)),  *((intOrPtr*)(_t114 + 0x3c)));
					}
					_t113 =  *(_t114 + 0x5c);
					E01389702(_t92, _t114 + 0x78,  *(_t114 + 0x5c),  *((intOrPtr*)(_t114 + 0x74)), 0);
					asm("lock xadd [edi], eax");
					if(__eflags == 0) {
						_t115 =  *((intOrPtr*)( *((intOrPtr*)(_t114 + 4))));
						 *0x144b1e0(_t114);
						 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t114 + 4))))))();
					}
				}
				if(_a4 != 0) {
					_t113 = 0;
					__eflags = E0138992F(0);
					if(__eflags != 0) {
						 *((intOrPtr*)(_t114 + 0x70)) = _v0;
						asm("lock xadd [edi], eax");
						if(__eflags == 0) {
							_t115 =  *((intOrPtr*)( *((intOrPtr*)(_t114 + 4))));
							 *0x144b1e0(_t114);
							 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t114 + 4))))))();
						}
					}
				}
				if(_v16 == 0) {
					asm("lock xadd [edi], ebx");
					_t92 = _t92 - 1;
					__eflags = _t92;
					if(_t92 == 0) {
						_t115 =  *((intOrPtr*)( *((intOrPtr*)(_t114 + 4))));
						 *0x144b1e0(_t114);
						 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t114 + 4))))))();
					}
					_t68 = 0;
				} else {
					_t113 = _t114;
					E0137E63F(_v28, _t114);
					_t68 = 1;
				}
				return E0139B640(_t68, _t92, _v8 ^ _t116, _t113, _t114, _t115);
			}


























                            0x013895fb
                            0x01389601
                            0x01389603
                            0x01389608
                            0x0138960b
                            0x0138960e
                            0x01389613
                            0x013c967f
                            0x013c9680
                            0x013c9681
                            0x013c9682
                            0x013c9682
                            0x01389619
                            0x0138961f
                            0x01389621
                            0x01389623
                            0x01389625
                            0x01389627
                            0x013c968c
                            0x013c9690
                            0x0138962d
                            0x01389634
                            0x01389643
                            0x01389649
                            0x0138964b
                            0x0138964f
                            0x01389649
                            0x01389653
                            0x01389657
                            0x01389659
                            0x0138965d
                            0x01389662
                            0x013c969c
                            0x013c96a0
                            0x013c96aa
                            0x013c96ac
                            0x013c96bf
                            0x013c96c2
                            0x013c96c2
                            0x013c96c2
                            0x013c96c9
                            0x013c96ae
                            0x013c96ae
                            0x013c96b2
                            0x013c96b6
                            0x013c96b6
                            0x013c96ac
                            0x013c96cc
                            0x013c96cf
                            0x013c96d1
                            0x013c96d6
                            0x013c96da
                            0x013c96e5
                            0x013c96e7
                            0x013c96ed
                            0x013c96ed
                            0x013c96da
                            0x0138966c
                            0x0138969e
                            0x013896a1
                            0x013896a5
                            0x013896aa
                            0x013896ac
                            0x013c9700
                            0x013896b2
                            0x013896b2
                            0x013896b2
                            0x013896b9
                            0x013896bb
                            0x013c9719
                            0x013c9719
                            0x013896c1
                            0x013896cc
                            0x013896d3
                            0x013896d7
                            0x013c9727
                            0x013c972b
                            0x013c9731
                            0x013c9731
                            0x013896d7
                            0x01389672
                            0x013896de
                            0x013896e7
                            0x013896e9
                            0x013896ee
                            0x013896f3
                            0x013896f7
                            0x013c973c
                            0x013c9740
                            0x013c9746
                            0x013c9746
                            0x013896f7
                            0x013896e9
                            0x01389678
                            0x013c974d
                            0x013c9751
                            0x013c9751
                            0x013c9752
                            0x013c9758
                            0x013c975c
                            0x013c9762
                            0x013c9762
                            0x013c9764
                            0x0138967e
                            0x01389681
                            0x01389683
                            0x0138968a
                            0x0138968a
                            0x0138969b

                            APIs
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID: DebugPrintTimes
                            • String ID:
                            • API String ID: 3446177414-0
                            • Opcode ID: 9b90a5f463ece314b08cce4d20bd381ef85083d0ac587a6fd3e73e90e65054bb
                            • Instruction ID: a74ae7f161e939ee25802c13394b7dd1da22352317c4c8b601cb6bf432daf05e
                            • Opcode Fuzzy Hash: 9b90a5f463ece314b08cce4d20bd381ef85083d0ac587a6fd3e73e90e65054bb
                            • Instruction Fuzzy Hash: FC51CF31A0070AEFDB15EF68C844BBEBBB4BF9473CF014169D512976A0DB749910CB80
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 013799BF Relevance: 4.3, Strings: 3, Instructions: 572COMMONCrypto
                            Download Yara Rule
                            C-Code - Quality: 78%
                            			E013799BF(signed int __ecx, signed short* __edx, signed int* _a4, signed int _a8) {
				char _v5;
				signed int _v12;
				signed int _v16;
				signed short _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed short _t186;
				intOrPtr _t187;
				signed short _t190;
				signed int _t196;
				signed short _t197;
				intOrPtr _t203;
				signed int _t207;
				signed int _t210;
				signed short _t215;
				intOrPtr _t216;
				signed short _t219;
				signed int _t221;
				signed short _t222;
				intOrPtr _t228;
				signed int _t232;
				signed int _t235;
				signed int _t250;
				signed short _t251;
				intOrPtr _t252;
				signed short _t254;
				intOrPtr _t255;
				signed int _t258;
				signed int _t259;
				signed short _t262;
				intOrPtr _t271;
				signed int _t279;
				signed int _t282;
				signed int _t284;
				signed int _t286;
				intOrPtr _t292;
				signed int _t296;
				signed int _t299;
				signed int _t307;
				signed int* _t309;
				signed short* _t311;
				signed short* _t313;
				signed char _t314;
				intOrPtr _t316;
				signed int _t323;
				signed char _t328;
				signed short* _t330;
				signed char _t331;
				intOrPtr _t335;
				signed int _t342;
				signed char _t347;
				signed short* _t348;
				signed short* _t350;
				signed short _t352;
				signed char _t354;
				intOrPtr _t357;
				intOrPtr* _t364;
				signed char _t365;
				intOrPtr _t366;
				signed int _t373;
				signed char _t378;
				signed int* _t381;
				signed int _t382;
				signed short _t384;
				signed int _t386;
				unsigned int _t390;
				signed int _t393;
				signed int* _t394;
				unsigned int _t398;
				signed short _t400;
				signed short _t402;
				signed int _t404;
				signed int _t407;
				unsigned int _t411;
				signed short* _t414;
				signed int _t415;
				signed short* _t419;
				signed int* _t420;
				void* _t421;

				_t414 = __edx;
				_t307 = __ecx;
				_t419 = __edx - (( *(__edx + 4) & 0x0000ffff ^  *(__ecx + 0x54) & 0x0000ffff) << 3);
				if(_t419 == __edx || (( *(__ecx + 0x4c) >> 0x00000014 &  *(__ecx + 0x52) ^ _t419[1]) & 0x00000001) != 0) {
					_v5 = _a8;
					L3:
					_t381 = _a4;
					goto L4;
				} else {
					__eflags =  *(__ecx + 0x4c);
					if( *(__ecx + 0x4c) != 0) {
						_t411 =  *(__ecx + 0x50) ^  *_t419;
						 *_t419 = _t411;
						_t378 = _t411 >> 0x00000010 ^ _t411 >> 0x00000008 ^ _t411;
						__eflags = _t411 >> 0x18 - _t378;
						if(__eflags != 0) {
							_push(_t378);
							E0140FA2B(__ecx, __ecx, _t419, __edx, _t419, __eflags);
						}
					}
					_t250 = _a8;
					_v5 = _t250;
					__eflags = _t250;
					if(_t250 != 0) {
						_t400 = _t414[6];
						_t53 =  &(_t414[4]); // -16
						_t348 = _t53;
						_t251 =  *_t348;
						_v12 = _t251;
						_v16 = _t400;
						_t252 =  *((intOrPtr*)(_t251 + 4));
						__eflags =  *_t400 - _t252;
						if( *_t400 != _t252) {
							L49:
							_push(_t348);
							_push( *_t400);
							E0141A80D(_t307, 0xd, _t348, _t252);
							L50:
							_v5 = 0;
							goto L11;
						}
						__eflags =  *_t400 - _t348;
						if( *_t400 != _t348) {
							goto L49;
						}
						 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t414 & 0x0000ffff);
						_t407 =  *(_t307 + 0xb4);
						__eflags = _t407;
						if(_t407 == 0) {
							L36:
							_t364 = _v16;
							_t282 = _v12;
							 *_t364 = _t282;
							 *((intOrPtr*)(_t282 + 4)) = _t364;
							__eflags = _t414[1] & 0x00000008;
							if((_t414[1] & 0x00000008) == 0) {
								L39:
								_t365 = _t414[1];
								__eflags = _t365 & 0x00000004;
								if((_t365 & 0x00000004) != 0) {
									_t284 = ( *_t414 & 0x0000ffff) * 8 - 0x10;
									_v12 = _t284;
									__eflags = _t365 & 0x00000002;
									if((_t365 & 0x00000002) != 0) {
										__eflags = _t284 - 4;
										if(_t284 > 4) {
											_t284 = _t284 - 4;
											__eflags = _t284;
											_v12 = _t284;
										}
									}
									_t78 =  &(_t414[8]); // -8
									_t286 = E013AD540(_t78, _t284, 0xfeeefeee);
									_v16 = _t286;
									__eflags = _t286 - _v12;
									if(_t286 != _v12) {
										_t366 =  *[fs:0x30];
										__eflags =  *(_t366 + 0xc);
										if( *(_t366 + 0xc) == 0) {
											_push("HEAP: ");
											E0135B150();
										} else {
											E0135B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
										}
										_push(_v16 + 0x10 + _t414);
										E0135B150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t414);
										_t292 =  *[fs:0x30];
										_t421 = _t421 + 0xc;
										__eflags =  *((char*)(_t292 + 2));
										if( *((char*)(_t292 + 2)) != 0) {
											 *0x1446378 = 1;
											asm("int3");
											 *0x1446378 = 0;
										}
									}
								}
								goto L50;
							}
							_t296 = E0137A229(_t307, _t414);
							__eflags = _t296;
							if(_t296 != 0) {
								goto L39;
							} else {
								E0137A309(_t307, _t414,  *_t414 & 0x0000ffff, 1);
								goto L50;
							}
						} else {
							_t373 =  *_t414 & 0x0000ffff;
							while(1) {
								__eflags = _t373 -  *((intOrPtr*)(_t407 + 4));
								if(_t373 <  *((intOrPtr*)(_t407 + 4))) {
									_t301 = _t373;
									break;
								}
								_t299 =  *_t407;
								__eflags = _t299;
								if(_t299 == 0) {
									_t301 =  *((intOrPtr*)(_t407 + 4)) - 1;
									__eflags =  *((intOrPtr*)(_t407 + 4)) - 1;
									break;
								} else {
									_t407 = _t299;
									continue;
								}
							}
							_t62 =  &(_t414[4]); // -16
							E0137BC04(_t307, _t407, 1, _t62, _t301, _t373);
							goto L36;
						}
					}
					L11:
					_t402 = _t419[6];
					_t25 =  &(_t419[4]); // -16
					_t350 = _t25;
					_t254 =  *_t350;
					_v12 = _t254;
					_v20 = _t402;
					_t255 =  *((intOrPtr*)(_t254 + 4));
					__eflags =  *_t402 - _t255;
					if( *_t402 != _t255) {
						L61:
						_push(_t350);
						_push( *_t402);
						E0141A80D(_t307, 0xd, _t350, _t255);
						goto L3;
					}
					__eflags =  *_t402 - _t350;
					if( *_t402 != _t350) {
						goto L61;
					}
					 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t419 & 0x0000ffff);
					_t404 =  *(_t307 + 0xb4);
					__eflags = _t404;
					if(_t404 == 0) {
						L20:
						_t352 = _v20;
						_t258 = _v12;
						 *_t352 = _t258;
						 *(_t258 + 4) = _t352;
						__eflags = _t419[1] & 0x00000008;
						if((_t419[1] & 0x00000008) != 0) {
							_t259 = E0137A229(_t307, _t419);
							__eflags = _t259;
							if(_t259 != 0) {
								goto L21;
							} else {
								E0137A309(_t307, _t419,  *_t419 & 0x0000ffff, 1);
								goto L3;
							}
						}
						L21:
						_t354 = _t419[1];
						__eflags = _t354 & 0x00000004;
						if((_t354 & 0x00000004) != 0) {
							_t415 = ( *_t419 & 0x0000ffff) * 8 - 0x10;
							__eflags = _t354 & 0x00000002;
							if((_t354 & 0x00000002) != 0) {
								__eflags = _t415 - 4;
								if(_t415 > 4) {
									_t415 = _t415 - 4;
									__eflags = _t415;
								}
							}
							_t91 =  &(_t419[8]); // -8
							_t262 = E013AD540(_t91, _t415, 0xfeeefeee);
							_v20 = _t262;
							__eflags = _t262 - _t415;
							if(_t262 != _t415) {
								_t357 =  *[fs:0x30];
								__eflags =  *(_t357 + 0xc);
								if( *(_t357 + 0xc) == 0) {
									_push("HEAP: ");
									E0135B150();
								} else {
									E0135B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push(_v20 + 0x10 + _t419);
								E0135B150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t419);
								_t271 =  *[fs:0x30];
								_t421 = _t421 + 0xc;
								__eflags =  *((char*)(_t271 + 2));
								if( *((char*)(_t271 + 2)) != 0) {
									 *0x1446378 = 1;
									asm("int3");
									 *0x1446378 = 0;
								}
							}
						}
						_t381 = _a4;
						_t414 = _t419;
						_t419[1] = 0;
						_t419[3] = 0;
						 *_t381 =  *_t381 + ( *_t419 & 0x0000ffff);
						 *_t419 =  *_t381;
						 *(_t419 + 4 +  *_t381 * 8) =  *_t381 ^  *(_t307 + 0x54);
						L4:
						_t420 = _t414 +  *_t381 * 8;
						if( *(_t307 + 0x4c) == 0) {
							L6:
							while((( *(_t307 + 0x4c) >> 0x00000014 &  *(_t307 + 0x52) ^ _t420[0]) & 0x00000001) == 0) {
								__eflags =  *(_t307 + 0x4c);
								if( *(_t307 + 0x4c) != 0) {
									_t390 =  *(_t307 + 0x50) ^  *_t420;
									 *_t420 = _t390;
									_t328 = _t390 >> 0x00000010 ^ _t390 >> 0x00000008 ^ _t390;
									__eflags = _t390 >> 0x18 - _t328;
									if(__eflags != 0) {
										_push(_t328);
										E0140FA2B(_t307, _t307, _t420, _t414, _t420, __eflags);
									}
								}
								__eflags = _v5;
								if(_v5 == 0) {
									L94:
									_t382 = _t420[3];
									_t137 =  &(_t420[2]); // -16
									_t309 = _t137;
									_t186 =  *_t309;
									_v20 = _t186;
									_v16 = _t382;
									_t187 =  *((intOrPtr*)(_t186 + 4));
									__eflags =  *_t382 - _t187;
									if( *_t382 != _t187) {
										L63:
										_push(_t309);
										_push( *_t382);
										_push(_t187);
										_push(_t309);
										_push(0xd);
										L64:
										E0141A80D(_t307);
										continue;
									}
									__eflags =  *_t382 - _t309;
									if( *_t382 != _t309) {
										goto L63;
									}
									 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t420 & 0x0000ffff);
									_t393 =  *(_t307 + 0xb4);
									__eflags = _t393;
									if(_t393 == 0) {
										L104:
										_t330 = _v16;
										_t190 = _v20;
										 *_t330 = _t190;
										 *(_t190 + 4) = _t330;
										__eflags = _t420[0] & 0x00000008;
										if((_t420[0] & 0x00000008) == 0) {
											L107:
											_t331 = _t420[0];
											__eflags = _t331 & 0x00000004;
											if((_t331 & 0x00000004) != 0) {
												_t196 = ( *_t420 & 0x0000ffff) * 8 - 0x10;
												_v12 = _t196;
												__eflags = _t331 & 0x00000002;
												if((_t331 & 0x00000002) != 0) {
													__eflags = _t196 - 4;
													if(_t196 > 4) {
														_t196 = _t196 - 4;
														__eflags = _t196;
														_v12 = _t196;
													}
												}
												_t162 =  &(_t420[4]); // -8
												_t197 = E013AD540(_t162, _t196, 0xfeeefeee);
												_v20 = _t197;
												__eflags = _t197 - _v12;
												if(_t197 != _v12) {
													_t335 =  *[fs:0x30];
													__eflags =  *(_t335 + 0xc);
													if( *(_t335 + 0xc) == 0) {
														_push("HEAP: ");
														E0135B150();
													} else {
														E0135B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
													}
													_push(_v20 + 0x10 + _t420);
													E0135B150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t420);
													_t203 =  *[fs:0x30];
													__eflags =  *((char*)(_t203 + 2));
													if( *((char*)(_t203 + 2)) != 0) {
														 *0x1446378 = 1;
														asm("int3");
														 *0x1446378 = 0;
													}
												}
											}
											_t394 = _a4;
											_t414[1] = 0;
											_t414[3] = 0;
											 *_t394 =  *_t394 + ( *_t420 & 0x0000ffff);
											 *_t414 =  *_t394;
											 *(_t414 + 4 +  *_t394 * 8) =  *_t394 ^  *(_t307 + 0x54);
											break;
										}
										_t207 = E0137A229(_t307, _t420);
										__eflags = _t207;
										if(_t207 != 0) {
											goto L107;
										}
										E0137A309(_t307, _t420,  *_t420 & 0x0000ffff, 1);
										continue;
									}
									_t342 =  *_t420 & 0x0000ffff;
									while(1) {
										__eflags = _t342 -  *((intOrPtr*)(_t393 + 4));
										if(_t342 <  *((intOrPtr*)(_t393 + 4))) {
											break;
										}
										_t210 =  *_t393;
										__eflags = _t210;
										if(_t210 == 0) {
											_t212 =  *((intOrPtr*)(_t393 + 4)) - 1;
											__eflags =  *((intOrPtr*)(_t393 + 4)) - 1;
											L103:
											_t146 =  &(_t420[2]); // -16
											E0137BC04(_t307, _t393, 1, _t146, _t212, _t342);
											goto L104;
										}
										_t393 = _t210;
									}
									_t212 = _t342;
									goto L103;
								} else {
									_t384 = _t414[6];
									_t102 =  &(_t414[4]); // -16
									_t311 = _t102;
									_t215 =  *_t311;
									_v20 = _t215;
									_v16 = _t384;
									_t216 =  *((intOrPtr*)(_t215 + 4));
									__eflags =  *_t384 - _t216;
									if( *_t384 != _t216) {
										L92:
										_push(_t311);
										_push( *_t384);
										E0141A80D(_t307, 0xd, _t311, _t216);
										L93:
										_v5 = 0;
										goto L94;
									}
									__eflags =  *_t384 - _t311;
									if( *_t384 != _t311) {
										goto L92;
									}
									 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t414 & 0x0000ffff);
									_t386 =  *(_t307 + 0xb4);
									__eflags = _t386;
									if(_t386 == 0) {
										L79:
										_t313 = _v16;
										_t219 = _v20;
										 *_t313 = _t219;
										 *(_t219 + 4) = _t313;
										__eflags = _t414[1] & 0x00000008;
										if((_t414[1] & 0x00000008) == 0) {
											L82:
											_t314 = _t414[1];
											__eflags = _t314 & 0x00000004;
											if((_t314 & 0x00000004) != 0) {
												_t221 = ( *_t414 & 0x0000ffff) * 8 - 0x10;
												_v12 = _t221;
												__eflags = _t314 & 0x00000002;
												if((_t314 & 0x00000002) != 0) {
													__eflags = _t221 - 4;
													if(_t221 > 4) {
														_t221 = _t221 - 4;
														__eflags = _t221;
														_v12 = _t221;
													}
												}
												_t127 =  &(_t414[8]); // -8
												_t222 = E013AD540(_t127, _t221, 0xfeeefeee);
												_v20 = _t222;
												__eflags = _t222 - _v12;
												if(_t222 != _v12) {
													_t316 =  *[fs:0x30];
													__eflags =  *(_t316 + 0xc);
													if( *(_t316 + 0xc) == 0) {
														_push("HEAP: ");
														E0135B150();
													} else {
														E0135B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
													}
													_push(_v20 + 0x10 + _t414);
													E0135B150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t414);
													_t228 =  *[fs:0x30];
													_t421 = _t421 + 0xc;
													__eflags =  *((char*)(_t228 + 2));
													if( *((char*)(_t228 + 2)) != 0) {
														 *0x1446378 = 1;
														asm("int3");
														 *0x1446378 = 0;
													}
												}
											}
											goto L93;
										}
										_t232 = E0137A229(_t307, _t414);
										__eflags = _t232;
										if(_t232 != 0) {
											goto L82;
										}
										E0137A309(_t307, _t414,  *_t414 & 0x0000ffff, 1);
										goto L93;
									}
									_t323 =  *_t414 & 0x0000ffff;
									while(1) {
										__eflags = _t323 -  *((intOrPtr*)(_t386 + 4));
										if(_t323 <  *((intOrPtr*)(_t386 + 4))) {
											break;
										}
										_t235 =  *_t386;
										__eflags = _t235;
										if(_t235 == 0) {
											_t237 =  *((intOrPtr*)(_t386 + 4)) - 1;
											__eflags =  *((intOrPtr*)(_t386 + 4)) - 1;
											L78:
											_t111 =  &(_t414[4]); // -16
											E0137BC04(_t307, _t386, 1, _t111, _t237, _t323);
											goto L79;
										}
										_t386 = _t235;
									}
									_t237 = _t323;
									goto L78;
								}
							}
							return _t414;
						}
						_t398 =  *(_t307 + 0x50) ^  *_t420;
						_t347 = _t398 >> 0x00000010 ^ _t398 >> 0x00000008 ^ _t398;
						if(_t398 >> 0x18 != _t347) {
							_push(_t347);
							_push(0);
							_push(0);
							_push(_t420);
							_push(3);
							goto L64;
						}
						goto L6;
					} else {
						_t277 =  *_t419 & 0x0000ffff;
						_v16 = _t277;
						while(1) {
							__eflags = _t277 -  *((intOrPtr*)(_t404 + 4));
							if(_t277 <  *((intOrPtr*)(_t404 + 4))) {
								break;
							}
							_t279 =  *_t404;
							__eflags = _t279;
							if(_t279 == 0) {
								_t277 =  *((intOrPtr*)(_t404 + 4)) - 1;
								__eflags =  *((intOrPtr*)(_t404 + 4)) - 1;
								break;
							} else {
								_t404 = _t279;
								_t277 =  *_t419 & 0x0000ffff;
								continue;
							}
						}
						E0137BC04(_t307, _t404, 1, _t350, _t277, _v16);
						goto L20;
					}
				}
			}




















































































                            0x013799ca
                            0x013799cc
                            0x013799df
                            0x013799e3
                            0x013799f8
                            0x013799fb
                            0x013799fb
                            0x00000000
                            0x01379a48
                            0x01379a48
                            0x01379a4c
                            0x01379a51
                            0x01379a55
                            0x01379a61
                            0x01379a66
                            0x01379a68
                            0x013c1457
                            0x013c145c
                            0x013c145c
                            0x01379a68
                            0x01379a6e
                            0x01379a71
                            0x01379a74
                            0x01379a76
                            0x013c1466
                            0x013c1469
                            0x013c1469
                            0x013c146c
                            0x013c146e
                            0x013c1471
                            0x013c1474
                            0x013c1477
                            0x013c1479
                            0x013c159c
                            0x013c159c
                            0x013c159d
                            0x013c15a6
                            0x013c15ab
                            0x013c15ab
                            0x00000000
                            0x013c15ab
                            0x013c147f
                            0x013c1481
                            0x00000000
                            0x00000000
                            0x013c148a
                            0x013c148d
                            0x013c1493
                            0x013c1495
                            0x013c14c0
                            0x013c14c0
                            0x013c14c3
                            0x013c14c6
                            0x013c14c8
                            0x013c14cb
                            0x013c14cf
                            0x013c14f2
                            0x013c14f2
                            0x013c14f5
                            0x013c14f8
                            0x013c1501
                            0x013c1508
                            0x013c150b
                            0x013c150e
                            0x013c1510
                            0x013c1513
                            0x013c1515
                            0x013c1515
                            0x013c1518
                            0x013c1518
                            0x013c1513
                            0x013c1521
                            0x013c1525
                            0x013c152a
                            0x013c152d
                            0x013c1530
                            0x013c1532
                            0x013c1539
                            0x013c153d
                            0x013c155d
                            0x013c1562
                            0x013c153f
                            0x013c1555
                            0x013c155a
                            0x013c1570
                            0x013c1577
                            0x013c157c
                            0x013c1582
                            0x013c1585
                            0x013c1589
                            0x013c158b
                            0x013c1592
                            0x013c1593
                            0x013c1593
                            0x013c1589
                            0x013c1530
                            0x00000000
                            0x013c14f8
                            0x013c14d5
                            0x013c14da
                            0x013c14dc
                            0x00000000
                            0x013c14de
                            0x013c14e8
                            0x00000000
                            0x013c14e8
                            0x013c1497
                            0x013c1497
                            0x013c14a4
                            0x013c14a4
                            0x013c14a7
                            0x013c14a9
                            0x013c14ab
                            0x013c14ab
                            0x013c149c
                            0x013c149e
                            0x013c14a0
                            0x013c14b0
                            0x013c14b0
                            0x00000000
                            0x013c14a2
                            0x013c14a2
                            0x00000000
                            0x013c14a2
                            0x013c14a0
                            0x013c14b3
                            0x013c14bb
                            0x00000000
                            0x013c14bb
                            0x013c1495
                            0x01379a7c
                            0x01379a7c
                            0x01379a7f
                            0x01379a7f
                            0x01379a82
                            0x01379a84
                            0x01379a87
                            0x01379a8a
                            0x01379a8d
                            0x01379a8f
                            0x013c166a
                            0x013c166a
                            0x013c166b
                            0x013c1674
                            0x00000000
                            0x013c1674
                            0x01379a95
                            0x01379a97
                            0x00000000
                            0x00000000
                            0x01379aa0
                            0x01379aa3
                            0x01379aa9
                            0x01379aab
                            0x01379ad7
                            0x01379ad7
                            0x01379ada
                            0x01379add
                            0x01379adf
                            0x01379ae2
                            0x01379ae6
                            0x01379b22
                            0x01379b27
                            0x01379b29
                            0x00000000
                            0x01379b2b
                            0x013c15be
                            0x00000000
                            0x013c15be
                            0x01379b29
                            0x01379ae8
                            0x01379ae8
                            0x01379aeb
                            0x01379aee
                            0x013c15cb
                            0x013c15d2
                            0x013c15d5
                            0x013c15d7
                            0x013c15da
                            0x013c15dc
                            0x013c15dc
                            0x013c15dc
                            0x013c15da
                            0x013c15e5
                            0x013c15e9
                            0x013c15ee
                            0x013c15f1
                            0x013c15f3
                            0x013c15f9
                            0x013c1600
                            0x013c1604
                            0x013c1624
                            0x013c1629
                            0x013c1606
                            0x013c161c
                            0x013c1621
                            0x013c1637
                            0x013c163e
                            0x013c1643
                            0x013c1649
                            0x013c164c
                            0x013c1650
                            0x013c1656
                            0x013c165d
                            0x013c165e
                            0x013c165e
                            0x013c1650
                            0x013c15f3
                            0x01379af4
                            0x01379af7
                            0x01379afc
                            0x01379b00
                            0x01379b04
                            0x01379b08
                            0x01379b14
                            0x013799fe
                            0x01379a04
                            0x01379a07
                            0x00000000
                            0x01379a29
                            0x013c169c
                            0x013c16a0
                            0x013c16a5
                            0x013c16a9
                            0x013c16b5
                            0x013c16ba
                            0x013c16bc
                            0x013c16be
                            0x013c16c3
                            0x013c16c3
                            0x013c16bc
                            0x013c16c8
                            0x013c16cc
                            0x013c181b
                            0x013c181b
                            0x013c181e
                            0x013c181e
                            0x013c1821
                            0x013c1823
                            0x013c1826
                            0x013c1829
                            0x013c182c
                            0x013c182e
                            0x013c1688
                            0x013c1688
                            0x013c1689
                            0x013c168b
                            0x013c168c
                            0x013c168d
                            0x013c168f
                            0x013c1692
                            0x00000000
                            0x013c1692
                            0x013c1834
                            0x013c1836
                            0x00000000
                            0x00000000
                            0x013c183f
                            0x013c1842
                            0x013c1848
                            0x013c184a
                            0x013c1875
                            0x013c1875
                            0x013c1878
                            0x013c187b
                            0x013c187d
                            0x013c1880
                            0x013c1884
                            0x013c18a7
                            0x013c18a7
                            0x013c18aa
                            0x013c18ad
                            0x013c18b6
                            0x013c18bd
                            0x013c18c0
                            0x013c18c3
                            0x013c18c5
                            0x013c18c8
                            0x013c18ca
                            0x013c18ca
                            0x013c18cd
                            0x013c18cd
                            0x013c18c8
                            0x013c18d5
                            0x013c18da
                            0x013c18df
                            0x013c18e2
                            0x013c18e5
                            0x013c18e7
                            0x013c18ee
                            0x013c18f2
                            0x013c1912
                            0x013c1917
                            0x013c18f4
                            0x013c190a
                            0x013c190f
                            0x013c1925
                            0x013c192c
                            0x013c1931
                            0x013c193a
                            0x013c193e
                            0x013c1940
                            0x013c1947
                            0x013c1948
                            0x013c1948
                            0x013c193e
                            0x013c18e5
                            0x013c194f
                            0x013c1952
                            0x013c1956
                            0x013c195d
                            0x013c1961
                            0x013c196d
                            0x00000000
                            0x013c196d
                            0x013c188a
                            0x013c188f
                            0x013c1891
                            0x00000000
                            0x00000000
                            0x013c189d
                            0x00000000
                            0x013c189d
                            0x013c184c
                            0x013c1859
                            0x013c1859
                            0x013c185c
                            0x00000000
                            0x00000000
                            0x013c1851
                            0x013c1853
                            0x013c1855
                            0x013c1865
                            0x013c1865
                            0x013c1866
                            0x013c1868
                            0x013c1870
                            0x00000000
                            0x013c1870
                            0x013c1857
                            0x013c1857
                            0x013c185e
                            0x00000000
                            0x013c16d2
                            0x013c16d2
                            0x013c16d5
                            0x013c16d5
                            0x013c16d8
                            0x013c16da
                            0x013c16dd
                            0x013c16e0
                            0x013c16e3
                            0x013c16e5
                            0x013c1808
                            0x013c1808
                            0x013c1809
                            0x013c1812
                            0x013c1817
                            0x013c1817
                            0x00000000
                            0x013c1817
                            0x013c16eb
                            0x013c16ed
                            0x00000000
                            0x00000000
                            0x013c16f6
                            0x013c16f9
                            0x013c16ff
                            0x013c1701
                            0x013c172c
                            0x013c172c
                            0x013c172f
                            0x013c1732
                            0x013c1734
                            0x013c1737
                            0x013c173b
                            0x013c175e
                            0x013c175e
                            0x013c1761
                            0x013c1764
                            0x013c176d
                            0x013c1774
                            0x013c1777
                            0x013c177a
                            0x013c177c
                            0x013c177f
                            0x013c1781
                            0x013c1781
                            0x013c1784
                            0x013c1784
                            0x013c177f
                            0x013c178c
                            0x013c1791
                            0x013c1796
                            0x013c1799
                            0x013c179c
                            0x013c179e
                            0x013c17a5
                            0x013c17a9
                            0x013c17c9
                            0x013c17ce
                            0x013c17ab
                            0x013c17c1
                            0x013c17c6
                            0x013c17dc
                            0x013c17e3
                            0x013c17e8
                            0x013c17ee
                            0x013c17f1
                            0x013c17f5
                            0x013c17f7
                            0x013c17fe
                            0x013c17ff
                            0x013c17ff
                            0x013c17f5
                            0x013c179c
                            0x00000000
                            0x013c1764
                            0x013c1741
                            0x013c1746
                            0x013c1748
                            0x00000000
                            0x00000000
                            0x013c1754
                            0x00000000
                            0x013c1754
                            0x013c1703
                            0x013c1710
                            0x013c1710
                            0x013c1713
                            0x00000000
                            0x00000000
                            0x013c1708
                            0x013c170a
                            0x013c170c
                            0x013c171c
                            0x013c171c
                            0x013c171d
                            0x013c171f
                            0x013c1727
                            0x00000000
                            0x013c1727
                            0x013c170e
                            0x013c170e
                            0x013c1715
                            0x00000000
                            0x013c1715
                            0x013c16cc
                            0x01379a45
                            0x01379a45
                            0x01379a0e
                            0x01379a1c
                            0x01379a23
                            0x013c167e
                            0x013c167f
                            0x013c1681
                            0x013c1683
                            0x013c1684
                            0x00000000
                            0x013c1684
                            0x00000000
                            0x01379aad
                            0x01379aad
                            0x01379ab0
                            0x01379ab3
                            0x01379ab3
                            0x01379ab6
                            0x00000000
                            0x00000000
                            0x01379ab8
                            0x01379aba
                            0x01379abc
                            0x01379ac8
                            0x01379ac8
                            0x00000000
                            0x01379abe
                            0x01379abe
                            0x01379ac0
                            0x00000000
                            0x01379ac0
                            0x01379abc
                            0x01379ad2
                            0x00000000
                            0x01379ad2
                            0x01379aab

                            Strings
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                            • API String ID: 0-3178619729
                            • Opcode ID: 2a28f5722b122281f67a1990d747d8b7290431f16cef956729ca3b56f59c50e2
                            • Instruction ID: 7c5400e60c8b5f4c9134d6b3eccc7d544c7ee3390d19a0a5d0fb5cbf3c6d67ee
                            • Opcode Fuzzy Hash: 2a28f5722b122281f67a1990d747d8b7290431f16cef956729ca3b56f59c50e2
                            • Instruction Fuzzy Hash: 4A22E170600246DFEB25DF2DC885B7ABBB5EF45B08F28856DE8468B386D735D881CB50
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 013662A0 Relevance: 4.0, Strings: 3, Instructions: 291COMMON
                            Download Yara Rule
                            C-Code - Quality: 93%
                            			E013662A0(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				short _t93;
				short _t94;
				signed char* _t98;
				signed int _t99;
				signed char* _t100;
				signed int _t102;
				signed char* _t106;
				signed int _t107;
				signed char* _t108;
				signed int _t118;
				void* _t122;
				void* _t124;
				void* _t126;
				void* _t128;
				void* _t130;
				void* _t132;
				void* _t134;
				void* _t136;
				signed int _t137;
				signed int _t138;
				signed int _t139;
				signed int _t140;
				signed int _t141;
				signed int _t143;
				short _t148;
				intOrPtr _t156;
				intOrPtr _t157;
				intOrPtr _t158;
				intOrPtr _t159;
				intOrPtr _t160;
				intOrPtr _t161;
				intOrPtr _t162;
				intOrPtr _t163;
				signed int _t173;
				intOrPtr _t178;
				void* _t179;
				void* _t180;
				void* _t181;
				void* _t182;
				signed int _t187;
				signed int _t192;
				signed int _t193;
				signed int _t195;
				void* _t196;

				_push(0x44);
				_push(0x142f958);
				E013AD0E8(__ebx, __edi, __esi);
				 *(_t196 - 0x34) =  *(_t196 + 8);
				 *(_t196 - 0x3c) =  *(_t196 + 0x10);
				 *((intOrPtr*)(_t196 - 0x28)) = L"MUI";
				 *((intOrPtr*)(_t196 - 0x24)) = 1;
				 *((intOrPtr*)(_t196 - 0x20)) = 0;
				 *(_t196 - 0x38) =  *(_t196 + 0xc);
				 *(_t196 - 0x30) = 0;
				_t148 = 0x2e;
				 *((short*)(_t196 - 0x4c)) = _t148;
				_t93 = 0x30;
				 *((short*)(_t196 - 0x4a)) = _t93;
				 *(_t196 - 0x48) = L"LdrResGetRCConfig Enter";
				_t94 = 0x2c;
				 *((short*)(_t196 - 0x54)) = _t94;
				 *((short*)(_t196 - 0x52)) = _t148;
				 *(_t196 - 0x50) = L"LdrResGetRCConfig Exit";
				_t187 =  *(_t196 + 0x14) & 0x00002000;
				asm("sbb esi, esi");
				_t192 = ( ~_t187 & 0x00001000) + 0x1030;
				if(E01377D50() != 0) {
					_t98 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
				} else {
					_t98 = 0x7ffe0385;
				}
				if(( *_t98 & 0x00000001) != 0) {
					_t99 = E01377D50();
					__eflags = _t99;
					if(_t99 == 0) {
						_t100 = 0x7ffe0384;
					} else {
						_t100 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					E013E6715(_t196 - 0x4c,  *_t100 & 0x000000ff);
				}
				_t102 =  *(_t196 - 0x34);
				if(_t102 == 0) {
					_t193 = 0xc000000d;
					goto L7;
				} else {
					if( *((intOrPtr*)(_t196 + 0x18)) == 0) {
						L17:
						__eflags =  *(_t196 + 0xc);
						if(__eflags == 0) {
							__eflags = _t187;
							if(__eflags != 0) {
								goto L18;
							}
							_push(0);
							_push( *(_t196 + 0x14));
							_push(_t196 - 0x38);
							_push(_t102);
							__eflags = E013884E0(0, _t187, _t192, __eflags);
							if(__eflags >= 0) {
								goto L18;
							}
							L12:
							return E013AD130(0, _t187, _t193);
						}
						L18:
						_t195 = E0138701D(0,  *(_t196 - 0x34),  *(_t196 - 0x38), _t187, _t192 | 0x00200000, __eflags, _t192 | 0x00200000, _t196 - 0x28, 3, _t196 - 0x30, _t196 - 0x40, 0, 0);
						 *(_t196 - 0x2c) = _t195;
						__eflags = _t195;
						if(_t195 >= 0) {
							 *((intOrPtr*)(_t196 - 4)) = 0;
							__eflags = _t187;
							_t187 =  *(_t196 - 0x30);
							if(__eflags != 0) {
								L55:
								 *((intOrPtr*)(_t196 - 4)) = 0xfffffffe;
								_t118 =  *(_t196 - 0x3c);
								__eflags = _t118;
								if(_t118 != 0) {
									 *_t118 = _t187;
								}
								_t193 = 0;
								 *(_t196 - 0x2c) = 0;
								L23:
								__eflags =  *((char*)(_t196 + 0x18));
								if( *((char*)(_t196 + 0x18)) != 0) {
									__eflags = _t187;
									if(__eflags == 0) {
										_t187 = _t187 | 0xffffffff;
										__eflags = _t187;
									}
									_push(0);
									_push(_t193);
									_push(2);
									_push(0);
									_push(_t187);
									_push(0);
									E0138DA88(0,  *(_t196 - 0x34), 0, _t187, _t193, __eflags);
								}
								L8:
								if(E01377D50() != 0) {
									_t106 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
									_t193 =  *(_t196 - 0x2c);
								} else {
									_t106 = 0x7ffe0385;
								}
								if(( *_t106 & 0x00000001) != 0) {
									_t107 = E01377D50();
									__eflags = _t107;
									if(_t107 == 0) {
										_t108 = 0x7ffe0384;
									} else {
										_t108 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
										_t193 =  *(_t196 - 0x2c);
									}
									E013E6715(_t196 - 0x54,  *_t108 & 0x000000ff);
								}
								goto L12;
							}
							_t178 =  *((intOrPtr*)(_t187 + 4));
							__eflags = _t178 + _t187 - ( *(_t196 - 0x34) & 0xfffffffc) +  *(_t196 - 0x38);
							if(_t178 + _t187 > ( *(_t196 - 0x34) & 0xfffffffc) +  *(_t196 - 0x38)) {
								_t193 = 0xc000007b;
								 *(_t196 - 0x2c) = 0xc000007b;
								L61:
								 *((intOrPtr*)(_t196 - 4)) = 0xfffffffe;
								L21:
								__eflags = _t193;
								if(_t193 < 0) {
									_t187 = 0;
								}
								goto L23;
							}
							_t193 = 0xc00b0003;
							 *(_t196 - 0x2c) = 0xc00b0003;
							_t156 =  *((intOrPtr*)(_t187 + 0x44));
							_t122 =  *((intOrPtr*)(_t187 + 0x48)) + _t156;
							__eflags = _t122 - _t178;
							if(_t122 > _t178) {
								goto L61;
							}
							__eflags = _t122 - _t156;
							if(_t122 < _t156) {
								goto L61;
							}
							_t157 =  *((intOrPtr*)(_t187 + 0x4c));
							_t124 =  *((intOrPtr*)(_t187 + 0x50)) + _t157;
							__eflags = _t124 - _t178;
							if(_t124 > _t178) {
								goto L61;
							}
							__eflags = _t124 - _t157;
							if(_t124 < _t157) {
								goto L61;
							}
							_t158 =  *((intOrPtr*)(_t187 + 0x54));
							_t126 =  *((intOrPtr*)(_t187 + 0x58)) + _t158;
							__eflags = _t126 - _t178;
							if(_t126 > _t178) {
								goto L61;
							}
							__eflags = _t126 - _t158;
							if(_t126 < _t158) {
								goto L61;
							}
							_t159 =  *((intOrPtr*)(_t187 + 0x5c));
							_t128 =  *((intOrPtr*)(_t187 + 0x60)) + _t159;
							__eflags = _t128 - _t178;
							if(_t128 > _t178) {
								goto L61;
							}
							__eflags = _t128 - _t159;
							if(_t128 < _t159) {
								goto L61;
							}
							_t160 =  *((intOrPtr*)(_t187 + 0x64));
							_t130 =  *((intOrPtr*)(_t187 + 0x68)) + _t160;
							__eflags = _t130 - _t178;
							if(_t130 > _t178) {
								goto L61;
							}
							__eflags = _t130 - _t160;
							if(_t130 < _t160) {
								goto L61;
							}
							_t161 =  *((intOrPtr*)(_t187 + 0x6c));
							_t132 =  *((intOrPtr*)(_t187 + 0x70)) + _t161;
							__eflags = _t132 - _t178;
							if(_t132 > _t178) {
								goto L61;
							}
							__eflags = _t132 - _t161;
							if(_t132 < _t161) {
								goto L61;
							}
							_t162 =  *((intOrPtr*)(_t187 + 0x74));
							_t134 =  *((intOrPtr*)(_t187 + 0x78)) + _t162;
							__eflags = _t134 - _t178;
							if(_t134 > _t178) {
								goto L61;
							}
							__eflags = _t134 - _t162;
							if(_t134 < _t162) {
								goto L61;
							}
							_t163 =  *((intOrPtr*)(_t187 + 0x7c));
							_t136 =  *((intOrPtr*)(_t187 + 0x80)) + _t163;
							__eflags = _t136 - _t178;
							if(_t136 > _t178) {
								goto L61;
							}
							__eflags = _t136 - _t163;
							if(_t136 < _t163) {
								goto L61;
							}
							__eflags =  *_t187 - 0xfecdfecd;
							if( *_t187 != 0xfecdfecd) {
								goto L61;
							}
							__eflags = _t178 -  *((intOrPtr*)(_t196 - 0x40));
							if(_t178 !=  *((intOrPtr*)(_t196 - 0x40))) {
								goto L61;
							}
							__eflags =  *((intOrPtr*)(_t187 + 8)) - 0x10000;
							if( *((intOrPtr*)(_t187 + 8)) != 0x10000) {
								goto L61;
							}
							_t164 =  *(_t187 + 0xc);
							__eflags =  *(_t187 + 0xc);
							if( *(_t187 + 0xc) != 0) {
								_t179 = 7;
								_t137 = E013595C8(_t164, _t179);
								__eflags = _t137;
								if(_t137 == 0) {
									goto L61;
								}
							}
							_t180 = 3;
							_t138 = E013595C8( *(_t187 + 0x10) & 0xffffffcf, _t180);
							__eflags = _t138;
							if(_t138 == 0) {
								goto L61;
							}
							_t181 = 0x30;
							_t139 = E013595C8( *(_t187 + 0x10) & 0xfffffffc, _t181);
							__eflags = _t139;
							if(_t139 == 0) {
								goto L61;
							}
							__eflags =  *(_t187 + 0x10) & 0x00000001;
							if(( *(_t187 + 0x10) & 0x00000001) == 0) {
								L54:
								 *(_t196 - 0x2c) = 0;
								goto L55;
							}
							_t182 = 3;
							_t140 = E013595C8( *((intOrPtr*)(_t187 + 0x18)), _t182);
							__eflags = _t140;
							if(_t140 == 0) {
								goto L61;
							}
							_t170 =  *(_t187 + 0x14);
							__eflags =  *(_t187 + 0x14);
							if( *(_t187 + 0x14) != 0) {
								_t141 = E013595C8(_t170, 0x100);
								__eflags = _t141;
								if(_t141 == 0) {
									goto L61;
								}
							}
							goto L54;
						}
						_t187 =  *(_t196 - 0x30);
						__eflags = _t195 - 0xc000007b;
						if(_t195 != 0xc000007b) {
							_t193 = 0xc000008a;
							 *(_t196 - 0x2c) = 0xc000008a;
						}
						goto L21;
					}
					_t143 = E0136D1D0(_t102, 0, 0, 8);
					 *(_t196 - 0x30) = _t143;
					if(_t143 != 0xffffffff) {
						__eflags = _t143;
						if(_t143 == 0) {
							_t102 =  *(_t196 - 0x34);
							goto L17;
						}
						_t193 = 0;
						 *(_t196 - 0x2c) = 0;
						_t173 =  *(_t196 - 0x3c);
						__eflags = _t173;
						if(_t173 != 0) {
							 *_t173 = _t143;
						}
					} else {
						_t193 = 0xc000008a;
						L7:
						 *(_t196 - 0x2c) = _t193;
					}
					goto L8;
				}
			}















































                            0x013662a0
                            0x013662a2
                            0x013662a7
                            0x013662af
                            0x013662b5
                            0x013662b8
                            0x013662bf
                            0x013662c8
                            0x013662ce
                            0x013662d1
                            0x013662d6
                            0x013662d7
                            0x013662dd
                            0x013662de
                            0x013662e2
                            0x013662eb
                            0x013662ec
                            0x013662f0
                            0x013662f4
                            0x013662fe
                            0x01366308
                            0x01366310
                            0x0136631d
                            0x013b903d
                            0x01366323
                            0x01366323
                            0x01366323
                            0x0136632b
                            0x013b9047
                            0x013b904c
                            0x013b904e
                            0x013b9060
                            0x013b9050
                            0x013b9059
                            0x013b9059
                            0x013b906b
                            0x013b906b
                            0x01366331
                            0x01366336
                            0x013b9075
                            0x00000000
                            0x0136633c
                            0x0136633f
                            0x01366399
                            0x01366399
                            0x0136639c
                            0x0136658b
                            0x0136658d
                            0x00000000
                            0x00000000
                            0x01366593
                            0x01366594
                            0x0136659a
                            0x0136659b
                            0x013665a1
                            0x013665a3
                            0x00000000
                            0x00000000
                            0x0136637a
                            0x0136637f
                            0x0136637f
                            0x013663a2
                            0x013663c4
                            0x013663c6
                            0x013663c9
                            0x013663cb
                            0x0136640d
                            0x01366410
                            0x01366412
                            0x01366415
                            0x01366571
                            0x01366571
                            0x01366578
                            0x0136657b
                            0x0136657d
                            0x0136657f
                            0x0136657f
                            0x01366581
                            0x01366583
                            0x013663e6
                            0x013663e6
                            0x013663ea
                            0x013663f0
                            0x013663f2
                            0x013663f4
                            0x013663f4
                            0x013663f4
                            0x013663f7
                            0x013663f8
                            0x013663f9
                            0x013663fb
                            0x013663fc
                            0x013663fd
                            0x01366403
                            0x01366403
                            0x0136635d
                            0x01366364
                            0x013b90db
                            0x013b90e0
                            0x0136636a
                            0x0136636a
                            0x0136636a
                            0x01366372
                            0x013b90e8
                            0x013b90ed
                            0x013b90ef
                            0x013b9104
                            0x013b90f1
                            0x013b90fa
                            0x013b90ff
                            0x013b90ff
                            0x013b910f
                            0x013b910f
                            0x00000000
                            0x01366378
                            0x0136641b
                            0x0136642a
                            0x0136642c
                            0x013b907f
                            0x013b9084
                            0x013665ae
                            0x013665ae
                            0x013663e0
                            0x013663e0
                            0x013663e2
                            0x013663e4
                            0x013663e4
                            0x00000000
                            0x013663e2
                            0x01366432
                            0x01366437
                            0x0136643a
                            0x01366440
                            0x01366442
                            0x01366444
                            0x00000000
                            0x00000000
                            0x0136644a
                            0x0136644c
                            0x00000000
                            0x00000000
                            0x01366452
                            0x01366458
                            0x0136645a
                            0x0136645c
                            0x00000000
                            0x00000000
                            0x01366462
                            0x01366464
                            0x00000000
                            0x00000000
                            0x0136646a
                            0x01366470
                            0x01366472
                            0x01366474
                            0x00000000
                            0x00000000
                            0x0136647a
                            0x0136647c
                            0x00000000
                            0x00000000
                            0x01366482
                            0x01366488
                            0x0136648a
                            0x0136648c
                            0x00000000
                            0x00000000
                            0x01366492
                            0x01366494
                            0x00000000
                            0x00000000
                            0x0136649a
                            0x013664a0
                            0x013664a2
                            0x013664a4
                            0x00000000
                            0x00000000
                            0x013664aa
                            0x013664ac
                            0x00000000
                            0x00000000
                            0x013664b2
                            0x013664b8
                            0x013664ba
                            0x013664bc
                            0x00000000
                            0x00000000
                            0x013664c2
                            0x013664c4
                            0x00000000
                            0x00000000
                            0x013664ca
                            0x013664d0
                            0x013664d2
                            0x013664d4
                            0x00000000
                            0x00000000
                            0x013664da
                            0x013664dc
                            0x00000000
                            0x00000000
                            0x013664e2
                            0x013664eb
                            0x013664ed
                            0x013664ef
                            0x00000000
                            0x00000000
                            0x013664f5
                            0x013664f7
                            0x00000000
                            0x00000000
                            0x013664fd
                            0x01366503
                            0x00000000
                            0x00000000
                            0x01366509
                            0x0136650c
                            0x00000000
                            0x00000000
                            0x01366512
                            0x01366519
                            0x00000000
                            0x00000000
                            0x0136651f
                            0x01366522
                            0x01366524
                            0x013b908e
                            0x013b908f
                            0x013b9094
                            0x013b9096
                            0x00000000
                            0x00000000
                            0x013b909c
                            0x01366532
                            0x01366533
                            0x01366538
                            0x0136653a
                            0x00000000
                            0x00000000
                            0x01366544
                            0x01366545
                            0x0136654a
                            0x0136654c
                            0x00000000
                            0x00000000
                            0x0136654e
                            0x01366552
                            0x0136656e
                            0x0136656e
                            0x00000000
                            0x0136656e
                            0x01366556
                            0x0136655a
                            0x0136655f
                            0x01366561
                            0x00000000
                            0x00000000
                            0x01366563
                            0x01366566
                            0x01366568
                            0x013b90a6
                            0x013b90ab
                            0x013b90ad
                            0x00000000
                            0x00000000
                            0x013b90b3
                            0x00000000
                            0x01366568
                            0x013663cd
                            0x013663d0
                            0x013663d6
                            0x013663d8
                            0x013663dd
                            0x013663dd
                            0x00000000
                            0x013663d6
                            0x01366348
                            0x0136634d
                            0x01366353
                            0x01366382
                            0x01366384
                            0x01366396
                            0x00000000
                            0x01366396
                            0x01366386
                            0x01366388
                            0x0136638b
                            0x0136638e
                            0x01366390
                            0x01366392
                            0x01366392
                            0x01366355
                            0x01366355
                            0x0136635a
                            0x0136635a
                            0x0136635a
                            0x00000000
                            0x01366353

                            Strings
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID: LdrResGetRCConfig Enter$LdrResGetRCConfig Exit$MUI
                            • API String ID: 0-1145731471
                            • Opcode ID: d033c56ab06568098b52a455e18521b8f61a25fa6ad384d2d172e69d1b75d440
                            • Instruction ID: 5e98360fe8fb5dd83c60610ac11cca81275104a7942b35537a3b3f7a9fbcdbe5
                            • Opcode Fuzzy Hash: d033c56ab06568098b52a455e18521b8f61a25fa6ad384d2d172e69d1b75d440
                            • Instruction Fuzzy Hash: 01B1D3B1A00659DBDF15CF69C882BACBB79BF4439CF148119EA11EB798D770E850CB90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 01368794 Relevance: 4.0, Strings: 3, Instructions: 255COMMON
                            Download Yara Rule
                            C-Code - Quality: 83%
                            			E01368794(void* __ecx) {
				signed int _v0;
				char _v8;
				signed int _v12;
				void* _v16;
				signed int _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				signed int _v40;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t77;
				signed int _t80;
				signed char _t81;
				signed int _t87;
				signed int _t91;
				void* _t92;
				void* _t94;
				signed int _t95;
				signed int _t103;
				signed int _t105;
				signed int _t110;
				signed int _t118;
				intOrPtr* _t121;
				intOrPtr _t122;
				signed int _t125;
				signed int _t129;
				signed int _t131;
				signed int _t134;
				signed int _t136;
				signed int _t143;
				signed int* _t147;
				signed int _t151;
				void* _t153;
				signed int* _t157;
				signed int _t159;
				signed int _t161;
				signed int _t166;
				signed int _t168;

				_push(__ecx);
				_t153 = __ecx;
				_t159 = 0;
				_t121 = __ecx + 0x3c;
				if( *_t121 == 0) {
					L2:
					_t77 =  *((intOrPtr*)(_t153 + 0x58));
					if(_t77 == 0 ||  *_t77 ==  *((intOrPtr*)(_t153 + 0x54))) {
						_t122 =  *((intOrPtr*)(_t153 + 0x20));
						_t180 =  *((intOrPtr*)(_t122 + 0x3a));
						if( *((intOrPtr*)(_t122 + 0x3a)) != 0) {
							L6:
							if(E0136934A() != 0) {
								_t159 = E013DA9D2( *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)), 0, 0);
								__eflags = _t159;
								if(_t159 < 0) {
									_t81 =  *0x1445780; // 0x0
									__eflags = _t81 & 0x00000003;
									if((_t81 & 0x00000003) != 0) {
										_push(_t159);
										E013D5510("minkernel\\ntdll\\ldrsnap.c", 0x235, "LdrpDoPostSnapWork", 0, "LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x\n",  *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)));
										_t81 =  *0x1445780; // 0x0
									}
									__eflags = _t81 & 0x00000010;
									if((_t81 & 0x00000010) != 0) {
										asm("int3");
									}
								}
							}
						} else {
							_t159 = E0136849B(0, _t122, _t153, _t159, _t180);
							if(_t159 >= 0) {
								goto L6;
							}
						}
						_t80 = _t159;
						goto L8;
					} else {
						_t125 = 0x13;
						asm("int 0x29");
						_push(0);
						_push(_t159);
						_t161 = _t125;
						_t87 =  *( *[fs:0x30] + 0x1e8);
						_t143 = 0;
						_v40 = _t161;
						_t118 = 0;
						_push(_t153);
						__eflags = _t87;
						if(_t87 != 0) {
							_t118 = _t87 + 0x5d8;
							__eflags = _t118;
							if(_t118 == 0) {
								L46:
								_t118 = 0;
							} else {
								__eflags =  *(_t118 + 0x30);
								if( *(_t118 + 0x30) == 0) {
									goto L46;
								}
							}
						}
						_v32 = 0;
						_v28 = 0;
						_v16 = 0;
						_v20 = 0;
						_v12 = 0;
						__eflags = _t118;
						if(_t118 != 0) {
							__eflags = _t161;
							if(_t161 != 0) {
								__eflags =  *(_t118 + 8);
								if( *(_t118 + 8) == 0) {
									L22:
									_t143 = 1;
									__eflags = 1;
								} else {
									_t19 = _t118 + 0x40; // 0x40
									_t156 = _t19;
									E01368999(_t19,  &_v16);
									__eflags = _v0;
									if(_v0 != 0) {
										__eflags = _v0 - 1;
										if(_v0 != 1) {
											goto L22;
										} else {
											_t128 =  *(_t161 + 0x64);
											__eflags =  *(_t161 + 0x64);
											if( *(_t161 + 0x64) == 0) {
												goto L22;
											} else {
												E01368999(_t128,  &_v12);
												_t147 = _v12;
												_t91 = 0;
												__eflags = 0;
												_t129 =  *_t147;
												while(1) {
													__eflags =  *((intOrPtr*)(0x1445c60 + _t91 * 8)) - _t129;
													if( *((intOrPtr*)(0x1445c60 + _t91 * 8)) == _t129) {
														break;
													}
													_t91 = _t91 + 1;
													__eflags = _t91 - 5;
													if(_t91 < 5) {
														continue;
													} else {
														_t131 = 0;
														__eflags = 0;
													}
													L37:
													__eflags = _t131;
													if(_t131 != 0) {
														goto L22;
													} else {
														__eflags = _v16 - _t147;
														if(_v16 != _t147) {
															goto L22;
														} else {
															E01372280(_t92, 0x14486cc);
															_t94 = E01429DFB( &_v20);
															__eflags = _t94 - 1;
															if(_t94 != 1) {
															}
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															_t95 = E013861A0( &_v32);
															__eflags = _t95;
															if(_t95 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t71 = _t118 + 0x40; // 0x3f
																	_t134 = _t71;
																	goto L55;
																}
															}
															goto L30;
														}
													}
													goto L56;
												}
												_t92 = 0x1445c64 + _t91 * 8;
												asm("lock xadd [eax], ecx");
												_t131 = (_t129 | 0xffffffff) - 1;
												goto L37;
											}
										}
										goto L56;
									} else {
										_t143 = E01368A0A( *((intOrPtr*)(_t161 + 0x18)),  &_v12);
										__eflags = _t143;
										if(_t143 != 0) {
											_t157 = _v12;
											_t103 = 0;
											__eflags = 0;
											_t136 =  &(_t157[1]);
											 *(_t161 + 0x64) = _t136;
											_t151 =  *_t157;
											_v20 = _t136;
											while(1) {
												__eflags =  *((intOrPtr*)(0x1445c60 + _t103 * 8)) - _t151;
												if( *((intOrPtr*)(0x1445c60 + _t103 * 8)) == _t151) {
													break;
												}
												_t103 = _t103 + 1;
												__eflags = _t103 - 5;
												if(_t103 < 5) {
													continue;
												}
												L21:
												_t105 = E0139F380(_t136, 0x1331184, 0x10);
												__eflags = _t105;
												if(_t105 != 0) {
													__eflags =  *_t157 -  *_v16;
													if( *_t157 >=  *_v16) {
														goto L22;
													} else {
														asm("cdq");
														_t166 = _t157[5] & 0x0000ffff;
														_t108 = _t157[5] & 0x0000ffff;
														asm("cdq");
														_t168 = _t166 << 0x00000010 | _t157[5] & 0x0000ffff;
														__eflags = ((_t151 << 0x00000020 | _t166) << 0x10 | _t151) -  *((intOrPtr*)(_t118 + 0x2c));
														if(__eflags > 0) {
															L29:
															E01372280(_t108, 0x14486cc);
															 *_t118 =  *_t118 + 1;
															_t42 = _t118 + 0x40; // 0x3f
															_t156 = _t42;
															asm("adc dword [ebx+0x4], 0x0");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															_t110 = E013861A0( &_v32);
															__eflags = _t110;
															if(_t110 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t134 = _v20;
																	L55:
																	E01429D2E(_t134, 1, _v32, _v28,  *(_v24 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_v24 + 0x28)));
																}
															}
															L30:
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															E0136FFB0(_t118, _t156, 0x14486cc);
															goto L22;
														} else {
															if(__eflags < 0) {
																goto L22;
															} else {
																__eflags = _t168 -  *((intOrPtr*)(_t118 + 0x28));
																if(_t168 <  *((intOrPtr*)(_t118 + 0x28))) {
																	goto L22;
																} else {
																	goto L29;
																}
															}
														}
													}
													goto L56;
												}
												goto L22;
											}
											asm("lock inc dword [eax]");
											goto L21;
										}
									}
								}
							}
						}
						return _t143;
					}
				} else {
					_push( &_v8);
					_push( *((intOrPtr*)(__ecx + 0x50)));
					_push(__ecx + 0x40);
					_push(_t121);
					_push(0xffffffff);
					_t80 = E01399A00();
					_t159 = _t80;
					if(_t159 < 0) {
						L8:
						return _t80;
					} else {
						goto L2;
					}
				}
				L56:
			}












































                            0x01368799
                            0x0136879d
                            0x013687a1
                            0x013687a3
                            0x013687a8
                            0x013687c3
                            0x013687c3
                            0x013687c8
                            0x013687d1
                            0x013687d4
                            0x013687d8
                            0x013687e5
                            0x013687ec
                            0x013b9bfe
                            0x013b9c00
                            0x013b9c02
                            0x013b9c08
                            0x013b9c0d
                            0x013b9c0f
                            0x013b9c14
                            0x013b9c2d
                            0x013b9c32
                            0x013b9c37
                            0x013b9c3a
                            0x013b9c3c
                            0x013b9c42
                            0x013b9c42
                            0x013b9c3c
                            0x013b9c02
                            0x013687da
                            0x013687df
                            0x013687e3
                            0x00000000
                            0x00000000
                            0x013687e3
                            0x013687f2
                            0x00000000
                            0x013687fb
                            0x013687fd
                            0x013687fe
                            0x0136880e
                            0x0136880f
                            0x01368810
                            0x01368814
                            0x0136881a
                            0x0136881c
                            0x0136881f
                            0x01368821
                            0x01368822
                            0x01368824
                            0x01368826
                            0x0136882c
                            0x0136882e
                            0x013b9c48
                            0x013b9c48
                            0x01368834
                            0x01368834
                            0x01368837
                            0x00000000
                            0x00000000
                            0x01368837
                            0x0136882e
                            0x0136883d
                            0x01368840
                            0x01368843
                            0x01368846
                            0x01368849
                            0x0136884c
                            0x0136884e
                            0x01368850
                            0x01368852
                            0x01368854
                            0x01368857
                            0x013688b4
                            0x013688b6
                            0x013688b6
                            0x01368859
                            0x01368859
                            0x01368859
                            0x01368861
                            0x01368866
                            0x0136886a
                            0x0136893d
                            0x01368941
                            0x00000000
                            0x01368947
                            0x01368947
                            0x0136894a
                            0x0136894c
                            0x00000000
                            0x01368952
                            0x01368955
                            0x0136895a
                            0x0136895d
                            0x0136895d
                            0x0136895f
                            0x01368961
                            0x01368961
                            0x01368968
                            0x00000000
                            0x00000000
                            0x0136896a
                            0x0136896b
                            0x0136896e
                            0x00000000
                            0x01368970
                            0x01368970
                            0x01368970
                            0x01368970
                            0x01368972
                            0x01368972
                            0x01368974
                            0x00000000
                            0x0136897a
                            0x0136897a
                            0x0136897d
                            0x00000000
                            0x01368983
                            0x013b9c65
                            0x013b9c6d
                            0x013b9c72
                            0x013b9c75
                            0x013b9c75
                            0x013b9c82
                            0x013b9c86
                            0x013b9c87
                            0x013b9c88
                            0x013b9c89
                            0x013b9c8c
                            0x013b9c90
                            0x013b9c95
                            0x013b9c97
                            0x013b9ca0
                            0x013b9ca3
                            0x013b9ca9
                            0x013b9ca9
                            0x00000000
                            0x013b9ca9
                            0x013b9ca3
                            0x00000000
                            0x013b9c97
                            0x0136897d
                            0x00000000
                            0x01368974
                            0x01368988
                            0x01368992
                            0x01368996
                            0x00000000
                            0x01368996
                            0x0136894c
                            0x00000000
                            0x01368870
                            0x0136887b
                            0x0136887d
                            0x0136887f
                            0x01368881
                            0x01368884
                            0x01368884
                            0x01368886
                            0x01368889
                            0x0136888c
                            0x0136888e
                            0x01368891
                            0x01368891
                            0x01368898
                            0x00000000
                            0x00000000
                            0x0136889a
                            0x0136889b
                            0x0136889e
                            0x00000000
                            0x00000000
                            0x013688a0
                            0x013688a8
                            0x013688b0
                            0x013688b2
                            0x013688d3
                            0x013688d5
                            0x00000000
                            0x013688d7
                            0x013688db
                            0x013688dc
                            0x013688e0
                            0x013688e8
                            0x013688ee
                            0x013688f0
                            0x013688f3
                            0x013688fc
                            0x01368901
                            0x01368906
                            0x0136890c
                            0x0136890c
                            0x0136890f
                            0x01368916
                            0x01368917
                            0x01368918
                            0x01368919
                            0x0136891a
                            0x0136891f
                            0x01368921
                            0x013b9c52
                            0x013b9c55
                            0x013b9c5b
                            0x013b9cac
                            0x013b9cc0
                            0x013b9cc0
                            0x013b9c55
                            0x01368927
                            0x01368927
                            0x0136892f
                            0x01368933
                            0x00000000
                            0x013688f5
                            0x013688f5
                            0x00000000
                            0x013688f7
                            0x013688f7
                            0x013688fa
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x013688fa
                            0x013688f5
                            0x013688f3
                            0x00000000
                            0x013688d5
                            0x00000000
                            0x013688b2
                            0x013688c9
                            0x00000000
                            0x013688c9
                            0x0136887f
                            0x0136886a
                            0x01368857
                            0x01368852
                            0x013688bf
                            0x013688bf
                            0x013687aa
                            0x013687ad
                            0x013687ae
                            0x013687b4
                            0x013687b5
                            0x013687b6
                            0x013687b8
                            0x013687bd
                            0x013687c1
                            0x013687f4
                            0x013687fa
                            0x00000000
                            0x00000000
                            0x00000000
                            0x013687c1
                            0x00000000

                            Strings
                            • LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x, xrefs: 013B9C18
                            • minkernel\ntdll\ldrsnap.c, xrefs: 013B9C28
                            • LdrpDoPostSnapWork, xrefs: 013B9C1E
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID: LdrpDoPostSnapWork$LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x$minkernel\ntdll\ldrsnap.c
                            • API String ID: 0-1948996284
                            • Opcode ID: a5855ec0e7f1f329d4e2070aca4b10b8d0486d8bcb77c095c26202a17ee0cd24
                            • Instruction ID: b2535d2f73be62ed06ab8243ca4f0935a1fd8c11b5cddcbfc2e2c91e60626c77
                            • Opcode Fuzzy Hash: a5855ec0e7f1f329d4e2070aca4b10b8d0486d8bcb77c095c26202a17ee0cd24
                            • Instruction Fuzzy Hash: 6D91F771A00316DFEF28DF5DD481ABA7BB9FF4831CB1481A9DA05AB659D730E901CB90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 01358239 Relevance: 4.0, Strings: 3, Instructions: 233COMMON
                            Download Yara Rule
                            C-Code - Quality: 73%
                            			E01358239(signed int* __ecx, char* __edx, signed int _a4) {
				signed int _v12;
				intOrPtr _v548;
				intOrPtr _v552;
				intOrPtr _v556;
				char _v560;
				signed int _v564;
				intOrPtr _v568;
				char _v572;
				intOrPtr _v576;
				short _v578;
				char _v580;
				signed int _v584;
				intOrPtr _v586;
				char _v588;
				char* _v592;
				intOrPtr _v596;
				intOrPtr _v600;
				char* _v604;
				signed int* _v608;
				intOrPtr _v612;
				short _v614;
				char _v616;
				signed int _v620;
				signed int _v624;
				intOrPtr _v628;
				char* _v632;
				signed int _v636;
				char _v640;
				void* __ebx;
				void* __edi;
				void* __esi;
				char _t94;
				char* _t99;
				intOrPtr _t118;
				intOrPtr _t122;
				intOrPtr _t125;
				short _t126;
				signed int* _t137;
				intOrPtr _t138;
				intOrPtr _t143;
				intOrPtr _t145;
				intOrPtr _t148;
				signed int _t150;
				signed int _t151;
				void* _t152;
				signed int _t154;

				_t149 = __edx;
				_v12 =  *0x144d360 ^ _t154;
				_v564 = _v564 & 0x00000000;
				_t151 = _a4;
				_t137 = __ecx;
				_v604 = __edx;
				_v608 = __ecx;
				_t150 = 0;
				_v568 = 0x220;
				_v592 =  &_v560;
				if(E01366D30( &_v580, L"UseFilter") < 0) {
					L4:
					return E0139B640(_t89, _t137, _v12 ^ _t154, _t149, _t150, _t151);
				}
				_push( &_v572);
				_push(0x220);
				_push( &_v560);
				_push(2);
				_push( &_v580);
				_push( *_t137);
				_t89 = E01399650();
				if(_t89 >= 0) {
					if(_v556 != 4 || _v552 != 4 || _v548 == 0) {
						L3:
						_t89 = 0;
					} else {
						_t94 =  *_t151;
						_t151 =  *(_t151 + 4);
						_v588 = _t94;
						_v584 = _t151;
						if(E01366D30( &_v580, L"\\??\\") < 0) {
							goto L4;
						}
						if(E0136AA20( &_v560,  &_v580,  &_v588, 1) != 0) {
							_v588 = _v588 + 0xfff8;
							_v586 = _v586 + 0xfff8;
							_v584 = _t151 + 8;
						}
						_t99 =  &_v560;
						_t143 = 0;
						_v596 = _t99;
						_v600 = 0;
						do {
							_t149 =  &_v572;
							_push( &_v572);
							_push(_v568);
							_push(_t99);
							_push(0);
							_push(_t143);
							_push( *_t137);
							_t151 = E01399820();
							if(_t151 < 0) {
								goto L37;
							}
							_t145 = _v596;
							_v580 =  *((intOrPtr*)(_t145 + 0xc));
							_v624 = _v624 & 0x00000000;
							_v620 = _v620 & 0x00000000;
							_v578 =  *((intOrPtr*)(_t145 + 0xc));
							_v576 = _t145 + 0x10;
							_v636 =  *_t137;
							_v632 =  &_v580;
							_push( &_v640);
							_push(_v604);
							_v640 = 0x18;
							_push( &_v564);
							_v628 = 0x240;
							_t151 = E01399600();
							if(_t151 < 0) {
								goto L37;
							}
							_t151 = E01366D30( &_v580, L"FilterFullPath");
							if(_t151 < 0) {
								L36:
								_push(_v564);
								E013995D0();
								goto L37;
							}
							_t138 = _v592;
							_t118 = _v568;
							do {
								_push( &_v572);
								_push(_t118);
								_push(_t138);
								_push(2);
								_push( &_v580);
								_push(_v564);
								_t152 = E01399650();
								if(_t152 == 0x80000005 || _t152 == 0xc0000023) {
									if(_t150 != 0) {
										L013777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t150);
									}
									_t147 =  *((intOrPtr*)( *[fs:0x30] + 0x18));
									if( *((intOrPtr*)( *[fs:0x30] + 0x18)) != 0) {
										_t122 =  *0x1447b9c; // 0x0
										_t150 = E01374620(_t147, _t147, _t122 + 0x180000, _v572);
										if(_t150 == 0) {
											goto L25;
										}
										_t118 = _v572;
										_t138 = _t150;
										_v596 = _t150;
										_v568 = _t118;
										goto L27;
									} else {
										_t150 = 0;
										L25:
										_t151 = 0xc0000017;
										goto L26;
									}
								} else {
									L26:
									_t118 = _v568;
								}
								L27:
							} while (_t151 == 0x80000005 || _t151 == 0xc0000023);
							_v592 = _t138;
							_t137 = _v608;
							if(_t151 >= 0) {
								_t148 = _v592;
								if( *((intOrPtr*)(_t148 + 4)) != 1) {
									goto L36;
								}
								_t125 =  *((intOrPtr*)(_t148 + 8));
								if(_t125 > 0xfffe) {
									goto L36;
								}
								_t126 = _t125 + 0xfffffffe;
								_v616 = _t126;
								_v614 = _t126;
								_v612 = _t148 + 0xc;
								if(E01369660( &_v588,  &_v616, 1) == 0) {
									break;
								}
								goto L36;
							}
							_push(_v564);
							E013995D0();
							_t65 = _t151 + 0x3fffffcc; // 0x3fffffcc
							asm("sbb eax, eax");
							_t151 = _t151 &  ~_t65;
							L37:
							_t99 = _v596;
							_t143 = _v600 + 1;
							_v600 = _t143;
						} while (_t151 >= 0);
						if(_t150 != 0) {
							L013777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t150);
						}
						if(_t151 >= 0) {
							_push( *_t137);
							E013995D0();
							 *_t137 = _v564;
						}
						_t85 = _t151 + 0x7fffffe6; // 0x7fffffe6
						asm("sbb eax, eax");
						_t89 =  ~_t85 & _t151;
					}
					goto L4;
				}
				if(_t89 != 0xc0000034) {
					if(_t89 == 0xc0000023) {
						goto L3;
					}
					if(_t89 != 0x80000005) {
						goto L4;
					}
				}
				goto L3;
			}

















































                            0x01358239
                            0x0135824b
                            0x0135824e
                            0x0135825d
                            0x01358260
                            0x0135826e
                            0x01358275
                            0x0135827b
                            0x0135827d
                            0x01358287
                            0x01358294
                            0x013582ce
                            0x013582de
                            0x013582de
                            0x0135829c
                            0x0135829d
                            0x013582a8
                            0x013582a9
                            0x013582b1
                            0x013582b2
                            0x013582b4
                            0x013582bb
                            0x013b2dfa
                            0x013582cc
                            0x013582cc
                            0x013b2e19
                            0x013b2e19
                            0x013b2e1b
                            0x013b2e1e
                            0x013b2e30
                            0x013b2e3d
                            0x00000000
                            0x00000000
                            0x013b2e5a
                            0x013b2e61
                            0x013b2e68
                            0x013b2e72
                            0x013b2e72
                            0x013b2e78
                            0x013b2e7e
                            0x013b2e80
                            0x013b2e86
                            0x013b2e8c
                            0x013b2e8c
                            0x013b2e92
                            0x013b2e93
                            0x013b2e99
                            0x013b2e9a
                            0x013b2e9c
                            0x013b2e9d
                            0x013b2ea4
                            0x013b2ea8
                            0x00000000
                            0x00000000
                            0x013b2eae
                            0x013b2eb8
                            0x013b2ec3
                            0x013b2eca
                            0x013b2ed1
                            0x013b2edb
                            0x013b2ee3
                            0x013b2eef
                            0x013b2efb
                            0x013b2efc
                            0x013b2f08
                            0x013b2f12
                            0x013b2f13
                            0x013b2f22
                            0x013b2f26
                            0x00000000
                            0x00000000
                            0x013b2f3d
                            0x013b2f41
                            0x013b3069
                            0x013b3069
                            0x013b306f
                            0x00000000
                            0x013b306f
                            0x013b2f47
                            0x013b2f4d
                            0x013b2f53
                            0x013b2f59
                            0x013b2f5a
                            0x013b2f5b
                            0x013b2f5c
                            0x013b2f64
                            0x013b2f65
                            0x013b2f70
                            0x013b2f78
                            0x013b2f84
                            0x013b2f92
                            0x013b2f92
                            0x013b2f9d
                            0x013b2fa2
                            0x013b2fed
                            0x013b3004
                            0x013b3008
                            0x00000000
                            0x00000000
                            0x013b300a
                            0x013b3010
                            0x013b3012
                            0x013b3018
                            0x00000000
                            0x013b2fa4
                            0x013b2fa4
                            0x013b2fa6
                            0x013b2fa6
                            0x00000000
                            0x013b2fa6
                            0x013b2fab
                            0x013b2fab
                            0x013b2fab
                            0x013b2fab
                            0x013b2fb1
                            0x013b2fb1
                            0x013b2fc1
                            0x013b2fc7
                            0x013b2fcf
                            0x013b3020
                            0x013b302a
                            0x00000000
                            0x00000000
                            0x013b302c
                            0x013b3034
                            0x00000000
                            0x00000000
                            0x013b3036
                            0x013b3039
                            0x013b3040
                            0x013b304a
                            0x013b3067
                            0x00000000
                            0x00000000
                            0x00000000
                            0x013b3067
                            0x013b2fd1
                            0x013b2fd7
                            0x013b2fdc
                            0x013b2fe4
                            0x013b2fe6
                            0x013b3074
                            0x013b307a
                            0x013b3080
                            0x013b3081
                            0x013b3087
                            0x013b3091
                            0x013b309f
                            0x013b309f
                            0x013b30a6
                            0x013b30a8
                            0x013b30aa
                            0x013b30b5
                            0x013b30b5
                            0x013b30b7
                            0x013b30bf
                            0x013b30c1
                            0x013b30c1
                            0x00000000
                            0x013b2dfa
                            0x013582c6
                            0x013b2ddd
                            0x00000000
                            0x00000000
                            0x013b2de8
                            0x00000000
                            0x00000000
                            0x013b2dee
                            0x00000000

                            Strings
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID: FilterFullPath$UseFilter$\??\
                            • API String ID: 0-2779062949
                            • Opcode ID: b9ee94b25d299e316f63c3ef49cab5e1bb6e63d592ff81822d1aec5ebad95e9d
                            • Instruction ID: 99e776cb4fce75f50f0b90dcb0cc8c2c8f83f38174b3f28dc261f9ae20583dbd
                            • Opcode Fuzzy Hash: b9ee94b25d299e316f63c3ef49cab5e1bb6e63d592ff81822d1aec5ebad95e9d
                            • Instruction Fuzzy Hash: 00A14E719116299BDF31DF58CC88BEAB7B8EF44718F1001E9EA09A7650E735AE84CF50
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0137B73D Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                            Download Yara Rule
                            C-Code - Quality: 74%
                            			E0137B73D(void* __ecx, signed int __edx, intOrPtr* _a4, unsigned int _a8, intOrPtr _a12, signed int* _a16) {
				signed int _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __ebp;
				void* _t72;
				char _t76;
				signed char _t77;
				intOrPtr* _t80;
				unsigned int _t85;
				signed int* _t86;
				signed int _t88;
				signed char _t89;
				intOrPtr _t90;
				intOrPtr _t101;
				intOrPtr* _t111;
				void* _t117;
				intOrPtr* _t118;
				signed int _t120;
				signed char _t121;
				intOrPtr* _t123;
				signed int _t126;
				intOrPtr _t136;
				signed int _t139;
				void* _t140;
				signed int _t141;
				void* _t147;

				_t111 = _a4;
				_t140 = __ecx;
				_v8 = __edx;
				_t3 = _t111 + 0x18; // 0x0
				 *((intOrPtr*)(_t111 + 0x10)) = _t3;
				_t5 = _t111 - 8; // -32
				_t141 = _t5;
				 *(_t111 + 0x14) = _a8;
				_t72 = 4;
				 *(_t141 + 2) = 1;
				 *_t141 = _t72;
				 *((char*)(_t141 + 7)) = 3;
				_t134 =  *((intOrPtr*)(__edx + 0x18));
				if( *((intOrPtr*)(__edx + 0x18)) != __edx) {
					_t76 = (_t141 - __edx >> 0x10) + 1;
					_v12 = _t76;
					__eflags = _t76 - 0xfe;
					if(_t76 >= 0xfe) {
						_push(__edx);
						_push(0);
						E0141A80D(_t134, 3, _t141, __edx);
						_t76 = _v12;
					}
				} else {
					_t76 = 0;
				}
				 *((char*)(_t141 + 6)) = _t76;
				if( *0x1448748 >= 1) {
					__eflags = _a12 - _t141;
					if(_a12 <= _t141) {
						goto L4;
					}
					_t101 =  *[fs:0x30];
					__eflags =  *(_t101 + 0xc);
					if( *(_t101 + 0xc) == 0) {
						_push("HEAP: ");
						E0135B150();
					} else {
						E0135B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push("((PHEAP_ENTRY)LastKnownEntry <= Entry)");
					E0135B150();
					__eflags =  *0x1447bc8;
					if(__eflags == 0) {
						E01412073(_t111, 1, _t140, __eflags);
					}
					goto L3;
				} else {
					L3:
					_t147 = _a12 - _t141;
					L4:
					if(_t147 != 0) {
						 *((short*)(_t141 + 4)) =  *((intOrPtr*)(_t140 + 0x54));
					}
					if( *((intOrPtr*)(_t140 + 0x4c)) != 0) {
						 *(_t141 + 3) =  *(_t141 + 1) ^  *(_t141 + 2) ^  *_t141;
						 *_t141 =  *_t141 ^  *(_t140 + 0x50);
					}
					_t135 =  *(_t111 + 0x14);
					if( *(_t111 + 0x14) == 0) {
						L12:
						_t77 =  *((intOrPtr*)(_t141 + 6));
						if(_t77 != 0) {
							_t117 = (_t141 & 0xffff0000) - ((_t77 & 0x000000ff) << 0x10) + 0x10000;
						} else {
							_t117 = _t140;
						}
						_t118 = _t117 + 0x38;
						_t26 = _t111 + 8; // -16
						_t80 = _t26;
						_t136 =  *_t118;
						if( *((intOrPtr*)(_t136 + 4)) != _t118) {
							_push(_t118);
							_push(0);
							E0141A80D(0, 0xd, _t118,  *((intOrPtr*)(_t136 + 4)));
						} else {
							 *_t80 = _t136;
							 *((intOrPtr*)(_t80 + 4)) = _t118;
							 *((intOrPtr*)(_t136 + 4)) = _t80;
							 *_t118 = _t80;
						}
						_t120 = _v8;
						 *((intOrPtr*)(_t120 + 0x30)) =  *((intOrPtr*)(_t120 + 0x30)) + 1;
						 *((intOrPtr*)(_t120 + 0x2c)) =  *((intOrPtr*)(_t120 + 0x2c)) + ( *(_t111 + 0x14) >> 0xc);
						 *((intOrPtr*)(_t140 + 0x1e8)) =  *((intOrPtr*)(_t140 + 0x1e8)) -  *(_t111 + 0x14);
						 *((intOrPtr*)(_t140 + 0x1f8)) =  *((intOrPtr*)(_t140 + 0x1f8)) + 1;
						if( *((intOrPtr*)(_t140 + 0x1f8)) > 0xa) {
							__eflags =  *(_t140 + 0xb8);
							if( *(_t140 + 0xb8) == 0) {
								_t88 =  *(_t140 + 0x40) & 0x00000003;
								__eflags = _t88 - 2;
								_t121 = _t120 & 0xffffff00 | _t88 == 0x00000002;
								__eflags =  *0x1448720 & 0x00000001;
								_t89 = _t88 & 0xffffff00 | ( *0x1448720 & 0x00000001) == 0x00000000;
								__eflags = _t89 & _t121;
								if((_t89 & _t121) != 0) {
									 *(_t140 + 0x48) =  *(_t140 + 0x48) | 0x10000000;
								}
							}
						}
						_t85 =  *(_t111 + 0x14);
						if(_t85 >= 0x7f000) {
							 *((intOrPtr*)(_t140 + 0x1ec)) =  *((intOrPtr*)(_t140 + 0x1ec)) + _t85;
						}
						_t86 = _a16;
						 *_t86 = _t141 - _a12 >> 3;
						return _t86;
					} else {
						_t90 = E0137B8E4(_t135);
						_t123 =  *((intOrPtr*)(_t90 + 4));
						if( *_t123 != _t90) {
							_push(_t123);
							_push( *_t123);
							E0141A80D(0, 0xd, _t90, 0);
						} else {
							 *_t111 = _t90;
							 *((intOrPtr*)(_t111 + 4)) = _t123;
							 *_t123 = _t111;
							 *((intOrPtr*)(_t90 + 4)) = _t111;
						}
						_t139 =  *(_t140 + 0xb8);
						if(_t139 != 0) {
							_t93 =  *(_t111 + 0x14) >> 0xc;
							__eflags = _t93;
							while(1) {
								__eflags = _t93 -  *((intOrPtr*)(_t139 + 4));
								if(_t93 <  *((intOrPtr*)(_t139 + 4))) {
									break;
								}
								_t126 =  *_t139;
								__eflags = _t126;
								if(_t126 != 0) {
									_t139 = _t126;
									continue;
								}
								_t93 =  *((intOrPtr*)(_t139 + 4)) - 1;
								__eflags =  *((intOrPtr*)(_t139 + 4)) - 1;
								break;
							}
							E0137E4A0(_t140, _t139, 0, _t111, _t93,  *(_t111 + 0x14));
						}
						goto L12;
					}
				}
			}






























                            0x0137b746
                            0x0137b74b
                            0x0137b74d
                            0x0137b750
                            0x0137b755
                            0x0137b758
                            0x0137b758
                            0x0137b75e
                            0x0137b763
                            0x0137b764
                            0x0137b76a
                            0x0137b76d
                            0x0137b771
                            0x0137b776
                            0x0137b85c
                            0x0137b85d
                            0x0137b860
                            0x0137b865
                            0x013c2ba1
                            0x013c2ba2
                            0x013c2ba9
                            0x013c2bae
                            0x013c2bae
                            0x0137b77c
                            0x0137b77c
                            0x0137b77c
                            0x0137b785
                            0x0137b788
                            0x013c2bb6
                            0x013c2bb9
                            0x00000000
                            0x00000000
                            0x013c2bbf
                            0x013c2bc5
                            0x013c2bc9
                            0x013c2be8
                            0x013c2bed
                            0x013c2bcb
                            0x013c2be0
                            0x013c2be5
                            0x013c2bf3
                            0x013c2bf8
                            0x013c2bfd
                            0x013c2c05
                            0x013c2c0e
                            0x013c2c0e
                            0x00000000
                            0x0137b78e
                            0x0137b78e
                            0x0137b78e
                            0x0137b791
                            0x0137b791
                            0x0137b797
                            0x0137b797
                            0x0137b79f
                            0x0137b7a9
                            0x0137b7af
                            0x0137b7af
                            0x0137b7b1
                            0x0137b7b6
                            0x0137b7e2
                            0x0137b7e2
                            0x0137b7e7
                            0x0137b880
                            0x0137b7ed
                            0x0137b7ed
                            0x0137b7ed
                            0x0137b7ef
                            0x0137b7f2
                            0x0137b7f2
                            0x0137b7f5
                            0x0137b7fa
                            0x013c2c2d
                            0x013c2c2e
                            0x013c2c39
                            0x0137b800
                            0x0137b800
                            0x0137b802
                            0x0137b805
                            0x0137b808
                            0x0137b808
                            0x0137b80a
                            0x0137b80d
                            0x0137b816
                            0x0137b81c
                            0x0137b822
                            0x0137b82f
                            0x0137b88b
                            0x0137b892
                            0x0137b897
                            0x0137b899
                            0x0137b89b
                            0x0137b89e
                            0x0137b8a5
                            0x0137b8a8
                            0x0137b8aa
                            0x0137b8ac
                            0x0137b8ac
                            0x0137b8aa
                            0x0137b892
                            0x0137b831
                            0x0137b839
                            0x0137b83b
                            0x0137b83b
                            0x0137b844
                            0x0137b84b
                            0x0137b852
                            0x0137b7b8
                            0x0137b7ba
                            0x0137b7bf
                            0x0137b7c4
                            0x013c2c18
                            0x013c2c19
                            0x013c2c23
                            0x0137b7ca
                            0x0137b7ca
                            0x0137b7cc
                            0x0137b7cf
                            0x0137b7d1
                            0x0137b7d1
                            0x0137b7d4
                            0x0137b7dc
                            0x0137b8bb
                            0x0137b8bb
                            0x0137b8be
                            0x0137b8be
                            0x0137b8c1
                            0x00000000
                            0x00000000
                            0x0137b8c3
                            0x0137b8c5
                            0x0137b8c7
                            0x0137b8e0
                            0x00000000
                            0x0137b8e0
                            0x0137b8cc
                            0x0137b8cc
                            0x00000000
                            0x0137b8cc
                            0x0137b8d6
                            0x0137b8d6
                            0x00000000
                            0x0137b7dc
                            0x0137b7b6

                            Strings
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                            • API String ID: 0-1334570610
                            • Opcode ID: ad32b383eea6f29a279378fbf84ed01452fccdd65233c3d22e45a9adb231b56e
                            • Instruction ID: 9901f1fbfee997f5e635dd969f5393b25765692c5d5e10d8f1608c0b1e7c9ce4
                            • Opcode Fuzzy Hash: ad32b383eea6f29a279378fbf84ed01452fccdd65233c3d22e45a9adb231b56e
                            • Instruction Fuzzy Hash: AF61B070600285EFDB29CF28C485B6AFBF5FF44708F18856EE8498B659D734E881CB91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 014023E3 Relevance: 3.9, Strings: 3, Instructions: 166COMMONCrypto
                            Download Yara Rule
                            C-Code - Quality: 64%
                            			E014023E3(signed int __ecx, unsigned int __edx) {
				intOrPtr _v8;
				intOrPtr _t42;
				char _t43;
				signed short _t44;
				signed short _t48;
				signed char _t51;
				signed short _t52;
				intOrPtr _t54;
				signed short _t64;
				signed short _t66;
				intOrPtr _t69;
				signed short _t73;
				signed short _t76;
				signed short _t77;
				signed short _t79;
				void* _t83;
				signed int _t84;
				signed int _t85;
				signed char _t94;
				unsigned int _t99;
				unsigned int _t104;
				signed int _t108;
				void* _t110;
				void* _t111;
				unsigned int _t114;

				_t84 = __ecx;
				_push(__ecx);
				_t114 = __edx;
				_t42 =  *((intOrPtr*)(__edx + 7));
				if(_t42 == 1) {
					L49:
					_t43 = 1;
					L50:
					return _t43;
				}
				if(_t42 != 4) {
					if(_t42 >= 0) {
						if( *(__ecx + 0x4c) == 0) {
							_t44 =  *__edx & 0x0000ffff;
						} else {
							_t73 =  *__edx;
							if(( *(__ecx + 0x4c) & _t73) != 0) {
								_t73 = _t73 ^  *(__ecx + 0x50);
							}
							_t44 = _t73 & 0x0000ffff;
						}
					} else {
						_t104 = __edx >> 0x00000003 ^  *__edx ^  *0x144874c ^ __ecx;
						if(_t104 == 0) {
							_t76 =  *((intOrPtr*)(__edx - (_t104 >> 0xd)));
						} else {
							_t76 = 0;
						}
						_t44 =  *((intOrPtr*)(_t76 + 0x14));
					}
					_t94 =  *((intOrPtr*)(_t114 + 7));
					_t108 = _t44 & 0xffff;
					if(_t94 != 5) {
						if((_t94 & 0x00000040) == 0) {
							if((_t94 & 0x0000003f) == 0x3f) {
								if(_t94 >= 0) {
									if( *(_t84 + 0x4c) == 0) {
										_t48 =  *_t114 & 0x0000ffff;
									} else {
										_t66 =  *_t114;
										if(( *(_t84 + 0x4c) & _t66) != 0) {
											_t66 = _t66 ^  *(_t84 + 0x50);
										}
										_t48 = _t66 & 0x0000ffff;
									}
								} else {
									_t99 = _t114 >> 0x00000003 ^  *_t114 ^  *0x144874c ^ _t84;
									if(_t99 == 0) {
										_t69 =  *((intOrPtr*)(_t114 - (_t99 >> 0xd)));
									} else {
										_t69 = 0;
									}
									_t48 =  *((intOrPtr*)(_t69 + 0x14));
								}
								_t85 =  *(_t114 + (_t48 & 0xffff) * 8 - 4);
							} else {
								_t85 = _t94 & 0x3f;
							}
						} else {
							_t85 =  *(_t114 + 4 + (_t94 & 0x3f) * 8) & 0x0000ffff;
						}
					} else {
						_t85 =  *(_t84 + 0x54) & 0x0000ffff ^  *(_t114 + 4) & 0x0000ffff;
					}
					_t110 = (_t108 << 3) - _t85;
				} else {
					if( *(__ecx + 0x4c) == 0) {
						_t77 =  *__edx & 0x0000ffff;
					} else {
						_t79 =  *__edx;
						if(( *(__ecx + 0x4c) & _t79) != 0) {
							_t79 = _t79 ^  *(__ecx + 0x50);
						}
						_t77 = _t79 & 0x0000ffff;
					}
					_t110 =  *((intOrPtr*)(_t114 - 8)) - (_t77 & 0x0000ffff);
				}
				_t51 =  *((intOrPtr*)(_t114 + 7));
				if(_t51 != 5) {
					if((_t51 & 0x00000040) == 0) {
						_t52 = 0;
						goto L42;
					}
					_t64 = _t51 & 0x3f;
					goto L38;
				} else {
					_t64 =  *(_t114 + 6) & 0x000000ff;
					L38:
					_t52 = _t64 << 0x00000003 & 0x0000ffff;
					L42:
					_t35 = _t114 + 8; // -16
					_t111 = _t110 + (_t52 & 0x0000ffff);
					_t83 = _t35 + _t111;
					_t54 = E013AD4F0(_t83, 0x1336c58, 8);
					_v8 = _t54;
					if(_t54 == 8) {
						goto L49;
					}
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push("HEAP: ");
						E0135B150();
					} else {
						E0135B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push(_t111);
					_push(_v8 + _t83);
					E0135B150("Heap block at %p modified at %p past requested size of %Ix\n", _t114);
					if( *((char*)( *[fs:0x30] + 2)) != 0) {
						 *0x1446378 = 1;
						asm("int3");
						 *0x1446378 = 0;
					}
					_t43 = 0;
					goto L50;
				}
			}




























                            0x014023e3
                            0x014023e8
                            0x014023eb
                            0x014023ee
                            0x014023f3
                            0x0140259b
                            0x0140259b
                            0x0140259d
                            0x014025a3
                            0x014025a3
                            0x014023fb
                            0x01402424
                            0x0140244f
                            0x01402460
                            0x01402451
                            0x01402451
                            0x01402456
                            0x01402458
                            0x01402458
                            0x0140245b
                            0x0140245b
                            0x01402426
                            0x01402431
                            0x01402436
                            0x01402443
                            0x01402438
                            0x01402438
                            0x01402438
                            0x01402445
                            0x01402445
                            0x01402463
                            0x01402469
                            0x0140246f
                            0x01402480
                            0x01402495
                            0x014024a1
                            0x014024ce
                            0x014024df
                            0x014024d0
                            0x014024d0
                            0x014024d5
                            0x014024d7
                            0x014024d7
                            0x014024da
                            0x014024da
                            0x014024a3
                            0x014024b0
                            0x014024b5
                            0x014024c2
                            0x014024b7
                            0x014024b7
                            0x014024b7
                            0x014024c4
                            0x014024c4
                            0x014024e8
                            0x01402497
                            0x0140249a
                            0x0140249a
                            0x01402482
                            0x01402488
                            0x01402488
                            0x01402471
                            0x01402479
                            0x01402479
                            0x014024ef
                            0x014023fd
                            0x01402401
                            0x01402412
                            0x01402403
                            0x01402403
                            0x01402408
                            0x0140240a
                            0x0140240a
                            0x0140240d
                            0x0140240d
                            0x0140241b
                            0x0140241b
                            0x014024f1
                            0x014024f6
                            0x01402507
                            0x01402510
                            0x00000000
                            0x01402510
                            0x0140250b
                            0x00000000
                            0x014024f8
                            0x014024f8
                            0x014024fc
                            0x01402500
                            0x01402512
                            0x01402515
                            0x0140251a
                            0x01402521
                            0x01402524
                            0x01402529
                            0x0140252f
                            0x00000000
                            0x00000000
                            0x0140253c
                            0x0140255c
                            0x01402561
                            0x0140253e
                            0x01402554
                            0x01402559
                            0x0140256a
                            0x0140256d
                            0x01402574
                            0x01402586
                            0x01402588
                            0x0140258f
                            0x01402590
                            0x01402590
                            0x01402597
                            0x00000000
                            0x01402597

                            Strings
                            • Heap block at %p modified at %p past requested size of %Ix, xrefs: 0140256F
                            • HEAP: , xrefs: 0140255C
                            • HEAP[%wZ]: , xrefs: 0140254F
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID: HEAP: $HEAP[%wZ]: $Heap block at %p modified at %p past requested size of %Ix
                            • API String ID: 0-3815128232
                            • Opcode ID: 25c3334729820b25e138ca8659a13f7500e160222a3c7a789b1c907458ed3743
                            • Instruction ID: d005e0271e55a99e50c7a31454677c8c2c556d5c974cf0b6026a2235e0e0d04b
                            • Opcode Fuzzy Hash: 25c3334729820b25e138ca8659a13f7500e160222a3c7a789b1c907458ed3743
                            • Instruction Fuzzy Hash: 1551D4341002608AE766CA2FC85CB727BF1DB44648F56487BE9C28B3E5D2B6D447DB20
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0135E620 Relevance: 3.9, Strings: 3, Instructions: 165COMMON
                            Download Yara Rule
                            C-Code - Quality: 93%
                            			E0135E620(void* __ecx, short* __edx, short* _a4) {
				char _v16;
				char _v20;
				intOrPtr _v24;
				char* _v28;
				char _v32;
				char _v36;
				char _v44;
				signed int _v48;
				intOrPtr _v52;
				void* _v56;
				void* _v60;
				char _v64;
				void* _v68;
				void* _v76;
				void* _v84;
				signed int _t59;
				signed int _t74;
				signed short* _t75;
				signed int _t76;
				signed short* _t78;
				signed int _t83;
				short* _t93;
				signed short* _t94;
				short* _t96;
				void* _t97;
				signed int _t99;
				void* _t101;
				void* _t102;

				_t80 = __ecx;
				_t101 = (_t99 & 0xfffffff8) - 0x34;
				_t96 = __edx;
				_v44 = __edx;
				_t78 = 0;
				_v56 = 0;
				if(__ecx == 0 || __edx == 0) {
					L28:
					_t97 = 0xc000000d;
				} else {
					_t93 = _a4;
					if(_t93 == 0) {
						goto L28;
					}
					_t78 = E0135F358(__ecx, 0xac);
					if(_t78 == 0) {
						_t97 = 0xc0000017;
						L6:
						if(_v56 != 0) {
							_push(_v56);
							E013995D0();
						}
						if(_t78 != 0) {
							L013777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t78);
						}
						return _t97;
					}
					E0139FA60(_t78, 0, 0x158);
					_v48 = _v48 & 0x00000000;
					_t102 = _t101 + 0xc;
					 *_t96 = 0;
					 *_t93 = 0;
					E0139BB40(_t80,  &_v36, L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\NLS\\Language");
					_v36 = 0x18;
					_v28 =  &_v44;
					_v64 = 0;
					_push( &_v36);
					_push(0x20019);
					_v32 = 0;
					_push( &_v64);
					_v24 = 0x40;
					_v20 = 0;
					_v16 = 0;
					_t97 = E01399600();
					if(_t97 < 0) {
						goto L6;
					}
					E0139BB40(0,  &_v36, L"InstallLanguageFallback");
					_push(0);
					_v48 = 4;
					_t97 = L0135F018(_v64,  &_v44,  &_v56, _t78,  &_v48);
					if(_t97 >= 0) {
						if(_v52 != 1) {
							L17:
							_t97 = 0xc0000001;
							goto L6;
						}
						_t59 =  *_t78 & 0x0000ffff;
						_t94 = _t78;
						_t83 = _t59;
						if(_t59 == 0) {
							L19:
							if(_t83 == 0) {
								L23:
								E0139BB40(_t83, _t102 + 0x24, _t78);
								if(L013643C0( &_v48,  &_v64) == 0) {
									goto L17;
								}
								_t84 = _v48;
								 *_v48 = _v56;
								if( *_t94 != 0) {
									E0139BB40(_t84, _t102 + 0x24, _t94);
									if(L013643C0( &_v48,  &_v64) != 0) {
										 *_a4 = _v56;
									} else {
										_t97 = 0xc0000001;
										 *_v48 = 0;
									}
								}
								goto L6;
							}
							_t83 = _t83 & 0x0000ffff;
							while(_t83 == 0x20) {
								_t94 =  &(_t94[1]);
								_t74 =  *_t94 & 0x0000ffff;
								_t83 = _t74;
								if(_t74 != 0) {
									continue;
								}
								goto L23;
							}
							goto L23;
						} else {
							goto L14;
						}
						while(1) {
							L14:
							_t27 =  &(_t94[1]); // 0x2
							_t75 = _t27;
							if(_t83 == 0x2c) {
								break;
							}
							_t94 = _t75;
							_t76 =  *_t94 & 0x0000ffff;
							_t83 = _t76;
							if(_t76 != 0) {
								continue;
							}
							goto L23;
						}
						 *_t94 = 0;
						_t94 = _t75;
						_t83 =  *_t75 & 0x0000ffff;
						goto L19;
					}
				}
			}































                            0x0135e620
                            0x0135e628
                            0x0135e62f
                            0x0135e631
                            0x0135e635
                            0x0135e637
                            0x0135e63e
                            0x013b5503
                            0x013b5503
                            0x0135e64c
                            0x0135e64c
                            0x0135e651
                            0x00000000
                            0x00000000
                            0x0135e661
                            0x0135e665
                            0x013b542a
                            0x0135e715
                            0x0135e71a
                            0x0135e71c
                            0x0135e720
                            0x0135e720
                            0x0135e727
                            0x0135e736
                            0x0135e736
                            0x0135e743
                            0x0135e743
                            0x0135e673
                            0x0135e678
                            0x0135e67d
                            0x0135e682
                            0x0135e685
                            0x0135e692
                            0x0135e69b
                            0x0135e6a3
                            0x0135e6ad
                            0x0135e6b1
                            0x0135e6b2
                            0x0135e6bb
                            0x0135e6bf
                            0x0135e6c0
                            0x0135e6c8
                            0x0135e6cc
                            0x0135e6d5
                            0x0135e6d9
                            0x00000000
                            0x00000000
                            0x0135e6e5
                            0x0135e6ea
                            0x0135e6f9
                            0x0135e70b
                            0x0135e70f
                            0x013b5439
                            0x013b545e
                            0x013b545e
                            0x00000000
                            0x013b545e
                            0x013b543b
                            0x013b543e
                            0x013b5440
                            0x013b5445
                            0x013b5472
                            0x013b5475
                            0x013b548d
                            0x013b5493
                            0x013b54a9
                            0x00000000
                            0x00000000
                            0x013b54ab
                            0x013b54b4
                            0x013b54bc
                            0x013b54c8
                            0x013b54de
                            0x013b54fb
                            0x013b54e0
                            0x013b54e6
                            0x013b54eb
                            0x013b54eb
                            0x013b54de
                            0x00000000
                            0x013b54bc
                            0x013b5477
                            0x013b547a
                            0x013b5480
                            0x013b5483
                            0x013b5486
                            0x013b548b
                            0x00000000
                            0x00000000
                            0x00000000
                            0x013b548b
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x013b5447
                            0x013b5447
                            0x013b5447
                            0x013b5447
                            0x013b544e
                            0x00000000
                            0x00000000
                            0x013b5450
                            0x013b5452
                            0x013b5455
                            0x013b545a
                            0x00000000
                            0x00000000
                            0x00000000
                            0x013b545c
                            0x013b546a
                            0x013b546d
                            0x013b546f
                            0x00000000
                            0x013b546f
                            0x0135e70f

                            Strings
                            • InstallLanguageFallback, xrefs: 0135E6DB
                            • @, xrefs: 0135E6C0
                            • \Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 0135E68C
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID: @$InstallLanguageFallback$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
                            • API String ID: 0-1757540487
                            • Opcode ID: b0b38e2129dc543ddb2bb4face105037e003590239f86968b9da1d592f86bac0
                            • Instruction ID: 617f5c67bb5d491b68ee4925294d2555f304f66a2ba92063c3daf3003b8ec048
                            • Opcode Fuzzy Hash: b0b38e2129dc543ddb2bb4face105037e003590239f86968b9da1d592f86bac0
                            • Instruction Fuzzy Hash: B651A4766043469BD714DF68C480EBBB7E8BF88619F05092EFA85E7640F734DA04C7A2
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0136B62E Relevance: 2.8, Strings: 2, Instructions: 349COMMON
                            Download Yara Rule
                            C-Code - Quality: 91%
                            			E0136B62E(signed int* __ecx, signed int __edx, intOrPtr _a4, signed int _a8, intOrPtr _a12) {
				signed int _v8;
				char _v148;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				intOrPtr _v184;
				signed int* _v188;
				signed short _v192;
				intOrPtr _v196;
				char _v197;
				char _v198;
				signed short _v204;
				char _v205;
				intOrPtr _v208;
				signed short _v216;
				char _v217;
				void* _v220;
				void* _v228;
				void* _v240;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t139;
				intOrPtr _t140;
				signed short _t141;
				signed int _t143;
				signed int _t152;
				signed int _t153;
				signed int _t158;
				signed int* _t160;
				signed char* _t161;
				signed int _t162;
				signed int _t164;
				void* _t173;
				signed int _t175;
				signed short _t176;
				signed int _t178;
				signed int _t184;
				signed int _t189;
				void* _t191;
				signed int _t199;
				void* _t200;
				char _t202;
				signed int _t205;
				signed int* _t209;
				signed int _t213;
				signed short _t216;
				signed int _t218;
				intOrPtr _t227;
				signed int _t228;
				void* _t229;
				signed int _t231;
				signed short _t233;
				void* _t235;
				signed int _t237;
				signed int _t239;

				_t218 = __edx;
				_t239 = (_t237 & 0xfffffff8) - 0xcc;
				_v8 =  *0x144d360 ^ _t239;
				_v172 = _v172 & 0x00000000;
				_v184 = _a12;
				_t199 = 0xc00b0001;
				_v188 = __ecx;
				_v168 = _v168 & 0;
				_t202 = 0;
				_t233 = 0;
				_v176 = __edx;
				_v204 = 0;
				_v197 = 0;
				_v180 = 0;
				_v192 = 0;
				_v198 = 0;
				if(_a4 != 3) {
					__eflags = _a4 - 4;
					if(_a4 == 4) {
						goto L1;
					}
					_t199 = 0xc00000f1;
					L29:
					_pop(_t229);
					_pop(_t235);
					_pop(_t200);
					return E0139B640(_t199, _t200, _v8 ^ _t239, _t219, _t229, _t235);
				}
				L1:
				_t16 = _t218 + 8; // 0xff1075ff
				_v164 =  *_t16 & 0x0000ffff;
				_v205 = _t202;
				while(1) {
					L2:
					_t219 = _a8;
					do {
						while(1) {
							L3:
							_t139 = _t202;
							_t227 = _t202;
							_t202 = _t202 + 1;
							_v196 = _t202;
							_t140 = _t139;
							if(_t140 == 0) {
								goto L12;
							}
							L4:
							_t173 = _t140 - 1;
							if(_t173 == 0) {
								_t174 = 0xeeee;
								__eflags = _t233 - 0xeeee;
								if(_t233 != 0xeeee) {
									__eflags = _t219 & 0x00000004;
									if((_t219 & 0x00000004) != 0) {
										_t233 = 0xeeee;
										_v204 = 0xeeee;
										_t202 = 0xfffffffe;
										continue;
										do {
											while(1) {
												L3:
												_t139 = _t202;
												_t227 = _t202;
												_t202 = _t202 + 1;
												_v196 = _t202;
												_t140 = _t139;
												if(_t140 == 0) {
													goto L12;
												}
												goto L4;
											}
											goto L12;
											L15:
										} while (_t233 == 0xeeee);
										_t228 = _v180;
										_t143 = 0;
										if(_t228 != 0) {
											while(1) {
												__eflags =  *((intOrPtr*)(_t239 + 0x50 + _t143 * 2)) - _t233;
												if( *((intOrPtr*)(_t239 + 0x50 + _t143 * 2)) == _t233) {
													goto L3;
												}
												_t143 = _t143 + 1;
												__eflags = _t143 - _t228;
												if(__eflags >= 0) {
													goto L17;
												}
											}
											continue;
										}
										L17:
										_t250 = _t228 - 0x40;
										if(_t228 >= 0x40) {
											goto L29;
										}
										_v160 = _v160 & 0x00000000;
										_push(_t219);
										 *(_t239 + 0x58 + _t228 * 2) = _t233;
										_v180 = _t228 + 1;
										_t199 = E0136BA00(_t199, _t228 + 1, _t233, _t250, _v188, _v204,  &_v172,  &_v160);
										if(_t199 < 0) {
											__eflags = _t199 - 0xc0000034;
											if(_t199 == 0xc0000034) {
												goto L41;
											}
											break;
										}
										_t205 = _v180;
										_t219 = _t205;
										_t231 = _v176;
										 *(_t205 + 8) = _t233 & 0x0000ffff;
										 *((char*)(_t239 + 0x23)) = 1;
										_t199 = E0136C1C0(_t231, _t205, 3, 0x30, _v188);
										_t152 = _a8 & 0x00000040;
										_v168 = _t152;
										if(_t152 != 0) {
											__eflags = _t199;
											if(_t199 < 0) {
												L37:
												_t219 = _t231;
												_t153 = E01354D5C(_t231);
												__eflags = _t153;
												if(_t153 != 0) {
													goto L29;
												}
												L42:
												_t202 =  *((intOrPtr*)(_t239 + 0x18));
												while(1) {
													L2:
													_t219 = _a8;
													goto L3;
												}
											}
											_t219 =  *_v188;
											_t199 = E01390245(_t231,  *_v188, 0,  *((intOrPtr*)(_v180 + 0xc)), 0);
											__eflags = _t199;
											if(_t199 >= 0) {
												L21:
												_t209 = _v188;
												if( *_t209 <= _t231) {
													L79:
													 *_t209 =  *_t209 & 0x00000000;
													_t199 = 0xc000007b;
													E013E5720(0x55, 2, "\'LDR: %s(), invalid image format of MUI file \n", "LdrpLoadResourceFromAlternativeModule");
													_t239 = _t239 + 0x10;
													goto L42;
												}
												_t158 = _v164;
												if(_t158 == 0 ||  *_t209 < _t158 + _t231) {
													_t160 =  *( *[fs:0x30] + 0x50);
													if(_t160 != 0) {
														__eflags =  *_t160;
														if( *_t160 == 0) {
															goto L25;
														}
														_t161 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
														L26:
														if(( *_t161 & 0x00000002) != 0) {
															__eflags = _v156;
															if(_v156 == 0) {
																__eflags = _a8 & 0x00000001;
																_t162 = 0;
																_t128 = (_a8 & 0x00000001) != 0;
																__eflags = _t128;
																_t164 = 3 + (_t162 & 0xffffff00 | _t128) * 2;
															} else {
																_t164 = 9;
															}
															_t219 = _v180;
															E013E64B5(_v176, _v180, _a4, _t164);
														}
														if( *( *[fs:0x18] + 0xfe0) != 0) {
															 *( *( *[fs:0x18] + 0xfe0)) = _v192;
														}
														goto L29;
													}
													L25:
													_t161 = 0x7ffe0385;
													goto L26;
												} else {
													goto L79;
												}
											}
											 *_v188 =  *_v188 & 0x00000000;
										}
										if(_t199 < 0) {
											goto L37;
										}
										goto L21;
									}
									__eflags = _v164 & 0x000003ff;
									if((_v164 & 0x000003ff) == 0) {
										goto L31;
									}
									_t175 = E0135649B(_t233,  &_v204);
									__eflags = _t175;
									if(_t175 < 0) {
										L60:
										_t174 = 0xeeee;
										_t202 = 0xfffffffe;
										goto L31;
									}
									_t233 = _v204;
									__eflags = _t233;
									if(__eflags != 0) {
										_t219 = _a8;
										_t202 = _t227;
										_v196 = _t202;
										goto L15;
									}
									goto L60;
								}
								L31:
								_t233 = _t174;
								_v204 = _t233;
								goto L2;
							}
							_t176 = _t173 - 1;
							if(_t176 != 0) {
								__eflags = _t176 == 1;
								if(_t176 == 1) {
									_t213 = _v168;
									__eflags = _t213;
									if(_t213 != 0) {
										L53:
										__eflags =  *_t213 - 0xfecdfecd;
										if( *_t213 != 0xfecdfecd) {
											L55:
											_t233 = 0xeeee;
											_v204 = 0xeeee;
											goto L42;
										}
										__eflags =  *(_t213 + 0x18) & 0x00000002;
										if(( *(_t213 + 0x18) & 0x00000002) != 0) {
											_t178 =  *(_t213 + 0x7c);
											__eflags = _t178;
											if(_t178 == 0) {
												goto L55;
											}
											E0139BB40(_t213,  &_v148, _t178 + _t213);
											_t184 = L013643C0( &_v156,  &_v164);
											__eflags = _t184;
											if(_t184 == 0) {
												_t199 = 0xc00b0005;
												goto L55;
											}
											_t233 = _v156;
											_t219 = _a8;
											_v204 = _t233;
											__eflags = _t219 & 0x00100000;
											if(__eflags == 0) {
												_t202 = _v196;
												goto L15;
											}
											E0136AAC7(_t213,  *((intOrPtr*)( *[fs:0x18] + 0xfc0)), 0,  &_v204,  &_v205);
											__eflags = _v217;
											_t202 = _v208;
											_t219 = _a8;
											if(__eflags != 0) {
												L13:
												_t233 = 0xeeee;
												L14:
												_v204 = _t233;
												goto L15;
											}
											_t233 = _v204;
											goto L15;
										}
										goto L55;
									}
									_t213 = E013660F7(_v188, _t213, 1);
									_v176 = _t213;
									__eflags = _t213;
									if(_t213 == 0) {
										goto L55;
									}
									goto L53;
								}
								__eflags = _v198;
								if(_v198 != 0) {
									goto L29;
								}
								__eflags = _v197;
								if(_v197 != 0) {
									goto L29;
								}
								_t189 = L01356398(_v188);
								__eflags = _t189;
								if(_t189 < 0) {
									goto L29;
								}
								_t202 = 0;
								_t219 = _a8 | 0x00400000;
								_v198 = 1;
								_a8 = _t219;
								_v180 = 0;
								_v192 = 0;
								continue;
							}
							_v204 = _t176;
							_t191 = E0136ABEC();
							_t216 = _v192;
							if(_t191 == 0 || _t216 >= ( *( *((intOrPtr*)( *[fs:0x18] + 0xfc0)) + 4) & 0x0000ffff)) {
								_t233 = 0;
								_v204 = 0;
							} else {
								E0136AAC7(_t216,  *((intOrPtr*)( *[fs:0x18] + 0xfc0)), _t216,  &_v204,  &_v205);
								_t233 = _v216;
								_t216 = _v204;
							}
							if(_t233 == 0) {
								goto L55;
							} else {
								_t219 = _a8;
								if(_v205 != 0) {
									__eflags = _t219 & 0x00100000;
									if(__eflags != 0) {
										_t233 = 0xeeee;
										_v204 = 0xeeee;
									}
								}
								_v192 = _t216 + 1;
								_t202 = _t227;
								_v196 = _t202;
								goto L15;
							}
							L12:
							_t141 = _v164;
							__eflags = _t141;
							if(__eflags != 0) {
								__eflags = _t141 - 0x400;
								if(__eflags == 0) {
									goto L13;
								}
								__eflags = _t141 - 0x800;
								if(__eflags == 0) {
									goto L13;
								}
								_t233 = _t141;
								goto L14;
							}
							goto L13;
						}
						_t202 =  *((intOrPtr*)(_t239 + 0x18));
						_t219 = _a8;
						__eflags = _t199 - 0xc000003a;
					} while (_t199 != 0xc000003a);
					L41:
					_t199 = 0xc00b0001;
					goto L42;
				}
			}
































































                            0x0136b62e
                            0x0136b636
                            0x0136b643
                            0x0136b64d
                            0x0136b653
                            0x0136b657
                            0x0136b65e
                            0x0136b662
                            0x0136b666
                            0x0136b669
                            0x0136b66b
                            0x0136b674
                            0x0136b679
                            0x0136b67e
                            0x0136b682
                            0x0136b686
                            0x0136b68a
                            0x0136b89c
                            0x0136b8a0
                            0x00000000
                            0x00000000
                            0x013ba83f
                            0x0136b844
                            0x0136b84d
                            0x0136b84e
                            0x0136b84f
                            0x0136b85a
                            0x0136b85a
                            0x0136b690
                            0x0136b690
                            0x0136b694
                            0x0136b698
                            0x0136b69c
                            0x0136b69c
                            0x0136b69c
                            0x0136b69f
                            0x0136b69f
                            0x0136b69f
                            0x0136b69f
                            0x0136b6a1
                            0x0136b6a3
                            0x0136b6a4
                            0x0136b6a8
                            0x0136b6ab
                            0x00000000
                            0x00000000
                            0x0136b6b1
                            0x0136b6b1
                            0x0136b6b4
                            0x0136b85d
                            0x0136b862
                            0x0136b865
                            0x0136b96b
                            0x0136b96e
                            0x013ba90a
                            0x013ba90f
                            0x013ba914
                            0x013ba915
                            0x0136b69f
                            0x0136b69f
                            0x0136b69f
                            0x0136b69f
                            0x0136b6a1
                            0x0136b6a3
                            0x0136b6a4
                            0x0136b6a8
                            0x0136b6ab
                            0x00000000
                            0x00000000
                            0x00000000
                            0x0136b6ab
                            0x00000000
                            0x0136b752
                            0x0136b757
                            0x0136b760
                            0x0136b764
                            0x0136b768
                            0x0136b8e5
                            0x0136b8e5
                            0x0136b8ea
                            0x00000000
                            0x00000000
                            0x0136b8f0
                            0x0136b8f1
                            0x0136b8f3
                            0x00000000
                            0x00000000
                            0x0136b8f9
                            0x00000000
                            0x0136b8e5
                            0x0136b76e
                            0x0136b76e
                            0x0136b771
                            0x00000000
                            0x00000000
                            0x0136b777
                            0x0136b780
                            0x0136b786
                            0x0136b795
                            0x0136b79e
                            0x0136b7a2
                            0x0136b8bc
                            0x0136b8c2
                            0x00000000
                            0x00000000
                            0x00000000
                            0x0136b8c2
                            0x0136b7a8
                            0x0136b7ac
                            0x0136b7b2
                            0x0136b7bb
                            0x0136b7c2
                            0x0136b7cc
                            0x0136b7d1
                            0x0136b7d4
                            0x0136b7d8
                            0x0136b9a9
                            0x0136b9ab
                            0x0136b8ab
                            0x0136b8af
                            0x0136b8b1
                            0x0136b8b6
                            0x0136b8b8
                            0x00000000
                            0x00000000
                            0x0136b8dc
                            0x0136b8dc
                            0x0136b69c
                            0x0136b69c
                            0x0136b69c
                            0x00000000
                            0x0136b69c
                            0x0136b69c
                            0x0136b9c2
                            0x0136b9c9
                            0x0136b9cb
                            0x0136b9cd
                            0x0136b7e6
                            0x0136b7e6
                            0x0136b7ec
                            0x013ba92f
                            0x013ba92f
                            0x013ba932
                            0x013ba945
                            0x013ba94a
                            0x00000000
                            0x013ba94a
                            0x0136b7f2
                            0x0136b7f8
                            0x0136b80a
                            0x0136b80f
                            0x013ba952
                            0x013ba955
                            0x00000000
                            0x00000000
                            0x013ba964
                            0x0136b81a
                            0x0136b81d
                            0x013ba96e
                            0x013ba973
                            0x013ba97a
                            0x013ba980
                            0x013ba981
                            0x013ba981
                            0x013ba984
                            0x013ba975
                            0x013ba977
                            0x013ba977
                            0x013ba98b
                            0x013ba997
                            0x013ba997
                            0x0136b830
                            0x0136b842
                            0x0136b842
                            0x00000000
                            0x0136b830
                            0x0136b815
                            0x0136b815
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x0136b7f8
                            0x013ba927
                            0x013ba927
                            0x0136b7e0
                            0x00000000
                            0x00000000
                            0x00000000
                            0x0136b7e0
                            0x0136b974
                            0x0136b97c
                            0x00000000
                            0x00000000
                            0x0136b989
                            0x0136b98e
                            0x0136b990
                            0x0136b99c
                            0x0136b99e
                            0x0136b9a3
                            0x00000000
                            0x0136b9a3
                            0x0136b992
                            0x0136b997
                            0x0136b99a
                            0x0136b9e4
                            0x0136b9e7
                            0x0136b9e9
                            0x00000000
                            0x0136b9e9
                            0x00000000
                            0x0136b99a
                            0x0136b86b
                            0x0136b86b
                            0x0136b86e
                            0x00000000
                            0x0136b86e
                            0x0136b6ba
                            0x0136b6bd
                            0x0136b8fb
                            0x0136b8fe
                            0x0136b92c
                            0x0136b930
                            0x0136b932
                            0x0136b94a
                            0x0136b94a
                            0x0136b950
                            0x0136b95c
                            0x0136b95c
                            0x0136b961
                            0x00000000
                            0x0136b961
                            0x0136b952
                            0x0136b956
                            0x013ba86b
                            0x013ba86e
                            0x013ba870
                            0x00000000
                            0x00000000
                            0x013ba87e
                            0x013ba88d
                            0x013ba892
                            0x013ba894
                            0x013ba8e5
                            0x00000000
                            0x013ba8e5
                            0x013ba896
                            0x013ba89b
                            0x013ba89e
                            0x013ba8a3
                            0x013ba8a9
                            0x013ba91a
                            0x00000000
                            0x013ba91a
                            0x013ba8c4
                            0x013ba8c9
                            0x013ba8ce
                            0x013ba8d2
                            0x013ba8d5
                            0x0136b748
                            0x0136b748
                            0x0136b74d
                            0x0136b74d
                            0x00000000
                            0x0136b74d
                            0x013ba8db
                            0x00000000
                            0x013ba8db
                            0x00000000
                            0x0136b956
                            0x0136b940
                            0x0136b942
                            0x0136b946
                            0x0136b948
                            0x00000000
                            0x00000000
                            0x00000000
                            0x0136b948
                            0x0136b900
                            0x0136b905
                            0x00000000
                            0x00000000
                            0x0136b90b
                            0x0136b910
                            0x00000000
                            0x00000000
                            0x0136b91a
                            0x0136b91f
                            0x0136b921
                            0x00000000
                            0x00000000
                            0x013ba84c
                            0x013ba84e
                            0x013ba854
                            0x013ba85b
                            0x013ba85e
                            0x013ba862
                            0x00000000
                            0x013ba862
                            0x0136b6c3
                            0x0136b6c8
                            0x0136b6cd
                            0x0136b6d3
                            0x0136b9d8
                            0x0136b9da
                            0x0136b6f1
                            0x0136b709
                            0x0136b70e
                            0x0136b713
                            0x0136b713
                            0x0136b71a
                            0x00000000
                            0x0136b720
                            0x0136b725
                            0x0136b728
                            0x013ba8ef
                            0x013ba8f5
                            0x013ba8fb
                            0x013ba900
                            0x013ba900
                            0x013ba8f5
                            0x0136b72f
                            0x0136b733
                            0x0136b735
                            0x00000000
                            0x0136b735
                            0x0136b73b
                            0x0136b73b
                            0x0136b73f
                            0x0136b742
                            0x0136b87d
                            0x0136b880
                            0x00000000
                            0x00000000
                            0x0136b88b
                            0x0136b88e
                            0x00000000
                            0x00000000
                            0x0136b894
                            0x00000000
                            0x0136b894
                            0x00000000
                            0x0136b742
                            0x0136b8c4
                            0x0136b8c8
                            0x0136b8cb
                            0x0136b8cb
                            0x0136b8d7
                            0x0136b8d7
                            0x00000000
                            0x0136b8d7

                            Strings
                            • LdrpLoadResourceFromAlternativeModule, xrefs: 013BA937
                            • 'LDR: %s(), invalid image format of MUI file , xrefs: 013BA93C
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID: 'LDR: %s(), invalid image format of MUI file $LdrpLoadResourceFromAlternativeModule
                            • API String ID: 0-411237641
                            • Opcode ID: 819a6982bd4f56b57650f2fcb73b18b0e77130d5fc7a68dd9b3be1881515d487
                            • Instruction ID: 1fab7a1cfb0bc99419022724bc12130343e7576600bd3d5c22c3ccb67882f47d
                            • Opcode Fuzzy Hash: 819a6982bd4f56b57650f2fcb73b18b0e77130d5fc7a68dd9b3be1881515d487
                            • Instruction Fuzzy Hash: CCD1A9316083868FE725CF28C480B6AFBE9BF84748F04882DF985DB699D734D945CB52
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 013699C7 Relevance: 2.8, Strings: 2, Instructions: 294COMMON
                            Download Yara Rule
                            C-Code - Quality: 95%
                            			E013699C7(signed int __ecx, signed int __edx, signed int _a4, signed int _a8, signed short* _a12) {
				char _v12;
				char* _v16;
				short _v18;
				char _v20;
				char* _v24;
				short _v26;
				char _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				char _v44;
				signed int _v48;
				signed int _v52;
				void* _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				char _v77;
				void* _v80;
				signed int _v88;
				char _v89;
				short _t109;
				short _t110;
				void* _t111;
				signed char* _t114;
				signed int _t115;
				signed char* _t116;
				signed int _t118;
				signed int _t120;
				signed int _t125;
				signed int _t143;
				short _t146;
				signed int _t149;
				short* _t156;
				intOrPtr _t165;
				signed char* _t169;

				_v52 = __ecx;
				_t146 = 0x38;
				_t109 = 0x3a;
				_v26 = _t109;
				_t110 = 0x36;
				_v48 = __edx;
				_v28 = _t146;
				_v24 = L"LdrResFallbackLangList Enter";
				_v20 = _t110;
				_v18 = _t146;
				_v16 = L"LdrResFallbackLangList Exit";
				_t111 = E01377D50();
				_t169 = 0x7ffe0385;
				if(_t111 != 0) {
					_t114 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
				} else {
					_t114 = 0x7ffe0385;
				}
				_t140 = 0x7ffe0384;
				if(( *_t114 & 0x00000001) != 0) {
					_t115 = E01377D50();
					if(_t115 == 0) {
						_t116 = 0x7ffe0384;
					} else {
						_t116 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					E013E6715( &_v28,  *_t116 & 0x000000ff);
				}
				_t156 = _a12;
				if(_t156 == 0) {
					_t165 = 0xc000000d;
					goto L37;
				} else {
					 *_t156 = 0;
					_t149 = 0;
					 *((char*)(_t156 + 0x204)) = 0;
					_v60 = 0;
					_v64 = 0;
					_v77 = 0;
					_v56 = 0;
					while(1) {
						L5:
						_t125 = _t149;
						_t143 = _t149;
						_v68 = _t149 + 1;
						if(_t125 > 7) {
							break;
						}
						switch( *((intOrPtr*)(_t125 * 4 +  &M01369CEB))) {
							case 0:
								__si = _a4;
								goto L13;
							case 1:
								__eflags = _a8 & 0x00000004;
								if((_a8 & 0x00000004) != 0) {
									 *((char*)(__edx + 0x204)) = 1;
									goto L36;
								}
								__eflags = _a4 & 0x000003ff;
								if((_a4 & 0x000003ff) != 0) {
									 *((char*)(__edx + 0x204)) = 1;
									__edx =  &_v72;
									__eax = E0135649B(__ecx, __edx);
									__eflags = __eax;
									if(__eax < 0) {
										goto L36;
									}
									__si = _v72;
									__eflags = __si;
									if(__si != 0) {
										__ecx = __ebx;
									} else {
										__ecx = __ecx | 0xffffffff;
									}
									_v68 = __ecx;
									L26:
									_push(2);
									goto L13;
								}
								goto L26;
							case 2:
								_v76 = 0;
								_t127 = E0136ABEC();
								_t151 = _v60;
								if(_t127 == 0 || _t151 >= ( *( *( *[fs:0x18] + 0xfc0) + 4) & 0x0000ffff)) {
									_t173 = 0;
								} else {
									E0136AAC7(_t151,  *( *[fs:0x18] + 0xfc0), _t151,  &_v76,  &_v77);
									_t173 = _v88;
									_t151 = _v72;
								}
								if(_t173 == 0) {
									goto L21;
								} else {
									if(_v77 != 0) {
										__eflags = _a8 & 0x00100000;
										if((_a8 & 0x00100000) != 0) {
											_t173 = 0xeeee;
										}
									}
									_v60 = _t151 + 1;
									_t149 = _t143;
									_push(3);
									_pop(_t167);
									_v68 = _t149;
									goto L13;
								}
							case 3:
								__eax = _v52;
								__eflags = __eax;
								if(__eax == 0) {
									L32:
									goto L5;
								}
								__edx = _v48;
								 &_v36 =  &_v44;
								__ecx = __eax;
								__eax = E013661A7(__ecx, _v48,  &_v44,  &_v36, _a8);
								__eflags = __eax;
								if(__eax >= 0) {
									 &_v12 = E0139BB40(__ecx,  &_v12, _v44);
									 &_v48 =  &_v20;
									__eax = L013643C0( &_v20,  &_v48);
									__eflags = __al;
									if(__al == 0) {
										_v64 = 0xc00b0005;
										goto L31;
									}
									__eflags = _a8 & 0x00100000;
									__si = _v40;
									_v76 = _v40;
									if((_a8 & 0x00100000) != 0) {
										__edx =  *[fs:0x18];
										 &_v77 =  &_v76;
										__edx =  *( *[fs:0x18] + 0xfc0);
										__eax = E0136AAC7(__ecx, __edx, 0,  &_v76,  &_v77);
										__eflags = _v89;
										if(_v89 == 0) {
											__si = _v76;
										}
									}
									__eax = _v36;
									__al = __al & 0x00000001;
									asm("sbb edi, edi");
									goto L42;
								}
								L31:
								__ecx = _v68;
								__edx = _a12;
								goto L32;
							case 4:
								__eax = 0xeeee;
								_v76 = __ax;
								__eax = _a8;
								__eax =  !_a8;
								__eflags = __eax & 0x00080000;
								if((__eax & 0x00080000) != 0) {
									goto L36;
								}
								__eflags =  *[fs:0x18];
								if( *[fs:0x18] == 0) {
									__si = _v76;
									goto L5;
								}
								__eax =  *[fs:0x18];
								__si =  *((intOrPtr*)( *[fs:0x18] + 0xc4));
								goto L13;
							case 5:
								__eax =  &_v56;
								_push( &_v56);
								_push(1);
								__eax = E01399630();
								__edx = _a12;
								__ecx = __eax;
								_v72 = __ecx;
								__eflags = __ecx;
								__ecx = _v76;
								if(__eflags < 0) {
									goto L5;
								}
								__si = _v56;
								goto L42;
							case 6:
								__eax =  &_v32;
								_push( &_v32);
								_push(0);
								__eax = E01399630();
								__edx = _a12;
								__ecx = __eax;
								_v72 = __ecx;
								__eflags = __ecx;
								__ecx = _v76;
								if(__eflags < 0) {
									goto L5;
								}
								__eax = _v32;
								__eflags = _v32 - _v56;
								if(_v32 == _v56) {
									goto L5;
								}
								__si = __ax;
								L42:
								__ecx = _v68;
								goto L13;
							case 7:
								L13:
								_t159 = _a12;
								if(_t173 == 0xeeee) {
									goto L5;
								}
								_t144 =  *_t159 & 0x0000ffff;
								_t153 = 0;
								_t129 = _t144;
								if(_t129 == 0) {
									L19:
									if(_t144 >= 0x40) {
										goto L36;
									}
									 *(_t159 + 4 + _t129 * 8) = _t173;
									 *((intOrPtr*)(_t159 + 8 + ( *_t159 & 0x0000ffff) * 8)) = _t167;
									 *_t159 =  *_t159 + 1;
									L21:
									_t149 = _v68;
									goto L5;
								}
								_t162 =  &(_t159[2]);
								while( *_t162 != _t173) {
									_t153 = _t153 + 1;
									_t162 =  &(_t162[4]);
									if(_t153 < _t129) {
										continue;
									}
									break;
								}
								_t159 = _a12;
								_t149 = _v68;
								if(_t153 < _t129) {
									goto L5;
								}
								goto L19;
						}
					}
					L36:
					_t165 = _v64;
					_t169 = 0x7ffe0385;
					_t63 = _t169 - 1; // 0x7ffe0384
					_t140 = _t63;
					L37:
					_t118 = E01377D50();
					if(_t118 != 0) {
						_t169 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t169 & 0x00000001) != 0) {
						_t120 = E01377D50();
						if(_t120 != 0) {
							_t140 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						}
						E013E6715( &_v20,  *_t140 & 0x000000ff);
					}
					return _t165;
				}
			}









































                            0x013699d7
                            0x013699dd
                            0x013699e0
                            0x013699e3
                            0x013699e8
                            0x013699e9
                            0x013699ed
                            0x013699f2
                            0x013699fa
                            0x013699ff
                            0x01369a04
                            0x01369a0c
                            0x01369a11
                            0x01369a18
                            0x013b9ff0
                            0x01369a1e
                            0x01369a1e
                            0x01369a1e
                            0x01369a23
                            0x01369a28
                            0x013b9ffa
                            0x013ba001
                            0x013ba013
                            0x013ba003
                            0x013ba00c
                            0x013ba00c
                            0x013ba01c
                            0x013ba01c
                            0x01369a2e
                            0x01369a33
                            0x013ba026
                            0x00000000
                            0x01369a39
                            0x01369a3d
                            0x01369a40
                            0x01369a42
                            0x01369a48
                            0x01369a4c
                            0x01369a50
                            0x01369a54
                            0x01369a58
                            0x01369a58
                            0x01369a58
                            0x01369a5a
                            0x01369a5d
                            0x01369a64
                            0x00000000
                            0x00000000
                            0x01369a6a
                            0x00000000
                            0x01369b45
                            0x00000000
                            0x00000000
                            0x01369b4e
                            0x01369b52
                            0x013ba0cc
                            0x00000000
                            0x013ba0cc
                            0x01369b58
                            0x01369b5f
                            0x013ba030
                            0x013ba03a
                            0x013ba03e
                            0x013ba043
                            0x013ba045
                            0x00000000
                            0x00000000
                            0x013ba04b
                            0x013ba050
                            0x013ba053
                            0x013ba05a
                            0x013ba055
                            0x013ba055
                            0x013ba055
                            0x013ba05c
                            0x01369b6a
                            0x01369b6a
                            0x00000000
                            0x01369b6c
                            0x00000000
                            0x00000000
                            0x01369a73
                            0x01369a78
                            0x01369a7d
                            0x01369a83
                            0x01369b72
                            0x01369aa1
                            0x01369ab9
                            0x01369abe
                            0x01369ac3
                            0x01369ac3
                            0x01369aca
                            0x00000000
                            0x01369ad0
                            0x01369ad5
                            0x013ba065
                            0x013ba06c
                            0x013ba072
                            0x013ba072
                            0x013ba06c
                            0x01369adc
                            0x01369ae0
                            0x01369ae2
                            0x01369ae4
                            0x01369ae5
                            0x00000000
                            0x01369ae5
                            0x00000000
                            0x01369b83
                            0x01369b87
                            0x01369b89
                            0x01369bb2
                            0x00000000
                            0x01369bb2
                            0x01369b8e
                            0x01369b97
                            0x01369b9c
                            0x01369b9e
                            0x01369ba3
                            0x01369ba5
                            0x01369c9f
                            0x01369ca9
                            0x01369cae
                            0x01369cb3
                            0x01369cb5
                            0x013ba0b5
                            0x00000000
                            0x013ba0b5
                            0x01369cbb
                            0x01369cc2
                            0x01369cc7
                            0x01369ccc
                            0x013ba07c
                            0x013ba088
                            0x013ba08d
                            0x013ba095
                            0x013ba09a
                            0x013ba09f
                            0x013ba0ab
                            0x013ba0ab
                            0x013ba09f
                            0x01369cd2
                            0x01369cd6
                            0x01369cdd
                            0x00000000
                            0x01369ce2
                            0x01369bab
                            0x01369bab
                            0x01369baf
                            0x00000000
                            0x00000000
                            0x01369bbc
                            0x01369bc1
                            0x01369bc6
                            0x01369bc9
                            0x01369bcb
                            0x01369bd0
                            0x00000000
                            0x00000000
                            0x01369bd2
                            0x01369bda
                            0x013ba0c2
                            0x00000000
                            0x013ba0c2
                            0x01369be0
                            0x01369be6
                            0x00000000
                            0x00000000
                            0x01369c1f
                            0x01369c28
                            0x01369c29
                            0x01369c2b
                            0x01369c30
                            0x01369c33
                            0x01369c35
                            0x01369c39
                            0x01369c3b
                            0x01369c3f
                            0x00000000
                            0x00000000
                            0x01369c45
                            0x00000000
                            0x00000000
                            0x01369c53
                            0x01369c5c
                            0x01369c5d
                            0x01369c5f
                            0x01369c64
                            0x01369c67
                            0x01369c69
                            0x01369c6d
                            0x01369c6f
                            0x01369c73
                            0x00000000
                            0x00000000
                            0x01369c79
                            0x01369c7d
                            0x01369c81
                            0x00000000
                            0x00000000
                            0x01369c87
                            0x01369c4a
                            0x01369c4a
                            0x00000000
                            0x00000000
                            0x01369ae9
                            0x01369ae9
                            0x01369af4
                            0x00000000
                            0x00000000
                            0x01369afa
                            0x01369afd
                            0x01369aff
                            0x01369b03
                            0x01369b24
                            0x01369b27
                            0x00000000
                            0x00000000
                            0x01369b2d
                            0x01369b35
                            0x01369b39
                            0x01369b3c
                            0x01369b3c
                            0x00000000
                            0x01369b3c
                            0x01369b05
                            0x01369b08
                            0x01369b0d
                            0x01369b0e
                            0x01369b13
                            0x00000000
                            0x00000000
                            0x00000000
                            0x01369b13
                            0x01369b15
                            0x01369b1a
                            0x01369b1e
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x01369a6a
                            0x01369bf2
                            0x01369bf2
                            0x01369bf6
                            0x01369bfb
                            0x01369bfb
                            0x01369bfe
                            0x01369bfe
                            0x01369c05
                            0x013ba0e1
                            0x013ba0e1
                            0x01369c0e
                            0x013ba0ec
                            0x013ba0f3
                            0x013ba0fe
                            0x013ba0fe
                            0x013ba10b
                            0x013ba10b
                            0x01369c1c
                            0x01369c1c

                            Strings
                            • LdrResFallbackLangList Exit, xrefs: 01369A04
                            • LdrResFallbackLangList Enter, xrefs: 013699F2
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID: LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                            • API String ID: 0-1720564570
                            • Opcode ID: c5d6b0f6e83c7805cec703a7cb0dcd948515528889f4f24ce0b5379c721e9b3d
                            • Instruction ID: 3f1dd0d6bcf7d5c2adcc57b1b752562ad8cc009cc9f40a932898b13ad3cbff05
                            • Opcode Fuzzy Hash: c5d6b0f6e83c7805cec703a7cb0dcd948515528889f4f24ce0b5379c721e9b3d
                            • Instruction Fuzzy Hash: 2DB1C071608386CFEB14CF18C480BAAB7E8FF8574CF048969F9859B695E734D944C752
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0141E539 Relevance: 2.8, Strings: 2, Instructions: 261COMMON
                            Download Yara Rule
                            C-Code - Quality: 60%
                            			E0141E539(unsigned int* __ecx, intOrPtr __edx, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v40;
				char _v44;
				intOrPtr _v48;
				signed int _v52;
				unsigned int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				signed int _v72;
				void* __ebx;
				void* __edi;
				char _t87;
				signed int _t90;
				signed int _t94;
				signed int _t100;
				intOrPtr* _t113;
				signed int _t122;
				void* _t132;
				void* _t135;
				signed int _t139;
				signed int* _t141;
				signed int _t146;
				signed int _t147;
				void* _t153;
				signed int _t155;
				signed int _t159;
				char _t166;
				void* _t172;
				void* _t176;
				signed int _t177;
				intOrPtr* _t179;

				_t179 = __ecx;
				_v48 = __edx;
				_v68 = 0;
				_v72 = 0;
				_push(__ecx[1]);
				_push( *__ecx);
				_push(0);
				_t153 = 0x14;
				_t135 = _t153;
				_t132 = E0141BBBB(_t135, _t153);
				if(_t132 == 0) {
					_t166 = _v68;
					goto L43;
				} else {
					_t155 = 0;
					_v52 = 0;
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					_v56 = __ecx[1];
					if( *__ecx >> 8 < 2) {
						_t155 = 1;
						_v52 = 1;
					}
					_t139 = _a4;
					_t87 = (_t155 << 0xc) + _t139;
					_v60 = _t87;
					if(_t87 < _t139) {
						L11:
						_t166 = _v68;
						L12:
						if(_t132 != 0) {
							E0141BCD2(_t132,  *_t179,  *((intOrPtr*)(_t179 + 4)));
						}
						L43:
						if(_v72 != 0) {
							_push( *((intOrPtr*)(_t179 + 4)));
							_push( *_t179);
							_push(0x8000);
							E0141AFDE( &_v72,  &_v60);
						}
						L46:
						return _t166;
					}
					_t90 =  *(_t179 + 0xc) & 0x40000000;
					asm("sbb edi, edi");
					_t172 = ( ~_t90 & 0x0000003c) + 4;
					if(_t90 != 0) {
						_push(0);
						_push(0x14);
						_push( &_v44);
						_push(3);
						_push(_t179);
						_push(0xffffffff);
						if(E01399730() < 0 || (_v40 & 0x00000060) == 0 || _v44 != _t179) {
							_push(_t139);
							E0141A80D(_t179, 1, _v40, 0);
							_t172 = 4;
						}
					}
					_t141 =  &_v72;
					if(E0141A854(_t141,  &_v60, 0, 0x2000, _t172, _t179,  *_t179,  *((intOrPtr*)(_t179 + 4))) >= 0) {
						_v64 = _a4;
						_t94 =  *(_t179 + 0xc) & 0x40000000;
						asm("sbb edi, edi");
						_t176 = ( ~_t94 & 0x0000003c) + 4;
						if(_t94 != 0) {
							_push(0);
							_push(0x14);
							_push( &_v24);
							_push(3);
							_push(_t179);
							_push(0xffffffff);
							if(E01399730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t179) {
								_push(_t141);
								E0141A80D(_t179, 1, _v20, 0);
								_t176 = 4;
							}
						}
						if(E0141A854( &_v72,  &_v64, 0, 0x1000, _t176, 0,  *_t179,  *((intOrPtr*)(_t179 + 4))) < 0) {
							goto L11;
						} else {
							_t177 = _v64;
							 *((intOrPtr*)(_t132 + 0xc)) = _v72;
							_t100 = _v52 + _v52;
							_t146 =  *(_t132 + 0x10) & 0x00000ffd | _t177 & 0xfffff000 | _t100;
							 *(_t132 + 0x10) = _t146;
							asm("bsf eax, [esp+0x18]");
							_v52 = _t100;
							 *(_t132 + 0x10) = (_t100 << 0x00000002 ^ _t146) & 0x000000fc ^ _t146;
							 *((short*)(_t132 + 0xc)) = _t177 - _v48;
							_t47 =  &_a8;
							 *_t47 = _a8 & 0x00000001;
							if( *_t47 == 0) {
								E01372280(_t179 + 0x30, _t179 + 0x30);
							}
							_t147 =  *(_t179 + 0x34);
							_t159 =  *(_t179 + 0x38) & 1;
							_v68 = 0;
							if(_t147 == 0) {
								L35:
								E0136B090(_t179 + 0x34, _t147, _v68, _t132);
								if(_a8 == 0) {
									E0136FFB0(_t132, _t177, _t179 + 0x30);
								}
								asm("lock xadd [eax], ecx");
								asm("lock xadd [eax], edx");
								_t132 = 0;
								_v72 = _v72 & 0;
								_v68 = _v72;
								if(E01377D50() == 0) {
									_t113 = 0x7ffe0388;
								} else {
									_t177 = _v64;
									_t113 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
								}
								if( *_t113 == _t132) {
									_t166 = _v68;
									goto L46;
								} else {
									_t166 = _v68;
									E0140FEC0(_t132, _t179, _t166, _t177 + 0x1000);
									goto L12;
								}
							} else {
								L23:
								while(1) {
									if(_v72 < ( *(_t147 + 0xc) & 0xffff0000)) {
										_t122 =  *_t147;
										if(_t159 == 0) {
											L32:
											if(_t122 == 0) {
												L34:
												_v68 = 0;
												goto L35;
											}
											L33:
											_t147 = _t122;
											continue;
										}
										if(_t122 == 0) {
											goto L34;
										}
										_t122 = _t122 ^ _t147;
										goto L32;
									}
									_t122 =  *(_t147 + 4);
									if(_t159 == 0) {
										L27:
										if(_t122 != 0) {
											goto L33;
										}
										L28:
										_v68 = 1;
										goto L35;
									}
									if(_t122 == 0) {
										goto L28;
									}
									_t122 = _t122 ^ _t147;
									goto L27;
								}
							}
						}
					}
					_v72 = _v72 & 0x00000000;
					goto L11;
				}
			}




































                            0x0141e547
                            0x0141e549
                            0x0141e54f
                            0x0141e553
                            0x0141e557
                            0x0141e55a
                            0x0141e55c
                            0x0141e55f
                            0x0141e561
                            0x0141e567
                            0x0141e56b
                            0x0141e7e2
                            0x00000000
                            0x0141e571
                            0x0141e575
                            0x0141e577
                            0x0141e57b
                            0x0141e57c
                            0x0141e57d
                            0x0141e57e
                            0x0141e57f
                            0x0141e588
                            0x0141e58f
                            0x0141e591
                            0x0141e592
                            0x0141e592
                            0x0141e596
                            0x0141e59e
                            0x0141e5a0
                            0x0141e5a6
                            0x0141e61d
                            0x0141e61d
                            0x0141e621
                            0x0141e623
                            0x0141e630
                            0x0141e630
                            0x0141e7e6
                            0x0141e7eb
                            0x0141e7ed
                            0x0141e7f4
                            0x0141e7fa
                            0x0141e7ff
                            0x0141e7ff
                            0x0141e80a
                            0x0141e812
                            0x0141e812
                            0x0141e5ab
                            0x0141e5b4
                            0x0141e5b9
                            0x0141e5be
                            0x0141e5c0
                            0x0141e5c2
                            0x0141e5c8
                            0x0141e5c9
                            0x0141e5cb
                            0x0141e5cc
                            0x0141e5d5
                            0x0141e5e4
                            0x0141e5f1
                            0x0141e5f8
                            0x0141e5f8
                            0x0141e5d5
                            0x0141e602
                            0x0141e616
                            0x0141e63d
                            0x0141e644
                            0x0141e64d
                            0x0141e652
                            0x0141e657
                            0x0141e659
                            0x0141e65b
                            0x0141e661
                            0x0141e662
                            0x0141e664
                            0x0141e665
                            0x0141e66e
                            0x0141e67d
                            0x0141e68a
                            0x0141e691
                            0x0141e691
                            0x0141e66e
                            0x0141e6b0
                            0x00000000
                            0x0141e6b6
                            0x0141e6bd
                            0x0141e6c7
                            0x0141e6d7
                            0x0141e6d9
                            0x0141e6db
                            0x0141e6de
                            0x0141e6e3
                            0x0141e6f3
                            0x0141e6fc
                            0x0141e700
                            0x0141e700
                            0x0141e704
                            0x0141e70a
                            0x0141e70a
                            0x0141e713
                            0x0141e716
                            0x0141e719
                            0x0141e720
                            0x0141e761
                            0x0141e76b
                            0x0141e774
                            0x0141e77a
                            0x0141e77a
                            0x0141e78a
                            0x0141e791
                            0x0141e799
                            0x0141e79b
                            0x0141e79f
                            0x0141e7aa
                            0x0141e7c0
                            0x0141e7ac
                            0x0141e7b2
                            0x0141e7b9
                            0x0141e7b9
                            0x0141e7c7
                            0x0141e806
                            0x00000000
                            0x0141e7c9
                            0x0141e7d1
                            0x0141e7d8
                            0x00000000
                            0x0141e7d8
                            0x00000000
                            0x00000000
                            0x0141e722
                            0x0141e72e
                            0x0141e748
                            0x0141e74c
                            0x0141e754
                            0x0141e756
                            0x0141e75c
                            0x0141e75c
                            0x00000000
                            0x0141e75c
                            0x0141e758
                            0x0141e758
                            0x00000000
                            0x0141e758
                            0x0141e750
                            0x00000000
                            0x00000000
                            0x0141e752
                            0x00000000
                            0x0141e752
                            0x0141e730
                            0x0141e735
                            0x0141e73d
                            0x0141e73f
                            0x00000000
                            0x00000000
                            0x0141e741
                            0x0141e741
                            0x00000000
                            0x0141e741
                            0x0141e739
                            0x00000000
                            0x00000000
                            0x0141e73b
                            0x00000000
                            0x0141e73b
                            0x0141e722
                            0x0141e720
                            0x0141e6b0
                            0x0141e618
                            0x00000000
                            0x0141e618

                            Strings
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID: `$`
                            • API String ID: 0-197956300
                            • Opcode ID: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                            • Instruction ID: 8e9cf7a9ad2857884bffd582277898760c440f9eb4387d52d36eab898b97fbac
                            • Opcode Fuzzy Hash: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                            • Instruction Fuzzy Hash: C391B1352043429FE725CF29C941B1BBBE5BF84714F14892EFAA9DB2A4E774E804CB51
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 013D51BE Relevance: 2.7, Strings: 2, Instructions: 173COMMON
                            Download Yara Rule
                            C-Code - Quality: 77%
                            			E013D51BE(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				signed short* _t63;
				signed int _t64;
				signed int _t65;
				signed int _t67;
				intOrPtr _t74;
				intOrPtr _t84;
				intOrPtr _t88;
				intOrPtr _t94;
				void* _t100;
				void* _t103;
				intOrPtr _t105;
				signed int _t106;
				short* _t108;
				signed int _t110;
				signed int _t113;
				signed int* _t115;
				signed short* _t117;
				void* _t118;
				void* _t119;

				_push(0x80);
				_push(0x14305f0);
				E013AD0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t118 - 0x80)) = __edx;
				_t115 =  *(_t118 + 0xc);
				 *(_t118 - 0x7c) = _t115;
				 *((char*)(_t118 - 0x65)) = 0;
				 *((intOrPtr*)(_t118 - 0x64)) = 0;
				_t113 = 0;
				 *((intOrPtr*)(_t118 - 0x6c)) = 0;
				 *((intOrPtr*)(_t118 - 4)) = 0;
				_t100 = __ecx;
				if(_t100 == 0) {
					 *(_t118 - 0x90) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
					E0136EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *((char*)(_t118 - 0x65)) = 1;
					_t63 =  *(_t118 - 0x90);
					_t101 = _t63[2];
					_t64 =  *_t63 & 0x0000ffff;
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					L20:
					_t65 = _t64 >> 1;
					L21:
					_t108 =  *((intOrPtr*)(_t118 - 0x80));
					if(_t108 == 0) {
						L27:
						 *_t115 = _t65 + 1;
						_t67 = 0xc0000023;
						L28:
						 *((intOrPtr*)(_t118 - 0x64)) = _t67;
						L29:
						 *((intOrPtr*)(_t118 - 4)) = 0xfffffffe;
						E013D53CA(0);
						return E013AD130(0, _t113, _t115);
					}
					if(_t65 >=  *((intOrPtr*)(_t118 + 8))) {
						if(_t108 != 0 &&  *((intOrPtr*)(_t118 + 8)) >= 1) {
							 *_t108 = 0;
						}
						goto L27;
					}
					 *_t115 = _t65;
					_t115 = _t65 + _t65;
					E0139F3E0(_t108, _t101, _t115);
					 *((short*)(_t115 +  *((intOrPtr*)(_t118 - 0x80)))) = 0;
					_t67 = 0;
					goto L28;
				}
				_t103 = _t100 - 1;
				if(_t103 == 0) {
					_t117 =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38;
					_t74 = E01373690(1, _t117, 0x1331810, _t118 - 0x74);
					 *((intOrPtr*)(_t118 - 0x64)) = _t74;
					_t101 = _t117[2];
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					if(_t74 < 0) {
						_t64 =  *_t117 & 0x0000ffff;
						_t115 =  *(_t118 - 0x7c);
						goto L20;
					}
					_t65 = (( *(_t118 - 0x74) & 0x0000ffff) >> 1) + 1;
					_t115 =  *(_t118 - 0x7c);
					goto L21;
				}
				if(_t103 == 1) {
					_t105 = 4;
					 *((intOrPtr*)(_t118 - 0x78)) = _t105;
					 *((intOrPtr*)(_t118 - 0x70)) = 0;
					_push(_t118 - 0x70);
					_push(0);
					_push(0);
					_push(_t105);
					_push(_t118 - 0x78);
					_push(0x6b);
					 *((intOrPtr*)(_t118 - 0x64)) = E0139AA90();
					 *((intOrPtr*)(_t118 - 0x64)) = 0;
					_t113 = E01374620(_t105,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8,  *((intOrPtr*)(_t118 - 0x70)));
					 *((intOrPtr*)(_t118 - 0x6c)) = _t113;
					if(_t113 != 0) {
						_push(_t118 - 0x70);
						_push( *((intOrPtr*)(_t118 - 0x70)));
						_push(_t113);
						_push(4);
						_push(_t118 - 0x78);
						_push(0x6b);
						_t84 = E0139AA90();
						 *((intOrPtr*)(_t118 - 0x64)) = _t84;
						if(_t84 < 0) {
							goto L29;
						}
						_t110 = 0;
						_t106 = 0;
						while(1) {
							 *((intOrPtr*)(_t118 - 0x84)) = _t110;
							 *(_t118 - 0x88) = _t106;
							if(_t106 >= ( *(_t113 + 0xa) & 0x0000ffff)) {
								break;
							}
							_t110 = _t110 + ( *(_t106 * 0x2c + _t113 + 0x21) & 0x000000ff);
							_t106 = _t106 + 1;
						}
						_t88 = E013D500E(_t106, _t118 - 0x3c, 0x20, _t118 - 0x8c, 0, 0, L"%u", _t110);
						_t119 = _t119 + 0x1c;
						 *((intOrPtr*)(_t118 - 0x64)) = _t88;
						if(_t88 < 0) {
							goto L29;
						}
						_t101 = _t118 - 0x3c;
						_t65 =  *((intOrPtr*)(_t118 - 0x8c)) - _t118 - 0x3c >> 1;
						goto L21;
					}
					_t67 = 0xc0000017;
					goto L28;
				}
				_push(0);
				_push(0x20);
				_push(_t118 - 0x60);
				_push(0x5a);
				_t94 = E01399860();
				 *((intOrPtr*)(_t118 - 0x64)) = _t94;
				if(_t94 < 0) {
					goto L29;
				}
				if( *((intOrPtr*)(_t118 - 0x50)) == 1) {
					_t101 = L"Legacy";
					_push(6);
				} else {
					_t101 = L"UEFI";
					_push(4);
				}
				_pop(_t65);
				goto L21;
			}






















                            0x013d51be
                            0x013d51c3
                            0x013d51c8
                            0x013d51cd
                            0x013d51d0
                            0x013d51d3
                            0x013d51d8
                            0x013d51db
                            0x013d51de
                            0x013d51e0
                            0x013d51e3
                            0x013d51e6
                            0x013d51e8
                            0x013d5342
                            0x013d5351
                            0x013d5356
                            0x013d535a
                            0x013d5360
                            0x013d5363
                            0x013d5366
                            0x013d5369
                            0x013d5369
                            0x013d536b
                            0x013d536b
                            0x013d5370
                            0x013d53a3
                            0x013d53a4
                            0x013d53a6
                            0x013d53ab
                            0x013d53ab
                            0x013d53ae
                            0x013d53ae
                            0x013d53b5
                            0x013d53bf
                            0x013d53bf
                            0x013d5375
                            0x013d5396
                            0x013d53a0
                            0x013d53a0
                            0x00000000
                            0x013d5396
                            0x013d5377
                            0x013d5379
                            0x013d537f
                            0x013d538c
                            0x013d5390
                            0x00000000
                            0x013d5390
                            0x013d51ee
                            0x013d51f1
                            0x013d5301
                            0x013d5310
                            0x013d5315
                            0x013d5318
                            0x013d531b
                            0x013d5320
                            0x013d532e
                            0x013d5331
                            0x00000000
                            0x013d5331
                            0x013d5328
                            0x013d5329
                            0x00000000
                            0x013d5329
                            0x013d51fa
                            0x013d5235
                            0x013d5236
                            0x013d5239
                            0x013d523f
                            0x013d5240
                            0x013d5241
                            0x013d5242
                            0x013d5246
                            0x013d5247
                            0x013d524e
                            0x013d5251
                            0x013d5267
                            0x013d5269
                            0x013d526e
                            0x013d527d
                            0x013d527e
                            0x013d5281
                            0x013d5282
                            0x013d5287
                            0x013d5288
                            0x013d528a
                            0x013d528f
                            0x013d5294
                            0x00000000
                            0x00000000
                            0x013d529a
                            0x013d529c
                            0x013d529e
                            0x013d529e
                            0x013d52a4
                            0x013d52b0
                            0x00000000
                            0x00000000
                            0x013d52ba
                            0x013d52bc
                            0x013d52bc
                            0x013d52d4
                            0x013d52d9
                            0x013d52dc
                            0x013d52e1
                            0x00000000
                            0x00000000
                            0x013d52e7
                            0x013d52f4
                            0x00000000
                            0x013d52f4
                            0x013d5270
                            0x00000000
                            0x013d5270
                            0x013d51fc
                            0x013d51fd
                            0x013d5202
                            0x013d5203
                            0x013d5205
                            0x013d520a
                            0x013d520f
                            0x00000000
                            0x00000000
                            0x013d521b
                            0x013d5226
                            0x013d522b
                            0x013d521d
                            0x013d521d
                            0x013d5222
                            0x013d5222
                            0x013d522d
                            0x00000000

                            Strings
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID: InitializeThunk
                            • String ID: Legacy$UEFI
                            • API String ID: 2994545307-634100481
                            • Opcode ID: 1b85f9bfda3459bc126d4cfc03a636fab7e639f6e7b92b4f571b8f389483d504
                            • Instruction ID: 0c66e1135e99df18e2812db3a030b6a0d4045948c08a41ede2c3f64960594857
                            • Opcode Fuzzy Hash: 1b85f9bfda3459bc126d4cfc03a636fab7e639f6e7b92b4f571b8f389483d504
                            • Instruction Fuzzy Hash: EC516E72E006099FDB25DFA8D880BADBBF8FF58748F14402DE649EB251DA71D900CB10
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 013884E0 Relevance: 2.7, Strings: 2, Instructions: 172COMMON
                            Download Yara Rule
                            C-Code - Quality: 91%
                            			E013884E0(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				short _t59;
				short _t60;
				signed char** _t62;
				signed char* _t63;
				signed char* _t64;
				signed char* _t65;
				signed char* _t67;
				signed int _t69;
				signed char** _t74;
				signed char* _t75;
				signed char* _t76;
				intOrPtr _t81;
				signed char* _t90;
				short _t91;
				signed int _t93;
				signed int _t97;
				signed int _t101;
				intOrPtr _t109;
				signed char* _t110;
				void* _t114;

				_push(0x44);
				_push(0x14300d0);
				E013AD08C(__ebx, __edi, __esi);
				_t91 = 0x36;
				 *((short*)(_t114 - 0x38)) = _t91;
				_t59 = 0x38;
				 *((short*)(_t114 - 0x36)) = _t59;
				 *(_t114 - 0x34) = L"LdrpResGetMappingSize Enter";
				_t60 = 0x34;
				 *((short*)(_t114 - 0x40)) = _t60;
				 *((short*)(_t114 - 0x3e)) = _t91;
				 *(_t114 - 0x3c) = L"LdrpResGetMappingSize Exit";
				_t62 =  *( *[fs:0x30] + 0x50);
				if(_t62 != 0) {
					__eflags =  *_t62;
					if( *_t62 == 0) {
						goto L1;
					}
					_t63 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
					L2:
					if(( *_t63 & 0x00000001) != 0) {
						_t64 = E01377D50();
						_t112 = 0x7ffe0384;
						__eflags = _t64;
						if(_t64 == 0) {
							_t65 = 0x7ffe0384;
						} else {
							_t65 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
						}
						E013E6715(_t114 - 0x38,  *_t65 & 0x000000ff);
						L4:
						_t101 =  *(_t114 + 8);
						if(_t101 == 0) {
							L49:
							_t67 = 0xc000000d;
							L21:
							return E013AD0D1(_t67);
						}
						_t93 =  *(_t114 + 0xc);
						if(_t93 == 0) {
							goto L49;
						}
						 *((intOrPtr*)(_t114 - 0x28)) = 0;
						_t69 =  *(_t114 + 0x10);
						if((_t69 & 0x00020000) != 0) {
							 *((intOrPtr*)(_t114 - 0x28)) =  *_t93;
						}
						 *_t93 =  *_t93 & 0x00000000;
						_t90 = 0;
						asm("bt eax, 0x8");
						 *(_t114 - 0x19) = (_t93 & 0xffffff00 | (_t101 & 0x00000001) == 0x00000000) & (_t69 & 0xffffff00 | (_t101 & 0x00000001) > 0x00000000);
						 *(_t114 - 0x34) = _t101 & 0xfffffffc;
						_t67 = E0136E9C0(1, _t101 & 0xfffffffc, 0, 0, _t114 - 0x2c);
						 *(_t114 - 0x20) = _t67;
						if(_t67 < 0) {
							goto L21;
						} else {
							 *(_t114 - 4) =  *(_t114 - 4) & 0;
							_t109 =  *((intOrPtr*)(_t114 - 0x2c));
							_t97 =  *(_t109 + 0x18) & 0x0000ffff;
							if(_t97 != 0x10b) {
								L29:
								__eflags = _t97 - 0x20b;
								if(_t97 == 0x20b) {
									goto L9;
								}
								_t110 = 0;
								 *(_t114 - 0x24) = 0;
								_t67 = 0xc000007b;
								 *(_t114 - 0x20) = 0xc000007b;
								L10:
								 *(_t114 - 4) = 0xfffffffe;
								if(_t67 < 0) {
									goto L21;
								}
								if( *(_t114 - 0x19) == 0 || _t110 == 0) {
									__eflags =  *((char*)(_t114 + 0x14));
									if(__eflags == 0) {
										_t90 = E0136EAEA(_t90,  *(_t114 + 8), _t110, _t112, __eflags);
									}
									__eflags = _t90;
									if(_t90 != 0) {
										_t67 = 0;
										 *(_t114 - 0x20) = 0;
									} else {
										_push(_t90);
										_push(0x14);
										_push(_t114 - 0x54);
										_push(3);
										_push( *(_t114 - 0x34));
										_push(0xffffffff);
										_t67 = E01399730();
										 *(_t114 - 0x20) = _t67;
										__eflags = _t67;
										if(_t67 >= 0) {
											_t90 =  *(_t114 - 0x48);
										}
									}
									__eflags = _t90;
									if(_t90 != 0) {
										goto L14;
									} else {
										__eflags = _t110;
										if(_t110 == 0) {
											goto L14;
										} else {
											_t67 = 0;
											 *(_t114 - 0x20) = 0;
											goto L13;
										}
										goto L29;
									}
								} else {
									L13:
									_t90 = _t110;
									L14:
									if(_t67 < 0) {
										L17:
										_t74 =  *( *[fs:0x30] + 0x50);
										if(_t74 != 0) {
											__eflags =  *_t74;
											if( *_t74 == 0) {
												goto L18;
											}
											_t75 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
											L19:
											if(( *_t75 & 0x00000001) != 0) {
												_t76 = E01377D50();
												__eflags = _t76;
												if(_t76 != 0) {
													_t112 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
													__eflags =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
												}
												E013E6715(_t114 - 0x40,  *_t112 & 0x000000ff);
											}
											_t67 =  *(_t114 - 0x20);
											goto L21;
										}
										L18:
										_t75 = 0x7ffe0385;
										goto L19;
									}
									_t81 =  *((intOrPtr*)(_t114 - 0x28));
									if(_t81 != 0) {
										__eflags = _t81 - _t90;
										if(_t81 >= _t90) {
											goto L16;
										}
										 *(_t114 - 0x20) = 0xc000001f;
										goto L17;
									}
									L16:
									 *( *(_t114 + 0xc)) = _t90;
									goto L17;
								}
							}
							L9:
							_t110 =  *(_t109 + 0x50);
							 *(_t114 - 0x24) = _t110;
							goto L10;
						}
					}
					_t112 = 0x7ffe0384;
					goto L4;
				}
				L1:
				_t63 = 0x7ffe0385;
				goto L2;
			}























                            0x013884e0
                            0x013884e2
                            0x013884e7
                            0x013884ee
                            0x013884ef
                            0x013884f5
                            0x013884f6
                            0x013884fa
                            0x01388503
                            0x01388504
                            0x01388508
                            0x0138850c
                            0x01388519
                            0x0138851e
                            0x013c8e3c
                            0x013c8e3f
                            0x00000000
                            0x00000000
                            0x013c8e4e
                            0x01388529
                            0x0138852c
                            0x013c8e58
                            0x013c8e5d
                            0x013c8e62
                            0x013c8e64
                            0x013c8e76
                            0x013c8e66
                            0x013c8e6f
                            0x013c8e6f
                            0x013c8e7e
                            0x01388537
                            0x01388537
                            0x0138853c
                            0x013c8f31
                            0x013c8f31
                            0x01388601
                            0x01388606
                            0x01388606
                            0x01388542
                            0x01388547
                            0x00000000
                            0x00000000
                            0x0138854f
                            0x01388552
                            0x0138855a
                            0x013c8e8a
                            0x013c8e8a
                            0x01388560
                            0x01388563
                            0x0138856d
                            0x01388576
                            0x0138857e
                            0x0138858a
                            0x0138858f
                            0x01388594
                            0x00000000
                            0x01388596
                            0x01388596
                            0x01388599
                            0x0138859c
                            0x013885a8
                            0x01388643
                            0x01388648
                            0x0138864b
                            0x00000000
                            0x00000000
                            0x013c8e92
                            0x013c8e94
                            0x013c8e97
                            0x013c8e9c
                            0x013885b4
                            0x013885b4
                            0x013885bd
                            0x00000000
                            0x00000000
                            0x013885c3
                            0x01388609
                            0x0138860d
                            0x01388617
                            0x01388617
                            0x01388619
                            0x0138861b
                            0x01388656
                            0x01388658
                            0x0138861d
                            0x0138861d
                            0x0138861e
                            0x01388623
                            0x01388624
                            0x01388626
                            0x01388629
                            0x0138862b
                            0x01388630
                            0x01388633
                            0x01388635
                            0x01388637
                            0x01388637
                            0x01388635
                            0x0138863a
                            0x0138863c
                            0x00000000
                            0x0138863e
                            0x013c8ec7
                            0x013c8ec9
                            0x00000000
                            0x013c8ecf
                            0x013c8ecf
                            0x013c8ed1
                            0x00000000
                            0x013c8ed1
                            0x00000000
                            0x013c8ec9
                            0x013885c9
                            0x013885c9
                            0x013885c9
                            0x013885cb
                            0x013885cd
                            0x013885df
                            0x013885e5
                            0x013885ea
                            0x013c8eed
                            0x013c8ef0
                            0x00000000
                            0x00000000
                            0x013c8eff
                            0x013885f5
                            0x013885f8
                            0x013c8f09
                            0x013c8f0e
                            0x013c8f10
                            0x013c8f1b
                            0x013c8f1b
                            0x013c8f1b
                            0x013c8f27
                            0x013c8f27
                            0x013885fe
                            0x00000000
                            0x013885fe
                            0x013885f0
                            0x013885f0
                            0x00000000
                            0x013885f0
                            0x013885cf
                            0x013885d4
                            0x013c8ed9
                            0x013c8edb
                            0x00000000
                            0x00000000
                            0x013c8ee1
                            0x00000000
                            0x013c8ee1
                            0x013885da
                            0x013885dd
                            0x00000000
                            0x013885dd
                            0x013885c3
                            0x013885ae
                            0x013885ae
                            0x013885b1
                            0x00000000
                            0x013885b1
                            0x01388594
                            0x01388532
                            0x00000000
                            0x01388532
                            0x01388524
                            0x01388524
                            0x00000000

                            Strings
                            • LdrpResGetMappingSize Enter, xrefs: 013884FA
                            • LdrpResGetMappingSize Exit, xrefs: 0138850C
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID: LdrpResGetMappingSize Enter$LdrpResGetMappingSize Exit
                            • API String ID: 0-1497657909
                            • Opcode ID: fdcb464ff90d6dfe78b4671547076c64849548786ed90670f0098ec72656d731
                            • Instruction ID: b003ceb11b370edd659473d02c7fa21224802a160968067e52724692bb2d0274
                            • Opcode Fuzzy Hash: fdcb464ff90d6dfe78b4671547076c64849548786ed90670f0098ec72656d731
                            • Instruction Fuzzy Hash: 6D51B071A00349DFEB11DFA8D840BAE7BB9AF5475CF5400A9EA01AB691E774DE40CB24
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 01354439 Relevance: 2.6, Strings: 2, Instructions: 129COMMON
                            Download Yara Rule
                            C-Code - Quality: 68%
                            			E01354439(intOrPtr* __ecx, signed int __edx) {
				signed int _v8;
				signed int _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				signed int _v72;
				intOrPtr _v76;
				signed int _v84;
				signed int _v88;
				char _v92;
				signed int _v96;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t64;
				signed int _t68;
				intOrPtr* _t72;
				signed int _t74;
				void* _t77;
				signed int _t83;
				signed int _t84;

				_t79 = __edx;
				_t54 =  *0x144d360 ^ _t84;
				_v8 =  *0x144d360 ^ _t84;
				_t82 = __ecx;
				_v96 = __edx;
				_t74 = __edx;
				if(__edx != 0 && ( *(__edx + 8) & 0x00000004) == 0) {
					_t82 = __ecx + 4;
					_t72 =  *_t82;
					while(_t72 != _t82) {
						_t83 = _t72 - 8;
						_t79 = 1;
						if( *_t83 != 0x74736c46) {
							_v84 = _v84 & 0x00000000;
							_push( &_v92);
							_v76 = 4;
							_v72 = 1;
							_v68 = 1;
							_v64 = _t82;
							_v60 = _t83;
							_v92 = 0xc0150015;
							_v88 = 1;
							E013ADEF0(_t74, 1);
							_t74 = _v96;
							_t79 = 1;
						}
						if( *(_t83 + 0x14) !=  !( *(_t83 + 4))) {
							_v84 = _v84 & 0x00000000;
							_push( &_v92);
							_v76 = 4;
							_v72 = _t79;
							_v68 = 2;
							_v64 = _t82;
							_v60 = _t83;
							_v92 = 0xc0150015;
							_v88 = _t79;
							E013ADEF0(_t74, _t79);
							_t74 = _v96;
						}
						_t9 = _t83 + 0x18; // 0x1c
						_t54 = _t9;
						if(_t74 < _t9) {
							L13:
							_t72 =  *_t72;
							continue;
						} else {
							_t10 = _t83 + 0x618; // 0x61c
							_t54 = _t10;
							if(_t74 >= _t10) {
								goto L13;
							} else {
								_v96 = 0x30;
								_t64 = _t74 - _t83 - 0x18;
								asm("cdq");
								_t79 = _t64 % _v96;
								_t54 = 0x18 + _t64 / _v96 * 0x30 + _t83;
								if(_t74 == 0x18 + _t64 / _v96 * 0x30 + _t83) {
									_t54 =  *(_t83 + 4);
									if(_t54 != 0) {
										_t68 = _t54 - 1;
										 *(_t83 + 4) = _t68;
										_t54 =  !_t68;
										 *(_t83 + 0x14) =  !_t68;
										 *((intOrPtr*)(_t74 + 8)) = 4;
										if( *(_t83 + 4) == 0) {
											_t54 =  *(_t72 + 4);
											if(_t54 != _t82) {
												do {
													_t83 =  *(_t54 + 4);
													_t79 = _t54 - 8;
													if( *((intOrPtr*)(_t54 - 8 + 4)) == 0) {
														_t77 =  *_t54;
														if( *(_t77 + 4) != _t54 ||  *_t83 != _t54) {
															_push(3);
															asm("int 0x29");
															return 0x3e5;
														}
														 *_t83 = _t77;
														 *(_t77 + 4) = _t83;
														L013777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t79);
													}
													_t54 = _t83;
												} while (_t83 != _t82);
											}
										}
									}
								}
							}
						}
						goto L12;
					}
				}
				L12:
				return E0139B640(_t54, _t72, _v8 ^ _t84, _t79, _t82, _t83);
			}
























                            0x01354439
                            0x01354446
                            0x01354448
                            0x0135444e
                            0x01354450
                            0x01354453
                            0x01354457
                            0x01354467
                            0x0135446a
                            0x0135446c
                            0x01354472
                            0x01354475
                            0x0135447c
                            0x013b080d
                            0x013b0814
                            0x013b0815
                            0x013b081c
                            0x013b081f
                            0x013b0822
                            0x013b0825
                            0x013b0828
                            0x013b082f
                            0x013b0832
                            0x013b0837
                            0x013b083c
                            0x013b083c
                            0x0135448a
                            0x013b0842
                            0x013b0849
                            0x013b084a
                            0x013b0851
                            0x013b0854
                            0x013b085b
                            0x013b085e
                            0x013b0861
                            0x013b0868
                            0x013b086b
                            0x013b0870
                            0x013b0870
                            0x01354490
                            0x01354490
                            0x01354495
                            0x013544f8
                            0x013544f8
                            0x00000000
                            0x01354497
                            0x01354497
                            0x01354497
                            0x0135449f
                            0x00000000
                            0x013544a1
                            0x013544a3
                            0x013544ac
                            0x013544af
                            0x013544b0
                            0x013544b9
                            0x013544bd
                            0x013544bf
                            0x013544c4
                            0x013544c6
                            0x013544c7
                            0x013544ca
                            0x013544cc
                            0x013544cf
                            0x013544da
                            0x013544dc
                            0x013544e1
                            0x013b0878
                            0x013b0878
                            0x013b087b
                            0x013b0882
                            0x013b0884
                            0x013b0889
                            0x013b08b0
                            0x013b08b3
                            0x00000000
                            0x013b08b5
                            0x013b0896
                            0x013b089a
                            0x013b08a0
                            0x013b08a0
                            0x013b08a5
                            0x013b08a7
                            0x013b08ab
                            0x013544e1
                            0x013544da
                            0x013544c4
                            0x013544bd
                            0x0135449f
                            0x00000000
                            0x01354495
                            0x0135446c
                            0x013544e7
                            0x013544f7

                            Strings
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID: 0$Flst
                            • API String ID: 0-758220159
                            • Opcode ID: 122a9c13fdbe29e931d988c1a0b5a17d571d7bf6d0610b3fec84d4bb00bb3a7e
                            • Instruction ID: 256a3793e7e1694080776249cb2f114593af3938361ea783a4df07dd7563c6d1
                            • Opcode Fuzzy Hash: 122a9c13fdbe29e931d988c1a0b5a17d571d7bf6d0610b3fec84d4bb00bb3a7e
                            • Instruction Fuzzy Hash: 00417DB1A00648CFDB29CF99D580BAEFBF5EF44718F14802AD549AB645E7319985CB80
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 013661A7 Relevance: 2.6, Strings: 2, Instructions: 115COMMON
                            Download Yara Rule
                            C-Code - Quality: 100%
                            			E013661A7(intOrPtr __ecx, intOrPtr __edx, signed int* _a4, signed int* _a8, intOrPtr _a12) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char* _v20;
				short _v22;
				char _v24;
				char* _v28;
				short _v30;
				char _v32;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				short _t33;
				short _t34;
				void* _t35;
				signed char* _t38;
				signed int _t39;
				signed char* _t40;
				intOrPtr* _t43;
				void* _t45;
				signed int _t46;
				signed int _t47;
				signed int _t49;
				signed int _t53;
				signed char* _t56;
				short _t59;
				intOrPtr* _t61;
				signed int _t69;
				signed int _t70;

				_v12 = __ecx;
				_t70 = 0;
				_t59 = 0x42;
				_t33 = 0x44;
				_v22 = _t33;
				_t34 = 0x40;
				_v16 = __edx;
				_v8 = 0;
				_v24 = _t59;
				_v20 = L"RtlpResUltimateFallbackInfo Enter";
				_v32 = _t34;
				_v30 = _t59;
				_v28 = L"RtlpResUltimateFallbackInfo Exit";
				_t35 = E01377D50();
				_t56 = 0x7ffe0385;
				if(_t35 != 0) {
					_t38 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
				} else {
					_t38 = 0x7ffe0385;
				}
				_t71 = 0x7ffe0384;
				if(( *_t38 & 0x00000001) != 0) {
					_t39 = E01377D50();
					__eflags = _t39;
					if(_t39 == 0) {
						_t40 = 0x7ffe0384;
					} else {
						_t40 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					E013E6715( &_v24,  *_t40 & 0x000000ff);
				}
				_t67 = _v12;
				if(_v12 == 0) {
					L27:
					return 0xc000000d;
				} else {
					_t43 = _a4;
					if(_t43 == 0) {
						goto L27;
					}
					_t61 = _a8;
					_t77 = _t61;
					if(_t61 == 0) {
						goto L27;
					}
					 *_t43 = _t70;
					 *_t61 = _t70;
					_t45 = E013662A0(_t56, _t70, _t71, _t77, _t67, _v16,  &_v8, _a12, 1);
					if(_t45 >= 0) {
						_t46 = _v8;
						__eflags = _t46;
						if(_t46 == 0) {
							L17:
							_t70 = 0xc0000001;
							L14:
							_t47 = E01377D50();
							__eflags = _t47;
							if(_t47 != 0) {
								_t56 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t56 & 0x00000001;
							if(( *_t56 & 0x00000001) != 0) {
								_t49 = E01377D50();
								__eflags = _t49;
								if(_t49 != 0) {
									_t71 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
									__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
								}
								E013E6715( &_v32,  *_t71 & 0x000000ff);
								goto L16;
							} else {
								L16:
								return _t70;
							}
						}
						__eflags = _t46 - 0xffffffff;
						if(_t46 == 0xffffffff) {
							goto L17;
						}
						__eflags =  *((intOrPtr*)(_t46 + 0x7c)) - _t70;
						if( *((intOrPtr*)(_t46 + 0x7c)) == _t70) {
							goto L17;
						}
						__eflags =  *((intOrPtr*)(_t46 + 0x80)) - _t70;
						if( *((intOrPtr*)(_t46 + 0x80)) == _t70) {
							goto L17;
						}
						_t69 =  *(_t46 + 0x18);
						__eflags = _t69;
						if(_t69 == 0) {
							goto L17;
						}
						_t53 = _t46 +  *((intOrPtr*)(_t46 + 0x7c));
						__eflags = _t53;
						 *_a8 = _t69;
						 *_a4 = _t53;
						goto L14;
					}
					return _t45;
				}
			}

































                            0x013661b4
                            0x013661b7
                            0x013661b9
                            0x013661bc
                            0x013661bf
                            0x013661c3
                            0x013661c4
                            0x013661c7
                            0x013661ca
                            0x013661ce
                            0x013661d5
                            0x013661d9
                            0x013661dd
                            0x013661e4
                            0x013661e9
                            0x013661f0
                            0x013b8fb9
                            0x013661f6
                            0x013661f6
                            0x013661f6
                            0x013661fb
                            0x01366200
                            0x013b8fc3
                            0x013b8fc8
                            0x013b8fca
                            0x013b8fdc
                            0x013b8fcc
                            0x013b8fd5
                            0x013b8fd5
                            0x013b8fe4
                            0x013b8fe4
                            0x01366206
                            0x0136620b
                            0x013b902a
                            0x00000000
                            0x01366211
                            0x01366211
                            0x01366216
                            0x00000000
                            0x00000000
                            0x0136621c
                            0x0136621f
                            0x01366221
                            0x00000000
                            0x00000000
                            0x0136622c
                            0x01366235
                            0x01366238
                            0x0136623f
                            0x0136624a
                            0x0136624d
                            0x0136624f
                            0x01366291
                            0x01366291
                            0x01366277
                            0x01366277
                            0x0136627c
                            0x0136627e
                            0x013b8ff7
                            0x013b8ff7
                            0x01366284
                            0x01366287
                            0x013b9002
                            0x013b9007
                            0x013b9009
                            0x013b9014
                            0x013b9014
                            0x013b9014
                            0x013b9020
                            0x00000000
                            0x0136628d
                            0x0136628d
                            0x00000000
                            0x0136628d
                            0x01366287
                            0x01366251
                            0x01366254
                            0x00000000
                            0x00000000
                            0x01366256
                            0x01366259
                            0x00000000
                            0x00000000
                            0x0136625b
                            0x01366261
                            0x00000000
                            0x00000000
                            0x01366263
                            0x01366266
                            0x01366268
                            0x00000000
                            0x00000000
                            0x0136626d
                            0x0136626d
                            0x01366270
                            0x01366275
                            0x00000000
                            0x01366275
                            0x01366247
                            0x01366247

                            Strings
                            • RtlpResUltimateFallbackInfo Exit, xrefs: 013661DD
                            • RtlpResUltimateFallbackInfo Enter, xrefs: 013661CE
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                            • API String ID: 0-2876891731
                            • Opcode ID: 9d38cc9af911951134c63c99207cd4c6e1b102a4e7321d91adaa4ca0a85883e0
                            • Instruction ID: edc784014b050fe0f2da1b37f46e6b4f83c5ecbbecf88643def09f34474cb02e
                            • Opcode Fuzzy Hash: 9d38cc9af911951134c63c99207cd4c6e1b102a4e7321d91adaa4ca0a85883e0
                            • Instruction Fuzzy Hash: 7141C3B1A00209DBDB218F6DC885BAA7BBDFF8034CF148095EA04DB695F7359940CB51
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0138D4B0 Relevance: 2.6, Strings: 2, Instructions: 67COMMON
                            Download Yara Rule
                            C-Code - Quality: 82%
                            			E0138D4B0(signed int* __ecx, signed int __edx, void* _a4) {
				signed int _v8;
				void* _t17;
				signed int* _t26;
				signed int _t29;
				void* _t34;
				signed int _t41;

				_push(__ecx);
				_push(__ecx);
				_v8 = _v8 & 0x00000000;
				_t26 = __ecx;
				_t41 = __edx;
				if(__ecx == 0 || __edx == 0) {
					_push(_t41);
					_push(_t26);
					E013E5720(0x33, 0, "SXS: %s() bad parameters:\nSXS:    Map        : 0x%p\nSXS:    EntryCount : 0x%lx\n", "RtlpInitializeAssemblyStorageMap");
					_t17 = 0xc000000d;
				} else {
					_t34 = _a4;
					if(_t34 == 0) {
						_t29 = 4;
						_t17 = E0138F3D5( &_v8, __edx * _t29, __edx * _t29 >> 0x20);
						if(_t17 >= 0) {
							_t34 = E01374620( &_v8,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v8);
							if(_t34 != 0) {
								_v8 = 1;
								goto L3;
							} else {
								_t17 = 0xc0000017;
							}
						}
					} else {
						L3:
						if(_t41 != 0) {
							memset(_t34, 0, _t41 << 2);
						}
						 *_t26 = _v8;
						_t17 = 0;
						_t26[1] = _t41;
						_t26[2] = _t34;
					}
				}
				return _t17;
			}









                            0x0138d4b5
                            0x0138d4b6
                            0x0138d4b7
                            0x0138d4bd
                            0x0138d4bf
                            0x0138d4c4
                            0x013cb0b0
                            0x013cb0b1
                            0x013cb0c0
                            0x013cb0c8
                            0x0138d4d2
                            0x0138d4d2
                            0x0138d4d7
                            0x013cb06a
                            0x013cb074
                            0x013cb07b
                            0x013cb094
                            0x013cb098
                            0x013cb0a4
                            0x00000000
                            0x013cb09a
                            0x013cb09a
                            0x013cb09a
                            0x013cb098
                            0x0138d4dd
                            0x0138d4dd
                            0x0138d4df
                            0x0138d4e7
                            0x0138d4e7
                            0x0138d4ec
                            0x0138d4ee
                            0x0138d4f0
                            0x0138d4f3
                            0x0138d4f3
                            0x0138d4d7
                            0x0138d4fc

                            Strings
                            • SXS: %s() bad parameters:SXS: Map : 0x%pSXS: EntryCount : 0x%lx, xrefs: 013CB0B7
                            • RtlpInitializeAssemblyStorageMap, xrefs: 013CB0B2
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID: RtlpInitializeAssemblyStorageMap$SXS: %s() bad parameters:SXS: Map : 0x%pSXS: EntryCount : 0x%lx
                            • API String ID: 0-2653619699
                            • Opcode ID: bea4cf0cfadd6192c99aaed260a78715ea317a734cba29246a28c9ce40467066
                            • Instruction ID: 59a6701d545afc4c07d891db23a16e20dbe64bf3858171d7691e4b449bdde2a9
                            • Opcode Fuzzy Hash: bea4cf0cfadd6192c99aaed260a78715ea317a734cba29246a28c9ce40467066
                            • Instruction Fuzzy Hash: 1011CA71B40315FBF7249B8D9D41FABB6AD9B94B5CF14806DBA04EB284DB71ED0083A4
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0136C1C0 Relevance: 2.1, Strings: 1, Instructions: 876COMMONCrypto
                            Download Yara Rule
                            C-Code - Quality: 94%
                            			E0136C1C0(signed int __ecx, signed int __edx, signed int _a4, signed int _a8, signed int* _a12) {
				signed int _v8;
				signed int _v12;
				char _v20;
				intOrPtr _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				intOrPtr _v56;
				char _v60;
				signed int _v64;
				signed int _v68;
				char _v69;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				char _v104;
				signed char _v105;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int* _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed short _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				char _v165;
				signed int _v172;
				signed int _v176;
				void* _v180;
				signed int _v184;
				char _v188;
				signed int _v192;
				signed int _v196;
				intOrPtr _v200;
				signed int _v204;
				signed int _v208;
				signed int _v212;
				void* _v216;
				signed int _v220;
				signed int* _v224;
				signed int* _v228;
				signed int _v236;
				char _v244;
				signed int __ebx;
				signed int __edi;
				signed int __esi;
				void* __ebp;
				signed int _t427;
				signed int _t428;
				signed int _t434;
				signed int _t439;
				void* _t441;
				signed int _t442;
				signed int _t443;
				signed char _t444;
				signed int _t452;
				signed int _t459;
				signed int _t460;
				signed int _t462;
				signed int _t463;
				signed char _t464;
				signed int _t470;
				signed short _t471;
				signed int _t474;
				signed int _t477;
				signed int _t479;
				signed int* _t483;
				signed short _t485;
				signed int _t486;
				signed int _t487;
				signed int _t490;
				signed int _t492;
				signed int _t500;
				signed int _t504;
				signed int _t511;
				signed int _t518;
				signed int _t527;
				signed int _t529;
				signed int _t531;
				signed int _t532;
				signed int _t536;
				signed int _t544;
				void* _t546;
				signed char _t548;
				signed short _t552;
				signed short* _t555;
				intOrPtr _t556;
				signed int _t557;
				signed int _t560;
				signed char _t565;
				signed int _t566;
				signed char _t568;
				intOrPtr* _t569;
				signed char _t575;
				signed int _t582;
				signed short _t583;
				signed int _t584;
				signed int _t588;
				signed int _t590;
				signed int _t591;
				signed int _t598;
				intOrPtr _t599;
				signed char _t601;
				intOrPtr* _t602;
				signed int _t605;
				intOrPtr* _t608;
				signed int _t618;
				void* _t620;
				signed int _t621;
				signed int _t622;
				signed int _t623;
				signed int _t626;
				signed int _t630;
				signed int _t631;
				signed int* _t633;
				void* _t634;
				signed int _t635;
				signed int _t636;
				signed int _t637;
				signed int* _t638;
				signed int _t641;
				void* _t642;
				intOrPtr _t643;

				_push(0xfffffffe);
				_push(0x142fa78);
				_push(0x13a17f0);
				_push( *[fs:0x0]);
				_t643 = _t642 - 0xe0;
				_t427 =  *0x144d360;
				_v12 = _v12 ^ _t427;
				_t428 = _t427 ^ _t641;
				_v32 = _t428;
				_push(_t428);
				 *[fs:0x0] =  &_v20;
				_v28 = _t643;
				_t633 = __edx;
				_v100 = __edx;
				_v96 = __ecx;
				_v164 = __edx;
				_v128 = _a12;
				_v160 = __edx;
				_v69 = 0;
				_v184 = 0;
				_t560 = _a4;
				_t594 = _a8;
				if(_t560 < 3) {
					__eflags = _t594 & 0x00000002;
					if((_t594 & 0x00000002) != 0) {
						goto L1;
					}
					L214:
					_t431 = 0xc00000f1;
					L92:
					 *[fs:0x0] = _v20;
					_pop(_t620);
					_pop(_t634);
					_pop(_t546);
					return E0139B640(_t431, _t546, _v32 ^ _t641, _t594, _t620, _t634);
				}
				L1:
				if(_t560 > 4) {
					goto L214;
				}
				_t434 = _t594 & 0x00000041;
				if(_t434 != 0) {
					__eflags = _t560 - 4;
					if(_t560 != 4) {
						goto L214;
					}
					L147:
					__eflags = _t434;
					if(_t434 == 0) {
						goto L214;
					}
					__eflags = _t560 - 4;
					if(_t560 == 4) {
						_t560 = 3;
					}
					L4:
					_v124 = _t560;
					_v136 = _t560;
					_v8 = 0;
					_t548 =  !_t594;
					if((_t548 & 0x00000010) == 0) {
						L30:
						_t549 = 1;
						_v104 = 1;
						_t565 = _v96;
						_t635 = _t565;
						_v208 = _t635;
						_v120 = 0;
						_t621 = 0;
						_v92 = 0;
						__eflags = _t565 & 0x00000003;
						if((_t565 & 0x00000003) != 0) {
							asm("sbb al, al");
							_t549 = 0x00000001 &  !( ~(_t565 & 0x00000001));
							_v104 = 1;
							_t635 = _t635 & 0xfffffffc;
							__eflags = _t635;
							_v208 = _t635;
						}
						_t594 = E0136E9C0(1, _t635, 0, 0,  &_v120);
						_t566 = _v120;
						__eflags = _t566;
						if(_t566 == 0) {
							L46:
							__eflags = _t594;
							if(_t594 < 0) {
								goto L207;
							}
							goto L47;
						} else {
							_t511 =  *(_t566 + 0x18) & 0x0000ffff;
							_t594 = 0x10b;
							__eflags = _t511 - 0x10b;
							if(_t511 != 0x10b) {
								_t594 = 0x20b;
								__eflags = _t511 - 0x20b;
								if(_t511 != 0x20b) {
									L207:
									_t621 = 0;
									L134:
									_v92 = _t621;
									L47:
									_v116 = _t621;
									__eflags = _t621;
									if(_t621 == 0) {
										_v8 = 0xfffffffe;
										_t431 = 0xc0000089;
										goto L92;
									}
									_v176 = _t621;
									_v84 = 0xeeee;
									_v112 = 0;
									_t636 = 0;
									_v156 = 0;
									_v148 = 0;
									__eflags = 0;
									_v68 = 0;
									_v64 = 0;
									_v88 = 0;
									_v180 = 0;
									_t594 = _v100;
									while(1) {
										L49:
										__eflags = _t621;
										if(_t621 == 0) {
											goto L112;
										}
										_t470 = _v136;
										_t566 = _t470 - 1;
										_v136 = _t566;
										__eflags = _t470;
										if(_t470 == 0) {
											goto L112;
										}
										__eflags = _t566;
										if(_t566 == 0) {
											__eflags = _v124 - 3;
											if(_v124 == 3) {
												_v148 = _t621;
											}
										}
										__eflags = _v148;
										if(_v148 != 0) {
											_t471 =  *((intOrPtr*)(_v160 + 8));
											_v88 = _t471;
											__eflags = 0x000003ff & _t471;
											_t189 =  &_v69;
											 *_t189 = (0x000003ff & _t471) == 0;
											__eflags =  *_t189;
											_t550 = _a8;
											goto L96;
										} else {
											L53:
											_t566 =  *((intOrPtr*)(_t621 + 0xc));
											_t109 = _t621 + 0x10; // 0x10
											_t638 = _t109;
											_v224 = _t638;
											_t459 =  *_t594;
											_v92 = _t459;
											_t460 = _t459 & 0xffff0000;
											__eflags = _t460;
											_v140 = _t460;
											if(_t460 == 0) {
												_t638 = _t638 + (_t566 & 0x0000ffff) * 8;
												_v224 = _t638;
												_t566 =  *((intOrPtr*)(_t621 + 0xe));
											}
											__eflags = _t566;
											if(_t566 == 0) {
												_t623 = _v124;
												_t462 = _t623 - _v136;
												__eflags = _t462 - 1;
												if(__eflags != 0) {
													_t462 = _t462 - 2;
													__eflags = _t462;
													if(__eflags == 0) {
														_t637 = 0xc000008b;
														L197:
														_v76 = _t637;
														_t550 = _a8;
														_t594 =  !_a8;
														asm("bt edx, 0x13");
														asm("bt edx, 0x11");
														_t463 = _t462 & 0xffffff00 | __eflags > 0x00000000;
														_t575 = (_t566 & 0xffffff00 | __eflags > 0x00000000) & _t463;
														__eflags =  !_a8 & 0x00000010;
														_t464 = _t463 & 0xffffff00 | ( !_a8 & 0x00000010) != 0x00000000;
														__eflags = _t464 & _t575;
														if((_t464 & _t575) == 0) {
															goto L91;
														}
														__eflags = _t623 - 3;
														if(_t623 != 3) {
															goto L91;
														} else {
															_t569 = _v160;
															_v48 =  *_t569;
															_v44 =  *((intOrPtr*)(_t569 + 4));
															_v40 =  *((intOrPtr*)(_t569 + 8));
															__eflags = _a4 - 4;
															if(_a4 != 4) {
																goto L191;
															}
															goto L247;
														}
														L199:
														__eflags = _t548 & 0x00000008;
														if((_t548 & 0x00000008) == 0) {
															L11:
															_v80 = 0;
															_v140 = 0;
															_v68 = 0;
															_t557 = _v96;
															_t631 = E0136D1D0(_t557, 0, 0, 8);
															_v68 = _t631;
															if(_t631 == 0xffffffff) {
																L169:
																_t529 = 0x80000;
																_v80 = 0x80000;
																L19:
																_t594 = _a8 | _t529;
																_a8 = _t594;
																if((_t594 & 0x00040000) == 0) {
																	goto L30;
																}
																_t431 = 0xc000008a;
																_v76 = 0xc000008a;
																if((_t594 & 0x00020000) == 0) {
																	_v48 =  *_t633;
																	_t588 = _v124;
																	if(_t588 < 2) {
																		_t531 = 0;
																	} else {
																		_t51 =  &(_t633[1]); // 0x49
																		_t531 =  *_t51;
																	}
																	_v44 = _t531;
																	if(_t588 != 3) {
																		_t532 = 0;
																	} else {
																		_t53 =  &(_t633[2]); // 0x64004c
																		_t532 =  *_t53;
																	}
																	_v40 = _t532;
																	if(_a4 == 4) {
																		_t318 =  &(_t633[3]); // 0x520072
																		_v36 =  *_t318;
																	}
																	_t594 =  &_v48;
																	_v76 = E0136B62E(_t557,  &_v48, _a4,  &_v48, _v128);
																}
																_v8 = 0xfffffffe;
																goto L92;
															}
															if(_t631 == 0) {
																_v60 = L"MUI";
																_v56 = 1;
																_v52 = 0;
																_t590 = _t557;
																_t536 = E0136C1C0(_t590,  &_v60, 3, 0x30,  &_v144);
																_v196 = _t536;
																__eflags = _t536;
																if(__eflags < 0) {
																	L193:
																	_t631 = 0;
																	_v68 = 0;
																	_t591 = _t590 | 0xffffffff;
																	L168:
																	_push(0);
																	_push(_t536);
																	_push(2);
																	_push(0);
																	_push(_t591);
																	_push(0);
																	E0138DA88(_t557, _t557, 0, _t631, _t633, __eflags);
																	__eflags = _t631;
																	if(_t631 != 0) {
																		goto L13;
																	}
																	goto L169;
																}
																_t590 = _t557;
																_t536 = E0136D9A0(_t590, _v144,  &_v68,  &_v140);
																_v196 = _t536;
																__eflags = _t536;
																if(__eflags < 0) {
																	goto L193;
																}
																_t631 = _v68;
																__eflags =  *_t631 - 0xfecdfecd;
																if(__eflags != 0) {
																	_t536 = 0xc000007b;
																	_v196 = 0xc000007b;
																	goto L193;
																}
																_v140 = 0;
																_t591 = _t631;
																goto L168;
															}
															L13:
															_push( &_v80);
															_push(_a8);
															_push( *_t633);
															_push(_t631);
															if(L0136ED40() < 0) {
																_t529 = 0x60000;
																L17:
																_v80 = _t529;
																L18:
																_t557 = _v96;
																goto L19;
															}
															_t529 = _v80;
															if(( *(_t631 + 0x14) & 0x00000100) != 0) {
																_t529 = _t529 | 0x00100000;
																_v80 = _t529;
															}
															if(( *(_t631 + 0x10) & 0x00000010) == 0) {
																goto L18;
															} else {
																_t529 = _t529 | 0x00200000;
																goto L17;
															}
														}
														__eflags = _t630;
														if(_t630 != 0) {
															__eflags = _t630 - 0x400;
															if(_t630 == 0x400) {
																goto L29;
															}
															__eflags = _t630 - 0x800;
															if(_t630 != 0x800) {
																goto L11;
															}
															goto L29;
														} else {
															L29:
															_t618 = _t594 | 0x00000010;
															__eflags = _t618;
															_a8 = _t618;
															goto L30;
														}
													}
													__eflags = _t462 == 1;
													if(_t462 == 1) {
														_t637 = 0xc0000204;
													} else {
														_t637 = 0xc000000d;
													}
													goto L90;
												}
												_t637 = 0xc000008a;
												goto L197;
											} else {
												__eflags = _v148;
												if(_v148 != 0) {
													_t550 = _a8;
													__eflags = _t550 & 0x00000020;
													if((_t550 & 0x00000020) == 0) {
														goto L57;
													}
													_t621 = 0;
													_v176 = 0;
													_v84 =  *_t638;
													_t636 = _t638[1] + _v116;
													__eflags = _t636;
													_v156 = _t636;
													L84:
													_t439 = _t550 & 0x00000002;
													__eflags = _t636;
													if(_t636 == 0) {
														L115:
														__eflags = _t621;
														if(_t621 != 0) {
															__eflags = _t439;
															if(_t439 == 0) {
																goto L116;
															}
															 *_v128 = _t621;
															_t637 = 0;
															L90:
															_v76 = _t637;
															L91:
															_v8 = 0xfffffffe;
															_t431 = _t637;
															goto L92;
														}
														L116:
														_t622 = _v124;
														_t441 = _t622 - _v136;
														__eflags = _t441 - 3;
														if(_t441 != 3) {
															_t442 = _t441 - 1;
															__eflags = _t442;
															if(__eflags != 0) {
																_t442 = _t442 - 1;
																__eflags = _t442;
																if(__eflags != 0) {
																	_t637 = 0xc000000d;
																	_v76 = 0xc000000d;
																	L227:
																	__eflags = _t637 - 0xc000008a;
																	if(__eflags == 0) {
																		L188:
																		_t594 =  !_t550;
																		asm("bt edx, 0x13");
																		asm("bt edx, 0x11");
																		_t443 = _t442 & 0xffffff00 | __eflags > 0x00000000;
																		_t568 = (_t566 & 0xffffff00 | __eflags > 0x00000000) & _t443;
																		__eflags =  !_t550 & 0x00000010;
																		_t444 = _t443 & 0xffffff00 | ( !_t550 & 0x00000010) != 0x00000000;
																		__eflags = _t444 & _t568;
																		if((_t444 & _t568) == 0) {
																			goto L91;
																		}
																		__eflags = _t622 - 3;
																		if(_t622 != 3) {
																			goto L91;
																		}
																		_t569 = _v160;
																		_v48 =  *_t569;
																		_v44 =  *((intOrPtr*)(_t569 + 4));
																		_v40 =  *((intOrPtr*)(_t569 + 8));
																		__eflags = _a4 - 4;
																		if(_a4 == 4) {
																			L247:
																			_v36 =  *((intOrPtr*)(_t569 + 0xc));
																		}
																		L191:
																		_t594 =  &_v48;
																		_t551 = _v96;
																		_t637 = E0136B62E(_v96,  &_v48, _a4, _t550, _v128);
																		_v76 = _t637;
																		__eflags = _t637;
																		if(_t637 >= 0) {
																			_t594 = 0;
																			E01384CD4(_t551, 0,  &_v48, _a4);
																		}
																		goto L91;
																	}
																	__eflags = _t637 - 0xc000008b;
																	if(__eflags != 0) {
																		goto L91;
																	}
																	goto L188;
																}
																_t637 = 0xc000008b;
																_v76 = 0xc000008b;
																goto L188;
															}
															_t637 = 0xc000008a;
															_v76 = 0xc000008a;
															goto L188;
														}
														_t637 = 0xc0000204;
														_v76 = 0xc0000204;
														__eflags = _v148;
														if(_v148 == 0) {
															goto L227;
														}
														_v156 = 0;
														L96:
														while(1) {
															L97:
															_t452 = _v112;
															_v112 = _v112 + 1;
															__eflags = _t452 - 0xc;
															if(__eflags > 0) {
																break;
															}
															switch( *((intOrPtr*)(_t452 * 4 +  &M0136CEB0))) {
																case 0:
																	__eflags = 0 - _v88;
																	if(0 == _v88) {
																		goto L119;
																	}
																	__eflags = _t550 & 0x00080000;
																	if((_t550 & 0x00080000) != 0) {
																		_t454 = _v88 & 0x0000ffff;
																		goto L102;
																	}
																	goto L101;
																case 1:
																	__edx = __ebx;
																	__edx =  !__ebx;
																	asm("bt edx, 0x13");
																	__ecx = __ecx & 0xffffff00 | __eflags > 0x00000000;
																	asm("bt edx, 0x11");
																	__eax = __eax & 0xffffff00 | __eflags > 0x00000000;
																	__cl = __cl & __al;
																	__eflags = __dl & 0x00000010;
																	__eax = __eax & 0xffffff00 | (__dl & 0x00000010) != 0x00000000;
																	__eflags = __al & __cl;
																	if((__al & __cl) == 0) {
																		goto L101;
																	}
																	__edx = _v160;
																	__eax =  *__edx;
																	_v48 =  *__edx;
																	__ecx = _v124;
																	__eflags = __ecx - 2;
																	if(__ecx < 2) {
																		__eax = 0;
																	} else {
																		__eax =  *(__edx + 4);
																	}
																	_v44 = __eax;
																	__eflags = __ecx - 3;
																	if(__ecx != 3) {
																		__eax = 0;
																	} else {
																		__eax =  *(__edx + 8);
																	}
																	_v40 = __eax;
																	__eflags = _a4 - 4;
																	if(_a4 == 4) {
																		__eax =  *(__edx + 0xc);
																		_v36 =  *(__edx + 0xc);
																	}
																	__edx =  &_v48;
																	__edi = _v96;
																	__ecx = __edi;
																	__eax = E0136B62E(__ecx, __edx, _a4, __ebx, _v128);
																	__esi = __eax;
																	_v76 = __esi;
																	__eflags = __esi;
																	if(__esi < 0) {
																		goto L101;
																	} else {
																		__eax =  &_v48;
																		__edx = 0;
																		__ecx = __edi;
																		__eax = E01384CD4(__ecx, 0,  &_v48, _a4);
																		goto L91;
																	}
																case 2:
																	__eflags = _v69;
																	if(_v69 != 0) {
																		goto L101;
																	}
																	__ax = _v88;
																	goto L102;
																case 3:
																	__eflags = __bl & 0x00000004;
																	if((__bl & 0x00000004) != 0) {
																		goto L145;
																	}
																	__eflags = _v69;
																	if(_v69 != 0) {
																		goto L101;
																	}
																	__edx =  &_v64;
																	__eax = E0135649B(__ecx, __edx);
																	__eflags = __eax;
																	if(__eax < 0) {
																		L119:
																		_t454 = 0;
																		goto L102;
																	}
																	__ax = _v64;
																	_v68 = __eax;
																	__eflags = _v64;
																	if(_v64 != 0) {
																		_v112 = _v112 - 1;
																	}
																	goto L104;
																case 4:
																	__eflags = _v69;
																	if(_v69 == 0) {
																		__ax = _v88;
																		__ecx = 0x3ff;
																		__ax = _v88 & __cx;
																	} else {
																		__eax = _v84 & 0x0000ffff;
																	}
																	goto L102;
																case 5:
																	__eflags = _v69;
																	if(_v69 != 0) {
																		goto L101;
																	}
																	goto L145;
																case 6:
																	__ax = _v84;
																	_v68 = __eax;
																	_v64 = __ax;
																	__eflags = __bl & 0x00000020;
																	if((__bl & 0x00000020) != 0) {
																		goto L104;
																	}
																	__eax = 0;
																	_v64 = __ax;
																	__eax = E0136ABEC();
																	__eflags = __al;
																	if(__al == 0) {
																		__eax = 0;
																		_v64 = __ax;
																		L173:
																		__eax = _v84 & 0x0000ffff;
																		goto L102;
																	}
																	 *[fs:0x18] =  *( *[fs:0x18] + 0xfc0);
																	__eax =  *( *( *[fs:0x18] + 0xfc0) + 4) & 0x0000ffff;
																	__eflags = _v184 - __eax;
																	if(_v184 >= __eax) {
																		__eax = 0;
																		__eflags = 0;
																		_v64 = __ax;
																		L172:
																		__ebx = _a8;
																		goto L173;
																	}
																	__edx =  *[fs:0x18];
																	 &_v165 =  &_v64;
																	__esi = _v184;
																	__edx =  *( *[fs:0x18] + 0xfc0);
																	__eax = E0136AAC7(__ecx, __edx, __esi,  &_v64,  &_v165);
																	__eax = _v64 & 0x0000ffff;
																	_v68 = __eax;
																	__eflags = __ax;
																	if(__ax == 0) {
																		goto L172;
																	}
																	__esi = __esi + 1;
																	_v184 = __esi;
																	_v112 = _v112 - 1;
																	__ebx = _a8;
																	goto L104;
																case 7:
																	__eax = __ebx;
																	__eax =  !__ebx;
																	__eflags = __eax & 0x00080000;
																	if((__eax & 0x00080000) == 0) {
																		L101:
																		_t454 = _v84;
																		goto L102;
																	}
																	__ecx = _v96;
																	__eax = E013660F7(__ecx, 0, 1);
																	__eflags = __eax;
																	if(__eax == 0) {
																		goto L101;
																	} else {
																		__eflags =  *__eax - 0xfecdfecd;
																		if( *__eax != 0xfecdfecd) {
																			goto L101;
																		}
																		__ecx =  *(__eax + 0x7c);
																		__eflags = __ecx;
																		if(__ecx == 0) {
																			goto L101;
																		}
																		 &_v244 = E0139BB40(__ecx,  &_v244,  &_v244);
																		 &_v216 =  &_v244;
																		__eax = L013643C0( &_v244,  &_v216);
																		__eflags = __al;
																		if(__al == 0) {
																			goto L101;
																		}
																		__ax = _v216;
																		goto L102;
																	}
																	goto L176;
																case 8:
																	L176:
																	__ax = _v84;
																	_v68 = __eax;
																	_v64 = _v84;
																	__eax = __ebx;
																	__eax =  !__ebx;
																	__eflags = __eax & 0x00080000;
																	if((__eax & 0x00080000) != 0) {
																		__ebx = __ebx | 0x00000020;
																		_a8 = __ebx;
																		goto L104;
																	}
																	__eflags =  *[fs:0x18];
																	if( *[fs:0x18] == 0) {
																		__ax = _v64;
																		__ebx = _a8;
																	} else {
																		__eax =  *[fs:0x18];
																		__ax =  *((intOrPtr*)(__eax + 0xc4));
																		_v64 =  *((intOrPtr*)(__eax + 0xc4));
																		__ebx = _a8;
																	}
																	goto L103;
																case 9:
																	_v68 = __esi;
																	_v64 = _v84;
																	__eax =  &_v180;
																	_push( &_v180);
																	_push(1);
																	__eax = E01399630();
																	_v76 = __eax;
																	__eflags = __eax;
																	if(__eax < 0) {
																		goto L104;
																	}
																	__ax = _v180;
																	goto L102;
																case 0xa:
																	__ax = _v84;
																	_v68 = __eax;
																	_v64 = _v84;
																	__eax =  &_v220;
																	_push( &_v220);
																	_push(0);
																	__eax = E01399630();
																	_v76 = __eax;
																	__eflags = __eax;
																	if(__eax < 0) {
																		goto L104;
																	}
																	__eax = _v220;
																	__eflags = __eax - _v180;
																	if(__eax == _v180) {
																		goto L104;
																	}
																	goto L102;
																case 0xb:
																	__eax = 0x409;
																	L102:
																	_v64 = _t454;
																	L103:
																	_v68 = _t454;
																	L104:
																	_t573 = _v68;
																	goto L105;
																case 0xc:
																	__ebx = __ebx | 0x00000020;
																	_a8 = __ebx;
																	L105:
																	_t456 =  !_t550;
																	__eflags = _t456 & 0x00000020;
																	if((_t456 & 0x00000020) == 0) {
																		L107:
																		_v84 = _v68 & 0x0000ffff;
																		_t594 =  &_v84;
																		_v100 = _t594;
																		_v164 = _t594;
																		_t621 = _v148;
																		_v176 = _t621;
																		goto L53;
																	}
																	__eflags = (_t573 & 0x0000ffff) - _v84;
																	if((_t573 & 0x0000ffff) == _v84) {
																		goto L97;
																	}
																	goto L107;
															}
														}
														L145:
														_v8 = 0xfffffffe;
														_t431 = 0xc0000204;
														goto L92;
													}
													__eflags = _t439;
													if(_t439 != 0) {
														goto L115;
													}
													 *_v128 = _t636;
													_t500 =  *[fs:0x18];
													__eflags =  *(_t500 + 0xfe0);
													if( *(_t500 + 0xfe0) == 0) {
														_v100 =  *[fs:0x18];
														 *((intOrPtr*)(_v100 + 0xfe0)) = E01374620(_t566,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0xc);
													}
													_t504 =  *[fs:0x18];
													__eflags =  *(_t504 + 0xfe0);
													if( *(_t504 + 0xfe0) != 0) {
														_t594 = _v96;
														 *( *( *[fs:0x18] + 0xfe0)) = _t594;
														( *( *[fs:0x18] + 0xfe0))[1] = _v156;
														( *( *[fs:0x18] + 0xfe0))[2] = _t594;
													}
													_t637 = 0;
													__eflags = 0;
													goto L90;
												}
												L57:
												_v228 = _t638;
												_v152 = _t566;
												_t621 = 0;
												_v172 = 0;
												_v80 = 0;
												_v204 = 0;
												_t598 = (_t566 & 0x0000ffff) - 1;
												__eflags = _t598;
												_t599 = _t638 + _t598 * 8;
												_v200 = _t599;
												_v132 = _t566;
												while(1) {
													__eflags = _t638 - _t599;
													if(_t638 > _t599) {
														break;
													}
													_t601 = _v132;
													_t552 = _t566 >> 0x00000001 & 0x0000ffff;
													__eflags = _t552;
													if(_t552 == 0) {
														__eflags = _t566;
														if(_t566 == 0) {
															break;
														}
														_t474 =  *_t638;
														__eflags = _v140 - _t621;
														if(_v140 != _t621) {
															__eflags = _t474;
															if(_t474 >= 0) {
																break;
															}
															_t555 = (_t474 & 0x7fffffff) + _v116;
															_t477 = E013A12B0(_v92,  &(_t555[1]),  *_t555 & 0x0000ffff);
															_t643 = _t643 + 0xc;
															_t566 = _t477;
															__eflags = _t566;
															if(_t566 != 0) {
																break;
															}
															_t602 = _v92;
															_v192 = _t602 + 2;
															do {
																_t479 =  *_t602;
																_t602 = _t602 + 2;
																__eflags = _t479;
															} while (_t479 != 0);
															__eflags = _t602 - _v192 >> 1 - ( *_t555 & 0x0000ffff);
															if(_t602 - _v192 >> 1 == ( *_t555 & 0x0000ffff)) {
																L77:
																__eflags = _t566;
																if(_t566 != 0) {
																	break;
																}
																_t566 = _t638[1];
																__eflags = _t566;
																if(_t566 >= 0) {
																	L111:
																	_t636 = _v116 + _t566;
																	_v204 = _t636;
																	L81:
																	_v176 = _t621;
																	_v156 = _t636;
																	_t594 = _v100 + 4;
																	_v100 = _t594;
																	_v164 = _t594;
																	goto L49;
																}
																L79:
																_t621 = (_t566 & 0x7fffffff) + _v116;
																__eflags = _t621;
																_v172 = _t621;
																break;
															}
															break;
														}
														__eflags = _t474;
														if(_t474 < 0) {
															break;
														}
														_t566 = _v92 - _t474;
														__eflags = _t566;
														goto L77;
													}
													_v105 = _v152 & 0x00000001;
													_t582 = _t552;
													_v192 = _t582;
													_t483 = _t638 + _t582 * 8;
													_v120 = _t483;
													__eflags = _t601 & 0x00000001;
													if((_t601 & 0x00000001) == 0) {
														_t483 =  &(_t483[0xfffffffffffffffe]);
														_v120 = _t483;
													}
													_t605 =  *_t483;
													__eflags = _v140 - _t621;
													if(_v140 != _t621) {
														__eflags = _t605;
														if(_t605 >= 0) {
															goto L67;
														}
														_t607 = (_t605 & 0x7fffffff) + _v116;
														_v144 = (_t605 & 0x7fffffff) + _v116;
														_t490 = E013A12B0(_v92,  &(((_t605 & 0x7fffffff) + _v116)[1]),  *_t607 & 0x0000ffff);
														_t643 = _t643 + 0xc;
														_t584 = _t490;
														__eflags = _t584;
														if(_t584 != 0) {
															L163:
															_t483 = _v120;
															goto L64;
														}
														_t608 = _v92;
														_v188 = _t608 + 2;
														do {
															_t492 =  *_t608;
															_t608 = _t608 + 2;
															__eflags = _t492;
														} while (_t492 != 0);
														__eflags = _t608 - _v188 >> 1 - ( *_v144 & 0x0000ffff);
														if(_t608 - _v188 >> 1 != ( *_v144 & 0x0000ffff)) {
															_t483 = _v120;
															goto L72;
														}
														goto L163;
													} else {
														__eflags = _t605;
														if(_t605 < 0) {
															L72:
															_t638 =  &(_t483[2]);
															_v228 = _t638;
															_t486 = _t552;
															_v152 = _t486;
															_t599 = _v200;
															L70:
															_t487 = _t486 & 0x0000ffff;
															_v132 = _t487;
															_t566 = _t487;
															continue;
														}
														_t584 = _v92 - _t605;
														__eflags = _t584;
														L64:
														__eflags = _t584;
														if(__eflags == 0) {
															_t566 = _t483[1];
															__eflags = _t566;
															if(_t566 < 0) {
																goto L79;
															}
															_t621 = 0;
															__eflags = 0;
															_v172 = 0;
															goto L111;
														}
														if(__eflags >= 0) {
															goto L72;
														}
														_t582 = _v192;
														L67:
														_t599 = _t483 - 8;
														_v200 = _t599;
														__eflags = _v105;
														if(_v105 == 0) {
															_t583 = _t582 - 1;
															_v152 = _t583 & 0x0000ffff;
															_t485 = _t583 & 0x0000ffff;
														} else {
															_t485 = _t552;
															_v152 = _t485;
														}
														_t486 = _t485 & 0x0000ffff;
														goto L70;
													}
												}
												_t636 = _v80;
												goto L81;
											}
										}
										L112:
										_t550 = _a8;
										goto L84;
									}
								}
								_t566 = _t635;
								_t594 = L01352F47(_t566, _t549, 2,  &_v188, _t566,  &_v92);
								_t621 = _v92;
								goto L46;
							}
							__eflags =  *((intOrPtr*)(_t566 + 0x74)) - 2;
							if( *((intOrPtr*)(_t566 + 0x74)) <= 2) {
								goto L207;
							}
							_t626 =  *(_t566 + 0x88);
							_v132 = _t626;
							__eflags = _t626;
							if(_t626 == 0) {
								goto L207;
							}
							_v188 =  *((intOrPtr*)(_t566 + 0x8c));
							__eflags = _t549;
							if(_t549 != 0) {
								L133:
								_t621 = _t626 + _t635;
								__eflags = _t621;
								goto L134;
							}
							__eflags = _t626 -  *((intOrPtr*)(_t566 + 0x54));
							if(_t626 <  *((intOrPtr*)(_t566 + 0x54))) {
								goto L133;
							}
							_t82 = _v120 + 0x18; // 0x18
							_t594 = _t82 + ( *(_t566 + 0x14) & 0x0000ffff);
							_t518 =  *(_v120 + 6) & 0x0000ffff;
							_v144 = _t518;
							_t566 = 0;
							__eflags = 0;
							while(1) {
								_v236 = _t566;
								_v212 = _t594;
								__eflags = _t566 - _t518;
								if(_t566 >= _t518) {
									break;
								}
								_t556 =  *((intOrPtr*)(_t594 + 0xc));
								__eflags = _t626 - _t556;
								if(_t626 < _t556) {
									L114:
									_t594 = _t594 + 0x28;
									_t566 = _t566 + 1;
									continue;
								}
								__eflags = _t626 -  *((intOrPtr*)(_t594 + 0x10)) + _t556;
								if(_t626 >=  *((intOrPtr*)(_t594 + 0x10)) + _t556) {
									_t518 = _v144;
									goto L114;
								}
								__eflags = _t594;
								if(_t594 == 0) {
									break;
								}
								_t621 =  *((intOrPtr*)(_t594 + 0x14)) - _t556 + _v132 + _t635;
								__eflags = _t621;
								L44:
								_v92 = _t621;
								_v100 = _v164;
								__eflags = _t621;
								if(_t621 == 0) {
									goto L207;
								}
								_t594 = 0;
								__eflags = 0;
								goto L46;
							}
							_t621 = 0;
							goto L44;
						}
					}
					_t21 = _t560 - 1; // 0x2
					if(_t21 > 2) {
						goto L30;
					}
					if(_t560 != 3) {
						_t630 = 0;
					} else {
						_t22 =  &(_t633[2]); // 0x64004c
						_t630 =  *_t22 & 0x0000ffff;
					}
					_v88 = _t630;
					_t527 =  *_t633;
					if(_t527 == 0x10 || _t527 == 0x18) {
						goto L199;
					} else {
						if((_t527 & 0xffff0000) != 0) {
							_t544 = E0139E490(_t527, L"MUI");
							_t643 = _t643 + 8;
							__eflags = _t544;
							if(_t544 != 0) {
								goto L11;
							}
							_t594 = _a8;
							goto L199;
						}
						goto L11;
					}
				}
				if(_t560 == 4) {
					goto L147;
				}
				goto L4;
			}











































































































































                            0x0136c1c5
                            0x0136c1c7
                            0x0136c1cc
                            0x0136c1d7
                            0x0136c1d8
                            0x0136c1de
                            0x0136c1e3
                            0x0136c1e6
                            0x0136c1e8
                            0x0136c1ee
                            0x0136c1f2
                            0x0136c1f8
                            0x0136c1fb
                            0x0136c1fd
                            0x0136c200
                            0x0136c203
                            0x0136c20c
                            0x0136c20f
                            0x0136c215
                            0x0136c219
                            0x0136c223
                            0x0136c226
                            0x0136c22c
                            0x0136ce8b
                            0x0136ce8e
                            0x00000000
                            0x00000000
                            0x013bae13
                            0x013bae13
                            0x0136c762
                            0x0136c765
                            0x0136c76d
                            0x0136c76e
                            0x0136c76f
                            0x0136c77d
                            0x0136c77d
                            0x0136c232
                            0x0136c235
                            0x00000000
                            0x00000000
                            0x0136c23d
                            0x0136c240
                            0x0136ca53
                            0x0136ca56
                            0x00000000
                            0x00000000
                            0x0136ca5c
                            0x0136ca5c
                            0x0136ca5e
                            0x00000000
                            0x00000000
                            0x0136ca64
                            0x0136ca67
                            0x0136ca6d
                            0x0136ca6d
                            0x0136c24f
                            0x0136c24f
                            0x0136c252
                            0x0136c258
                            0x0136c261
                            0x0136c266
                            0x0136c39f
                            0x0136c39f
                            0x0136c3a1
                            0x0136c3a4
                            0x0136c3a7
                            0x0136c3a9
                            0x0136c3af
                            0x0136c3b6
                            0x0136c3b8
                            0x0136c3bb
                            0x0136c3be
                            0x0136c3c6
                            0x0136c3ca
                            0x0136c3cc
                            0x0136c3cf
                            0x0136c3cf
                            0x0136c3d2
                            0x0136c3d2
                            0x0136c3e8
                            0x0136c3ea
                            0x0136c3ed
                            0x0136c3ef
                            0x0136c4ae
                            0x0136c4ae
                            0x0136c4b0
                            0x00000000
                            0x00000000
                            0x00000000
                            0x0136c3f5
                            0x0136c3f5
                            0x0136c3f9
                            0x0136c3fe
                            0x0136c401
                            0x0136ca77
                            0x0136ca7c
                            0x0136ca7f
                            0x0136ce62
                            0x0136ce62
                            0x0136c9d3
                            0x0136c9d3
                            0x0136c4b6
                            0x0136c4b6
                            0x0136c4b9
                            0x0136c4bb
                            0x0136ce69
                            0x0136ce70
                            0x00000000
                            0x0136ce70
                            0x0136c4c1
                            0x0136c4c7
                            0x0136c4ce
                            0x0136c4d5
                            0x0136c4d7
                            0x0136c4dd
                            0x0136c4e3
                            0x0136c4e5
                            0x0136c4e8
                            0x0136c4ec
                            0x0136c4f0
                            0x0136c4f6
                            0x0136c500
                            0x0136c500
                            0x0136c500
                            0x0136c502
                            0x00000000
                            0x00000000
                            0x0136c508
                            0x0136c510
                            0x0136c511
                            0x0136c517
                            0x0136c519
                            0x00000000
                            0x00000000
                            0x0136c51f
                            0x0136c521
                            0x0136c780
                            0x0136c784
                            0x0136c78a
                            0x0136c78a
                            0x0136c784
                            0x0136c527
                            0x0136c52e
                            0x0136c79b
                            0x0136c79f
                            0x0136c7a8
                            0x0136c7ab
                            0x0136c7ab
                            0x0136c7ab
                            0x0136c7af
                            0x00000000
                            0x0136c534
                            0x0136c534
                            0x0136c534
                            0x0136c538
                            0x0136c538
                            0x0136c53b
                            0x0136c541
                            0x0136c543
                            0x0136c546
                            0x0136c546
                            0x0136c54b
                            0x0136c551
                            0x0136c556
                            0x0136c559
                            0x0136c55f
                            0x0136c55f
                            0x0136c563
                            0x0136c566
                            0x0136cdc9
                            0x0136cdce
                            0x0136cdd4
                            0x0136cdd7
                            0x013baf3f
                            0x013baf3f
                            0x013baf42
                            0x013baf5d
                            0x0136cde2
                            0x0136cde2
                            0x0136cde5
                            0x0136cdea
                            0x0136cdec
                            0x0136cdf3
                            0x0136cdf7
                            0x0136cdfa
                            0x0136cdfc
                            0x0136cdff
                            0x0136ce02
                            0x0136ce04
                            0x00000000
                            0x00000000
                            0x013baf67
                            0x013baf6a
                            0x00000000
                            0x013baf70
                            0x013baf70
                            0x013baf78
                            0x013baf7e
                            0x013baf84
                            0x013baf87
                            0x013baf8b
                            0x00000000
                            0x00000000
                            0x00000000
                            0x013baf8b
                            0x0136ce0f
                            0x0136ce0f
                            0x0136ce12
                            0x0136c2a8
                            0x0136c2a8
                            0x0136c2af
                            0x0136c2b9
                            0x0136c2c6
                            0x0136c2d0
                            0x0136c2d2
                            0x0136c2d8
                            0x0136cc01
                            0x0136cc01
                            0x0136cc06
                            0x0136c31f
                            0x0136c322
                            0x0136c324
                            0x0136c32d
                            0x00000000
                            0x00000000
                            0x0136c32f
                            0x0136c334
                            0x0136c33d
                            0x0136c341
                            0x0136c344
                            0x0136c34a
                            0x013bae74
                            0x0136c350
                            0x0136c350
                            0x0136c350
                            0x0136c350
                            0x0136c353
                            0x0136c359
                            0x013bae7b
                            0x0136c35f
                            0x0136c35f
                            0x0136c35f
                            0x0136c35f
                            0x0136c362
                            0x0136c369
                            0x0136cc0e
                            0x0136cc11
                            0x0136cc11
                            0x0136c377
                            0x0136c381
                            0x0136c381
                            0x0136c384
                            0x00000000
                            0x0136c384
                            0x0136c2e0
                            0x0136cb6d
                            0x0136cb74
                            0x0136cb7b
                            0x0136cb90
                            0x0136cb92
                            0x0136cb97
                            0x0136cb9d
                            0x0136cb9f
                            0x0136cd93
                            0x0136cd93
                            0x0136cd95
                            0x0136cd98
                            0x0136cbe6
                            0x0136cbe6
                            0x0136cbe8
                            0x0136cbe9
                            0x0136cbeb
                            0x0136cbed
                            0x0136cbee
                            0x0136cbf4
                            0x0136cbf9
                            0x0136cbfb
                            0x00000000
                            0x00000000
                            0x00000000
                            0x0136cbfb
                            0x0136cbb6
                            0x0136cbb8
                            0x0136cbbd
                            0x0136cbc3
                            0x0136cbc5
                            0x00000000
                            0x00000000
                            0x0136cbcb
                            0x0136cbce
                            0x0136cbd4
                            0x013bae4d
                            0x013bae52
                            0x00000000
                            0x013bae52
                            0x0136cbda
                            0x0136cbe4
                            0x00000000
                            0x0136cbe4
                            0x0136c2e6
                            0x0136c2e9
                            0x0136c2ed
                            0x0136c2ee
                            0x0136c2f0
                            0x0136c2f8
                            0x013bae5d
                            0x0136c319
                            0x0136c319
                            0x0136c31c
                            0x0136c31c
                            0x00000000
                            0x0136c31c
                            0x0136c2fe
                            0x0136c308
                            0x013bae67
                            0x013bae6c
                            0x013bae6c
                            0x0136c312
                            0x00000000
                            0x0136c314
                            0x0136c314
                            0x00000000
                            0x0136c314
                            0x0136c312
                            0x0136c390
                            0x0136c393
                            0x013bae31
                            0x013bae34
                            0x00000000
                            0x00000000
                            0x013bae3f
                            0x013bae42
                            0x00000000
                            0x00000000
                            0x00000000
                            0x0136c399
                            0x0136c399
                            0x0136c399
                            0x0136c399
                            0x0136c39c
                            0x00000000
                            0x0136c39c
                            0x0136c393
                            0x013baf44
                            0x013baf47
                            0x013baf53
                            0x013baf49
                            0x013baf49
                            0x013baf49
                            0x00000000
                            0x013baf47
                            0x0136cddd
                            0x00000000
                            0x0136c56c
                            0x0136c56c
                            0x0136c573
                            0x0136c6be
                            0x0136c6c1
                            0x0136c6c4
                            0x00000000
                            0x00000000
                            0x0136c6ca
                            0x0136c6cc
                            0x0136c6d4
                            0x0136c6da
                            0x0136c6da
                            0x0136c6dd
                            0x0136c6e3
                            0x0136c6e5
                            0x0136c6e8
                            0x0136c6ea
                            0x0136c873
                            0x0136c873
                            0x0136c875
                            0x0136ce99
                            0x0136ce9b
                            0x00000000
                            0x00000000
                            0x0136cea4
                            0x0136cea6
                            0x0136c756
                            0x0136c756
                            0x0136c759
                            0x0136c759
                            0x0136c760
                            0x00000000
                            0x0136c760
                            0x0136c87b
                            0x0136c87b
                            0x0136c880
                            0x0136c886
                            0x0136c889
                            0x0136cd00
                            0x0136cd00
                            0x0136cd03
                            0x0136ce31
                            0x0136ce31
                            0x0136ce34
                            0x013bae89
                            0x013bae8e
                            0x013bae91
                            0x013bae91
                            0x013bae97
                            0x0136cd11
                            0x0136cd13
                            0x0136cd15
                            0x0136cd1c
                            0x0136cd20
                            0x0136cd23
                            0x0136cd25
                            0x0136cd28
                            0x0136cd2b
                            0x0136cd2d
                            0x00000000
                            0x00000000
                            0x0136cd33
                            0x0136cd36
                            0x00000000
                            0x00000000
                            0x0136cd3c
                            0x0136cd44
                            0x0136cd4a
                            0x0136cd50
                            0x0136cd53
                            0x0136cd57
                            0x013baf91
                            0x013baf94
                            0x013baf94
                            0x0136cd5d
                            0x0136cd64
                            0x0136cd67
                            0x0136cd71
                            0x0136cd73
                            0x0136cd76
                            0x0136cd78
                            0x0136cd85
                            0x0136cd89
                            0x0136cd89
                            0x00000000
                            0x0136cd78
                            0x013bae9d
                            0x013baea3
                            0x00000000
                            0x00000000
                            0x00000000
                            0x013baea9
                            0x0136ce3a
                            0x0136ce3f
                            0x00000000
                            0x0136ce3f
                            0x0136cd09
                            0x0136cd0e
                            0x00000000
                            0x0136cd0e
                            0x0136c88f
                            0x0136c894
                            0x0136c897
                            0x0136c89e
                            0x00000000
                            0x00000000
                            0x0136c8a4
                            0x0136c7b2
                            0x0136c7b5
                            0x0136c7b5
                            0x0136c7b5
                            0x0136c7b8
                            0x0136c7bb
                            0x0136c7be
                            0x00000000
                            0x00000000
                            0x0136c7c4
                            0x00000000
                            0x0136c7cd
                            0x0136c7d1
                            0x00000000
                            0x00000000
                            0x0136c7d7
                            0x0136c7dd
                            0x0136ce28
                            0x00000000
                            0x0136ce28
                            0x00000000
                            0x00000000
                            0x0136c8ba
                            0x0136c8bc
                            0x0136c8be
                            0x0136c8c2
                            0x0136c8c5
                            0x0136c8c9
                            0x0136c8cc
                            0x0136c8ce
                            0x0136c8d1
                            0x0136c8d4
                            0x0136c8d6
                            0x00000000
                            0x00000000
                            0x0136c8dc
                            0x0136c8e2
                            0x0136c8e4
                            0x0136c8e7
                            0x0136c8ea
                            0x0136c8ed
                            0x013baeae
                            0x0136c8f3
                            0x0136c8f3
                            0x0136c8f3
                            0x0136c8f6
                            0x0136c8f9
                            0x0136c8fc
                            0x013baeb5
                            0x0136c902
                            0x0136c902
                            0x0136c902
                            0x0136c905
                            0x0136c908
                            0x0136c90c
                            0x0136ce1d
                            0x0136ce20
                            0x0136ce20
                            0x0136c919
                            0x0136c91c
                            0x0136c91f
                            0x0136c921
                            0x0136c926
                            0x0136c928
                            0x0136c92b
                            0x0136c92d
                            0x00000000
                            0x0136c933
                            0x0136c936
                            0x0136c93a
                            0x0136c93c
                            0x0136c93e
                            0x00000000
                            0x0136c93e
                            0x00000000
                            0x0136c9db
                            0x0136c9df
                            0x00000000
                            0x00000000
                            0x0136c9e5
                            0x00000000
                            0x00000000
                            0x0136c9ee
                            0x0136c9f1
                            0x00000000
                            0x00000000
                            0x0136c9f3
                            0x0136c9f7
                            0x00000000
                            0x00000000
                            0x0136c9fd
                            0x0136ca00
                            0x0136ca05
                            0x0136ca07
                            0x0136c8b3
                            0x0136c8b3
                            0x00000000
                            0x0136c8b3
                            0x0136ca0d
                            0x0136ca11
                            0x0136ca14
                            0x0136ca17
                            0x0136ca1d
                            0x0136ca1d
                            0x00000000
                            0x00000000
                            0x0136ca25
                            0x0136ca29
                            0x0136ce7a
                            0x0136ce7e
                            0x0136ce83
                            0x0136ca2f
                            0x0136ca2f
                            0x0136ca2f
                            0x00000000
                            0x00000000
                            0x0136ca38
                            0x0136ca3c
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x0136c948
                            0x0136c94c
                            0x0136c94f
                            0x0136c953
                            0x0136c956
                            0x00000000
                            0x00000000
                            0x0136c95c
                            0x0136c95e
                            0x0136c962
                            0x0136c967
                            0x0136c969
                            0x013baebc
                            0x013baebe
                            0x0136cc22
                            0x0136cc22
                            0x00000000
                            0x0136cc22
                            0x0136c975
                            0x0136c97b
                            0x0136c97f
                            0x0136c985
                            0x0136cc19
                            0x0136cc19
                            0x0136cc1b
                            0x0136cc1f
                            0x0136cc1f
                            0x00000000
                            0x0136cc1f
                            0x0136c98b
                            0x0136c999
                            0x0136c99d
                            0x0136c9a4
                            0x0136c9aa
                            0x0136c9af
                            0x0136c9b3
                            0x0136c9b6
                            0x0136c9b9
                            0x00000000
                            0x00000000
                            0x0136c9bf
                            0x0136c9c0
                            0x0136c9c6
                            0x0136c9c9
                            0x00000000
                            0x00000000
                            0x0136cc2b
                            0x0136cc2d
                            0x0136cc2f
                            0x0136cc34
                            0x0136c7e3
                            0x0136c7e3
                            0x00000000
                            0x0136c7e3
                            0x013baecb
                            0x013baece
                            0x013baed3
                            0x013baed5
                            0x00000000
                            0x013baedb
                            0x013baedb
                            0x013baee1
                            0x00000000
                            0x00000000
                            0x013baee7
                            0x013baeea
                            0x013baeec
                            0x00000000
                            0x00000000
                            0x013baefc
                            0x013baf08
                            0x013baf0f
                            0x013baf14
                            0x013baf16
                            0x00000000
                            0x00000000
                            0x013baf1c
                            0x00000000
                            0x013baf1c
                            0x00000000
                            0x00000000
                            0x0136cc3f
                            0x0136cc3f
                            0x0136cc43
                            0x0136cc46
                            0x0136cc4a
                            0x0136cc4c
                            0x0136cc4e
                            0x0136cc53
                            0x013baf28
                            0x013baf2b
                            0x00000000
                            0x013baf2b
                            0x0136cc59
                            0x0136cc61
                            0x013baf33
                            0x013baf37
                            0x0136cc67
                            0x0136cc67
                            0x0136cc6d
                            0x0136cc74
                            0x0136cc78
                            0x0136cc78
                            0x00000000
                            0x00000000
                            0x0136cc84
                            0x0136cc87
                            0x0136cc8b
                            0x0136cc91
                            0x0136cc92
                            0x0136cc94
                            0x0136cc99
                            0x0136cc9c
                            0x0136cc9e
                            0x00000000
                            0x00000000
                            0x0136cca4
                            0x00000000
                            0x00000000
                            0x0136ccb0
                            0x0136ccb4
                            0x0136ccb7
                            0x0136ccbb
                            0x0136ccc1
                            0x0136ccc2
                            0x0136ccc4
                            0x0136ccc9
                            0x0136cccc
                            0x0136ccce
                            0x00000000
                            0x00000000
                            0x0136ccd4
                            0x0136ccda
                            0x0136cce0
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x0136cceb
                            0x0136c7e7
                            0x0136c7e7
                            0x0136c7eb
                            0x0136c7eb
                            0x0136c7ee
                            0x0136c7ee
                            0x00000000
                            0x00000000
                            0x0136ccf5
                            0x0136ccf8
                            0x0136c7f1
                            0x0136c7f3
                            0x0136c7f5
                            0x0136c7f7
                            0x0136c801
                            0x0136c807
                            0x0136c80a
                            0x0136c80d
                            0x0136c810
                            0x0136c816
                            0x0136c81c
                            0x00000000
                            0x0136c81c
                            0x0136c7fc
                            0x0136c7ff
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x0136c7c4
                            0x0136ca42
                            0x0136ca42
                            0x0136ca49
                            0x00000000
                            0x0136ca49
                            0x0136c6f0
                            0x0136c6f2
                            0x00000000
                            0x00000000
                            0x0136c6fb
                            0x0136c6fd
                            0x0136c703
                            0x0136c70a
                            0x0136cda6
                            0x0136cdbe
                            0x0136cdbe
                            0x0136c710
                            0x0136c716
                            0x0136c71d
                            0x0136c72b
                            0x0136c72e
                            0x0136c742
                            0x0136c751
                            0x0136c751
                            0x0136c754
                            0x0136c754
                            0x00000000
                            0x0136c754
                            0x0136c579
                            0x0136c579
                            0x0136c57f
                            0x0136c586
                            0x0136c588
                            0x0136c590
                            0x0136c593
                            0x0136c59c
                            0x0136c59c
                            0x0136c59d
                            0x0136c5a0
                            0x0136c5a6
                            0x0136c5b0
                            0x0136c5b0
                            0x0136c5b2
                            0x00000000
                            0x00000000
                            0x0136c5b8
                            0x0136c5c1
                            0x0136c5c4
                            0x0136c5c7
                            0x0136c65f
                            0x0136c662
                            0x00000000
                            0x00000000
                            0x0136c664
                            0x0136c666
                            0x0136c66c
                            0x0136caa6
                            0x0136caa8
                            0x00000000
                            0x00000000
                            0x0136cab6
                            0x0136cac4
                            0x0136cac9
                            0x0136cacc
                            0x0136cace
                            0x0136cad0
                            0x00000000
                            0x00000000
                            0x0136cad6
                            0x0136cadc
                            0x0136cae2
                            0x0136cae2
                            0x0136cae5
                            0x0136cae8
                            0x0136cae8
                            0x0136caf8
                            0x0136cafa
                            0x0136c67b
                            0x0136c67b
                            0x0136c67d
                            0x00000000
                            0x00000000
                            0x0136c67f
                            0x0136c682
                            0x0136c684
                            0x0136c84c
                            0x0136c84f
                            0x0136c851
                            0x0136c69e
                            0x0136c69e
                            0x0136c6a4
                            0x0136c6ad
                            0x0136c6b0
                            0x0136c6b3
                            0x00000000
                            0x0136c6b3
                            0x0136c68a
                            0x0136c692
                            0x0136c692
                            0x0136c695
                            0x00000000
                            0x0136c695
                            0x00000000
                            0x0136cb00
                            0x0136c672
                            0x0136c674
                            0x00000000
                            0x00000000
                            0x0136c679
                            0x0136c679
                            0x00000000
                            0x0136c679
                            0x0136c5d5
                            0x0136c5d8
                            0x0136c5da
                            0x0136c5e0
                            0x0136c5e3
                            0x0136c5e6
                            0x0136c5e9
                            0x0136c63e
                            0x0136c641
                            0x0136c641
                            0x0136c5eb
                            0x0136c5ed
                            0x0136c5f3
                            0x0136cb05
                            0x0136cb07
                            0x00000000
                            0x00000000
                            0x0136cb13
                            0x0136cb16
                            0x0136cb27
                            0x0136cb2c
                            0x0136cb2f
                            0x0136cb31
                            0x0136cb33
                            0x0136cb65
                            0x0136cb65
                            0x00000000
                            0x0136cb65
                            0x0136cb35
                            0x0136cb3b
                            0x0136cb41
                            0x0136cb41
                            0x0136cb44
                            0x0136cb47
                            0x0136cb47
                            0x0136cb5d
                            0x0136cb5f
                            0x013baf9c
                            0x00000000
                            0x013baf9c
                            0x00000000
                            0x0136c5f9
                            0x0136c5f9
                            0x0136c5fb
                            0x0136c646
                            0x0136c646
                            0x0136c649
                            0x0136c64f
                            0x0136c651
                            0x0136c657
                            0x0136c630
                            0x0136c630
                            0x0136c633
                            0x0136c636
                            0x00000000
                            0x0136c636
                            0x0136c600
                            0x0136c600
                            0x0136c602
                            0x0136c602
                            0x0136c604
                            0x0136c839
                            0x0136c83c
                            0x0136c83e
                            0x00000000
                            0x00000000
                            0x0136c844
                            0x0136c844
                            0x0136c846
                            0x00000000
                            0x0136c846
                            0x0136c60a
                            0x00000000
                            0x00000000
                            0x0136c60c
                            0x0136c612
                            0x0136c612
                            0x0136c615
                            0x0136c61b
                            0x0136c61f
                            0x0136c827
                            0x0136c82b
                            0x0136c831
                            0x0136c625
                            0x0136c625
                            0x0136c627
                            0x0136c627
                            0x0136c62d
                            0x00000000
                            0x0136c62d
                            0x0136c5f3
                            0x0136c69b
                            0x00000000
                            0x0136c69b
                            0x0136c566
                            0x0136c85c
                            0x0136c85c
                            0x00000000
                            0x0136c85c
                            0x0136c500
                            0x0136ca95
                            0x0136ca9c
                            0x0136ca9e
                            0x00000000
                            0x0136ca9e
                            0x0136c407
                            0x0136c40b
                            0x00000000
                            0x00000000
                            0x0136c411
                            0x0136c417
                            0x0136c41a
                            0x0136c41c
                            0x00000000
                            0x00000000
                            0x0136c428
                            0x0136c42e
                            0x0136c430
                            0x0136c9d1
                            0x0136c9d1
                            0x0136c9d1
                            0x00000000
                            0x0136c9d1
                            0x0136c436
                            0x0136c439
                            0x00000000
                            0x00000000
                            0x0136c449
                            0x0136c44c
                            0x0136c44e
                            0x0136c452
                            0x0136c458
                            0x0136c458
                            0x0136c45a
                            0x0136c45a
                            0x0136c460
                            0x0136c466
                            0x0136c468
                            0x00000000
                            0x00000000
                            0x0136c46e
                            0x0136c471
                            0x0136c473
                            0x0136c86a
                            0x0136c86a
                            0x0136c86d
                            0x00000000
                            0x0136c86d
                            0x0136c47e
                            0x0136c480
                            0x0136c864
                            0x00000000
                            0x0136c864
                            0x0136c486
                            0x0136c488
                            0x00000000
                            0x00000000
                            0x0136c496
                            0x0136c496
                            0x0136c498
                            0x0136c498
                            0x0136c4a1
                            0x0136c4a4
                            0x0136c4a6
                            0x00000000
                            0x00000000
                            0x0136c4ac
                            0x0136c4ac
                            0x00000000
                            0x0136c4ac
                            0x013bae82
                            0x00000000
                            0x013bae82
                            0x0136c3ef
                            0x0136c26c
                            0x0136c272
                            0x00000000
                            0x00000000
                            0x0136c27b
                            0x013bae1d
                            0x0136c281
                            0x0136c281
                            0x0136c281
                            0x0136c281
                            0x0136c285
                            0x0136c289
                            0x0136c28e
                            0x00000000
                            0x0136c29d
                            0x0136c2a2
                            0x0136ce4d
                            0x0136ce52
                            0x0136ce55
                            0x0136ce57
                            0x00000000
                            0x00000000
                            0x013bae24
                            0x00000000
                            0x013bae24
                            0x00000000
                            0x0136c2a2
                            0x0136c28e
                            0x0136c249
                            0x00000000
                            0x00000000
                            0x00000000

                            Strings
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID: MUI
                            • API String ID: 0-1339004836
                            • Opcode ID: 2e4dc159592e7883f8d17568cfaf2fd6e8dc90c757490b9091df59f8aa2750db
                            • Instruction ID: 5e7e86a0f9bea79663a6425ec4c2fb73b47eb5fd8e2674f2946a2a0936855d93
                            • Opcode Fuzzy Hash: 2e4dc159592e7883f8d17568cfaf2fd6e8dc90c757490b9091df59f8aa2750db
                            • Instruction Fuzzy Hash: 1C72AE75E00219CFEB21CF68C8807ADBBB9BF48318F14D16AD989AB649D7349985CF50
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0136D5E0 Relevance: 1.9, APIs: 1, Instructions: 353timeCOMMONCrypto
                            Download Yara Rule
                            C-Code - Quality: 87%
                            			E0136D5E0(signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16, signed int _a20, signed int _a24) {
				signed int _v8;
				intOrPtr _v20;
				signed int _v36;
				intOrPtr* _v40;
				signed int _v44;
				signed int _v48;
				signed char _v52;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				intOrPtr _v80;
				signed int _v84;
				intOrPtr _v100;
				intOrPtr _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				intOrPtr _v120;
				signed int _v132;
				char _v140;
				char _v144;
				char _v157;
				signed int _v164;
				signed int _v168;
				signed int _v169;
				intOrPtr _v176;
				signed int _v180;
				signed int _v184;
				intOrPtr _v188;
				signed int _v192;
				signed int _v200;
				signed int _v208;
				intOrPtr* _v212;
				char _v216;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t204;
				signed int _t206;
				void* _t208;
				signed int _t211;
				signed int _t216;
				intOrPtr _t217;
				intOrPtr* _t218;
				signed int _t226;
				signed int _t239;
				signed int* _t247;
				signed int _t249;
				void* _t252;
				signed int _t256;
				signed int _t269;
				signed int _t271;
				signed int _t277;
				signed int _t279;
				intOrPtr _t283;
				signed int _t287;
				signed int _t288;
				void* _t289;
				signed char _t290;
				signed int _t292;
				signed int* _t293;
				unsigned int _t297;
				signed int _t306;
				signed int _t307;
				signed int _t308;
				signed int _t309;
				intOrPtr _t311;
				intOrPtr _t312;
				signed int _t319;
				signed int _t320;
				signed int* _t324;
				signed int _t337;
				signed int _t338;
				signed int _t339;
				signed int* _t340;
				void* _t341;
				signed int _t344;
				signed int _t348;
				signed int _t349;
				signed int _t351;
				intOrPtr _t353;
				void* _t354;
				signed int _t356;
				signed int _t358;
				intOrPtr _t359;
				signed int _t361;
				signed int _t363;
				signed short* _t365;
				void* _t367;
				intOrPtr _t369;
				void* _t370;
				signed int _t371;
				signed int _t372;
				void* _t374;
				signed int _t376;
				void* _t384;
				signed int _t387;

				_v8 =  *0x144d360 ^ _t376;
				_t2 =  &_a20;
				 *_t2 = _a20 & 0x00000001;
				_t287 = _a4;
				_v200 = _a12;
				_t365 = _a8;
				_v212 = _a16;
				_v180 = _a24;
				_v168 = 0;
				_v157 = 0;
				if( *_t2 != 0) {
					__eflags = E01366600(0x14452d8);
					if(__eflags == 0) {
						goto L1;
					} else {
						_v188 = 6;
					}
				} else {
					L1:
					_v188 = 9;
				}
				if(_t365 == 0) {
					_v164 = 0;
					goto L5;
				} else {
					_t363 =  *_t365 & 0x0000ffff;
					_t341 = _t363 + 1;
					if((_t365[1] & 0x0000ffff) < _t341) {
						L110:
						__eflags = _t341 - 0x80;
						if(_t341 <= 0x80) {
							_t281 =  &_v140;
							_v164 =  &_v140;
							goto L115;
						} else {
							_t283 =  *0x1447b9c; // 0x0
							_t281 = E01374620(_t341,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t283 + 0x180000, _t341);
							_v164 = _t281;
							__eflags = _t281;
							if(_t281 != 0) {
								_v157 = 1;
								L115:
								E0139F3E0(_t281, _t365[2], _t363);
								_t200 = _v164;
								 *((char*)(_v164 + _t363)) = 0;
								goto L5;
							} else {
								_t204 = 0xc000009a;
								goto L47;
							}
						}
					} else {
						_t200 = _t365[2];
						_v164 = _t200;
						if( *((char*)(_t200 + _t363)) != 0) {
							goto L110;
						} else {
							while(1) {
								L5:
								_t353 = 0;
								_t342 = 0x1000;
								_v176 = 0;
								if(_t287 == 0) {
									break;
								}
								_t384 = _t287 -  *0x1447b90; // 0x77d00000
								if(_t384 == 0) {
									_t353 =  *0x1447b8c; // 0xe22b18
									_v176 = _t353;
									_t320 = ( *(_t353 + 0x50))[8];
									_v184 = _t320;
								} else {
									E01372280(_t200, 0x14484d8);
									_t277 =  *0x14485f4; // 0xe23008
									_t351 =  *0x14485f8 & 1;
									while(_t277 != 0) {
										_t337 =  *(_t277 - 0x50);
										if(_t337 > _t287) {
											_t338 = _t337 | 0xffffffff;
										} else {
											asm("sbb ecx, ecx");
											_t338 =  ~_t337;
										}
										_t387 = _t338;
										if(_t387 < 0) {
											_t339 =  *_t277;
											__eflags = _t351;
											if(_t351 != 0) {
												__eflags = _t339;
												if(_t339 == 0) {
													goto L16;
												} else {
													goto L119;
												}
												goto L153;
											} else {
												goto L16;
											}
											goto L17;
										} else {
											if(_t387 <= 0) {
												__eflags = _t277;
												if(_t277 != 0) {
													_t340 =  *(_t277 - 0x18);
													_t24 = _t277 - 0x68; // 0xe22fa0
													_t353 = _t24;
													_v176 = _t353;
													__eflags = _t340[3] - 0xffffffff;
													if(_t340[3] != 0xffffffff) {
														_t279 =  *_t340;
														__eflags =  *(_t279 - 0x20) & 0x00000020;
														if(( *(_t279 - 0x20) & 0x00000020) == 0) {
															asm("lock inc dword [edi+0x9c]");
															_t340 =  *(_t353 + 0x50);
														}
													}
													_v184 = _t340[8];
												}
											} else {
												_t339 =  *(_t277 + 4);
												if(_t351 != 0) {
													__eflags = _t339;
													if(_t339 == 0) {
														goto L16;
													} else {
														L119:
														_t277 = _t277 ^ _t339;
														goto L17;
													}
													goto L153;
												} else {
													L16:
													_t277 = _t339;
												}
												goto L17;
											}
										}
										goto L25;
										L17:
									}
									L25:
									E0136FFB0(_t287, _t353, 0x14484d8);
									_t320 = _v184;
									_t342 = 0x1000;
								}
								if(_t353 == 0) {
									break;
								} else {
									_t366 = 0;
									if(( *( *[fs:0x18] + 0xfca) & _t342) != 0 || _t320 >= _v188) {
										_t288 = _v164;
										if(_t353 != 0) {
											_t342 = _t288;
											_t374 = E013ACC99(_t353, _t288, _v200, 1,  &_v168);
											if(_t374 >= 0) {
												if(_v184 == 7) {
													__eflags = _a20;
													if(__eflags == 0) {
														__eflags =  *( *[fs:0x18] + 0xfca) & 0x00001000;
														if(__eflags != 0) {
															_t271 = E01366600(0x14452d8);
															__eflags = _t271;
															if(__eflags == 0) {
																_t342 = 0;
																_v169 = _t271;
																_t374 = E01367926( *(_t353 + 0x50), 0,  &_v169);
															}
														}
													}
												}
												if(_t374 < 0) {
													_v168 = 0;
												} else {
													if( *0x144b239 != 0) {
														_t342 =  *(_t353 + 0x18);
														E013DE974(_v180,  *(_t353 + 0x18), __eflags, _v168, 0,  &_v168);
													}
													if( *0x1448472 != 0) {
														_v192 = 0;
														_t342 =  *0x7ffe0330;
														_t361 =  *0x144b218; // 0x0
														asm("ror edi, cl");
														 *0x144b1e0( &_v192, _t353, _v168, 0, _v180);
														 *(_t361 ^  *0x7ffe0330)();
														_t269 = _v192;
														_t353 = _v176;
														__eflags = _t269;
														if(__eflags != 0) {
															_v168 = _t269;
														}
													}
												}
											}
											if(_t374 == 0xc0000135 || _t374 == 0xc0000142) {
												_t366 = 0xc000007a;
											}
											_t247 =  *(_t353 + 0x50);
											if(_t247[3] == 0xffffffff) {
												L40:
												if(_t366 == 0xc000007a) {
													__eflags = _t288;
													if(_t288 == 0) {
														goto L137;
													} else {
														_t366 = 0xc0000139;
													}
													goto L54;
												}
											} else {
												_t249 =  *_t247;
												if(( *(_t249 - 0x20) & 0x00000020) != 0) {
													goto L40;
												} else {
													_t250 = _t249 | 0xffffffff;
													asm("lock xadd [edi+0x9c], eax");
													if((_t249 | 0xffffffff) == 0) {
														E01372280(_t250, 0x14484d8);
														_t342 =  *(_t353 + 0x54);
														_t165 = _t353 + 0x54; // 0x54
														_t252 = _t165;
														__eflags =  *(_t342 + 4) - _t252;
														if( *(_t342 + 4) != _t252) {
															L136:
															asm("int 0x29");
															L137:
															_t288 = _v200;
															_t366 = 0xc0000138;
															L54:
															_t342 = _t288;
															L01393898(0, _t288, _t366);
														} else {
															_t324 =  *(_t252 + 4);
															__eflags =  *_t324 - _t252;
															if( *_t324 != _t252) {
																goto L136;
															} else {
																 *_t324 = _t342;
																 *(_t342 + 4) = _t324;
																_t293 =  *(_t353 + 0x50);
																_v180 =  *_t293;
																E0136FFB0(_t293, _t353, 0x14484d8);
																__eflags =  *((short*)(_t353 + 0x3a));
																if( *((short*)(_t353 + 0x3a)) != 0) {
																	_t342 = 0;
																	__eflags = 0;
																	E013937F5(_t353, 0);
																}
																E01390413(_t353);
																_t256 =  *(_t353 + 0x48);
																__eflags = _t256;
																if(_t256 != 0) {
																	__eflags = _t256 - 0xffffffff;
																	if(_t256 != 0xffffffff) {
																		E01389B10(_t256);
																	}
																}
																__eflags =  *(_t353 + 0x28);
																if( *(_t353 + 0x28) != 0) {
																	_t174 = _t353 + 0x24; // 0x24
																	E013802D6(_t174);
																}
																L013777F0( *0x1447b98, 0, _t353);
																__eflags = _v180 - _t293;
																if(__eflags == 0) {
																	E0138C277(_t293, _t366);
																}
																_t288 = _v164;
																goto L40;
															}
														}
													} else {
														goto L40;
													}
												}
											}
										}
									} else {
										L0136EC7F(_t353);
										L013819B8(_t287, 0, _t353, 0);
										_t200 = E0135F4E3(__eflags);
										continue;
									}
								}
								L41:
								if(_v157 != 0) {
									L013777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t288);
								}
								if(_t366 < 0) {
									L46:
									 *_v212 = _v168;
									_t204 = _t366;
									L47:
									_pop(_t354);
									_pop(_t367);
									_pop(_t289);
									return E0139B640(_t204, _t289, _v8 ^ _t376, _t342, _t354, _t367);
								} else {
									_t206 =  *0x144b2f8; // 0x0
									if((_t206 |  *0x144b2fc) == 0 || ( *0x144b2e4 & 0x00000001) != 0) {
										goto L46;
									} else {
										_t297 =  *0x144b2ec; // 0x0
										_v200 = 0;
										if((_t297 >> 0x00000008 & 0x00000003) == 3) {
											_t355 = _v168;
											_t342 =  &_v208;
											_t208 = E01406B68(_v168,  &_v208, _v168, __eflags);
											__eflags = _t208 - 1;
											if(_t208 == 1) {
												goto L46;
											} else {
												__eflags = _v208 & 0x00000010;
												if((_v208 & 0x00000010) == 0) {
													goto L46;
												} else {
													_t342 = 4;
													_t366 = E01406AEB(_t355, 4,  &_v216);
													__eflags = _t366;
													if(_t366 >= 0) {
														goto L46;
													} else {
														asm("int 0x29");
														_t356 = 0;
														_v44 = 0;
														_t290 = _v52;
														__eflags = 0;
														if(0 == 0) {
															L109:
															_t356 = 0;
															_v44 = 0;
															goto L64;
														} else {
															__eflags = 0;
															__eflags = 0;
															if(0 < 0) {
																goto L109;
															}
															L64:
															_v112 = _t356;
															__eflags = _t356;
															if(_t356 == 0) {
																L145:
																_v8 = 0xfffffffe;
																_t211 = 0xc0000089;
															} else {
																_v36 = 0;
																_v60 = 0;
																_v48 = 0;
																_v68 = 0;
																_v44 = _t290 & 0xfffffffc;
																E0136E9C0(1, _t290 & 0xfffffffc, 0, 0,  &_v68);
																_t306 = _v68;
																__eflags = _t306;
																if(_t306 == 0) {
																	_t216 = 0xc000007b;
																	_v36 = 0xc000007b;
																	_t307 = _v60;
																} else {
																	__eflags = _t290 & 0x00000001;
																	if(__eflags == 0) {
																		_t349 =  *(_t306 + 0x18) & 0x0000ffff;
																		__eflags = _t349 - 0x10b;
																		if(_t349 != 0x10b) {
																			__eflags = _t349 - 0x20b;
																			if(_t349 == 0x20b) {
																				goto L103;
																			} else {
																				_t307 = 0;
																				_v48 = 0;
																				_t216 = 0xc000007b;
																				_v36 = 0xc000007b;
																				goto L72;
																			}
																		} else {
																			L103:
																			_t307 =  *(_t306 + 0x50);
																			goto L70;
																		}
																		goto L153;
																	} else {
																		_t239 = E0136EAEA(_t290, _t290, _t356, _t366, __eflags);
																		_t307 = _t239;
																		_v60 = _t307;
																		_v48 = _t307;
																		__eflags = _t307;
																		if(_t307 != 0) {
																			L71:
																			_t216 = _v36;
																		} else {
																			_push(_t239);
																			_push(0x14);
																			_push( &_v144);
																			_push(3);
																			_push(_v44);
																			_push(0xffffffff);
																			_t319 = E01399730();
																			_v36 = _t319;
																			__eflags = _t319;
																			if(_t319 < 0) {
																				_t216 = 0xc000001f;
																				_v36 = 0xc000001f;
																				_t307 = _v60;
																			} else {
																				_t307 = _v132;
																				L70:
																				_v48 = _t307;
																				goto L71;
																			}
																		}
																	}
																}
																L72:
																_v72 = _t307;
																_v84 = _t216;
																__eflags = _t216 - 0xc000007b;
																if(_t216 == 0xc000007b) {
																	L152:
																	_v8 = 0xfffffffe;
																	_t211 = 0xc000007b;
																} else {
																	_t344 = _t290 & 0xfffffffc;
																	_v76 = _t344;
																	__eflags = _v40 - _t344;
																	if(_v40 <= _t344) {
																		goto L152;
																	} else {
																		__eflags = _t307;
																		if(_t307 == 0) {
																			L76:
																			_t217 = 0;
																			_v104 = 0;
																			__eflags = _t366;
																			if(_t366 != 0) {
																				__eflags = _t290 & 0x00000001;
																				if((_t290 & 0x00000001) != 0) {
																					_t217 = 1;
																					_v104 = 1;
																				}
																				_t290 = _v44;
																				_v52 = _t290;
																			}
																			__eflags = _t217 - 1;
																			if(_t217 != 1) {
																				_t369 = 0;
																				_t218 = _v40;
																				goto L92;
																			} else {
																				_v64 = 0;
																				E0136E9C0(1, _t290, 0, 0,  &_v64);
																				_t309 = _v64;
																				_v108 = _t309;
																				__eflags = _t309;
																				if(_t309 == 0) {
																					goto L145;
																				} else {
																					_t226 =  *(_t309 + 0x18) & 0x0000ffff;
																					__eflags = _t226 - 0x10b;
																					if(_t226 != 0x10b) {
																						__eflags = _t226 - 0x20b;
																						if(_t226 != 0x20b) {
																							goto L145;
																						} else {
																							_t371 =  *(_t309 + 0x98);
																							goto L84;
																						}
																					} else {
																						_t371 =  *(_t309 + 0x88);
																						L84:
																						__eflags = _t371;
																						if(_t371 != 0) {
																							_v80 = _t371 - _t356 + _t290;
																							_t115 = _v64 + 0x18; // 0x18
																							_t348 = _t115 + ( *(_t309 + 0x14) & 0x0000ffff);
																							_t292 =  *(_v64 + 6) & 0x0000ffff;
																							_t311 = 0;
																							__eflags = 0;
																							while(1) {
																								_v120 = _t311;
																								_v116 = _t348;
																								__eflags = _t311 - _t292;
																								if(_t311 >= _t292) {
																									goto L145;
																								}
																								_t359 =  *((intOrPtr*)(_t348 + 0xc));
																								__eflags = _t371 - _t359;
																								if(_t371 < _t359) {
																									L99:
																									_t348 = _t348 + 0x28;
																									_t311 = _t311 + 1;
																									continue;
																								} else {
																									__eflags = _t371 -  *((intOrPtr*)(_t348 + 0x10)) + _t359;
																									if(_t371 >=  *((intOrPtr*)(_t348 + 0x10)) + _t359) {
																										goto L99;
																									} else {
																										__eflags = _t348;
																										if(_t348 == 0) {
																											goto L145;
																										} else {
																											_t218 = _v40;
																											_t312 =  *_t218;
																											__eflags = _t312 -  *((intOrPtr*)(_t348 + 8));
																											if(_t312 >  *((intOrPtr*)(_t348 + 8))) {
																												_v100 = _t359;
																												_t360 = _v108;
																												_t372 = L01368F44(_v108, _t312);
																												__eflags = _t372;
																												if(_t372 == 0) {
																													goto L145;
																												} else {
																													_t290 = _v52;
																													_t369 = _v80 +  *((intOrPtr*)(_t372 + 0xc)) - _v100 + _v112 - E01393C00(_t360, _t290,  *((intOrPtr*)(_t372 + 0xc)));
																													_t307 = _v72;
																													_t344 = _v76;
																													_t218 = _v40;
																													goto L92;
																												}
																											} else {
																												_t290 = _v52;
																												_t307 = _v72;
																												_t344 = _v76;
																												_t369 = _v80;
																												L92:
																												_t358 = _a4;
																												__eflags = _t358;
																												if(_t358 == 0) {
																													L96:
																													_t308 = _a8;
																													__eflags = _t308;
																													if(_t308 != 0) {
																														 *_t308 =  *((intOrPtr*)(_v40 + 4));
																													}
																													_v8 = 0xfffffffe;
																													_t211 = _v84;
																												} else {
																													_t370 =  *_t218 - _t369 + _t290;
																													 *_t358 = _t370;
																													__eflags = _t370 - _t344;
																													if(_t370 <= _t344) {
																														L151:
																														 *_t358 = 0;
																														goto L152;
																													} else {
																														__eflags = _t307;
																														if(_t307 == 0) {
																															goto L96;
																														} else {
																															__eflags = _t370 - _t344 + _t307;
																															if(_t370 >= _t344 + _t307) {
																																goto L151;
																															} else {
																																goto L96;
																															}
																														}
																													}
																												}
																											}
																										}
																									}
																								}
																								goto L98;
																							}
																						}
																						goto L145;
																					}
																				}
																			}
																		} else {
																			__eflags = _v40 - _t307 + _t344;
																			if(_v40 >= _t307 + _t344) {
																				goto L152;
																			} else {
																				goto L76;
																			}
																		}
																	}
																}
															}
															L98:
															 *[fs:0x0] = _v20;
															return _t211;
														}
													}
												}
											}
										} else {
											goto L46;
										}
									}
								}
								goto L153;
							}
							_t288 = _v164;
							_t366 = 0xc0000135;
							goto L41;
						}
					}
				}
				L153:
			}







































































































                            0x0136d5f2
                            0x0136d5f5
                            0x0136d5f5
                            0x0136d5fd
                            0x0136d600
                            0x0136d60a
                            0x0136d60d
                            0x0136d617
                            0x0136d61d
                            0x0136d627
                            0x0136d62e
                            0x0136d911
                            0x0136d913
                            0x00000000
                            0x0136d919
                            0x0136d919
                            0x0136d919
                            0x0136d634
                            0x0136d634
                            0x0136d634
                            0x0136d634
                            0x0136d640
                            0x0136d8bf
                            0x00000000
                            0x0136d646
                            0x0136d646
                            0x0136d64d
                            0x0136d652
                            0x013bb2fc
                            0x013bb2fc
                            0x013bb302
                            0x013bb33b
                            0x013bb341
                            0x00000000
                            0x013bb304
                            0x013bb304
                            0x013bb319
                            0x013bb31e
                            0x013bb324
                            0x013bb326
                            0x013bb332
                            0x013bb347
                            0x013bb34c
                            0x013bb351
                            0x013bb35a
                            0x00000000
                            0x013bb328
                            0x013bb328
                            0x00000000
                            0x013bb328
                            0x013bb326
                            0x0136d658
                            0x0136d658
                            0x0136d65b
                            0x0136d665
                            0x00000000
                            0x0136d66b
                            0x0136d66b
                            0x0136d66b
                            0x0136d66b
                            0x0136d66d
                            0x0136d672
                            0x0136d67a
                            0x00000000
                            0x00000000
                            0x0136d680
                            0x0136d686
                            0x0136d8ce
                            0x0136d8d4
                            0x0136d8dd
                            0x0136d8e0
                            0x0136d68c
                            0x0136d691
                            0x0136d69d
                            0x0136d6a2
                            0x0136d6a7
                            0x0136d6b0
                            0x0136d6b5
                            0x0136d6e0
                            0x0136d6b7
                            0x0136d6b7
                            0x0136d6b9
                            0x0136d6b9
                            0x0136d6bb
                            0x0136d6bd
                            0x0136d6ce
                            0x0136d6d0
                            0x0136d6d2
                            0x013bb363
                            0x013bb365
                            0x00000000
                            0x013bb36b
                            0x00000000
                            0x013bb36b
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x0136d6bf
                            0x0136d6bf
                            0x0136d6e5
                            0x0136d6e7
                            0x0136d6e9
                            0x0136d6ec
                            0x0136d6ec
                            0x0136d6ef
                            0x0136d6f5
                            0x0136d6f9
                            0x0136d6fb
                            0x0136d6fd
                            0x0136d701
                            0x0136d703
                            0x0136d70a
                            0x0136d70a
                            0x0136d701
                            0x0136d710
                            0x0136d710
                            0x0136d6c1
                            0x0136d6c1
                            0x0136d6c6
                            0x013bb36d
                            0x013bb36f
                            0x00000000
                            0x013bb375
                            0x013bb375
                            0x013bb375
                            0x00000000
                            0x013bb375
                            0x00000000
                            0x0136d6cc
                            0x0136d6d8
                            0x0136d6d8
                            0x0136d6d8
                            0x00000000
                            0x0136d6c6
                            0x0136d6bf
                            0x00000000
                            0x0136d6da
                            0x0136d6da
                            0x0136d716
                            0x0136d71b
                            0x0136d720
                            0x0136d726
                            0x0136d726
                            0x0136d72d
                            0x00000000
                            0x0136d733
                            0x0136d739
                            0x0136d742
                            0x0136d750
                            0x0136d758
                            0x0136d764
                            0x0136d776
                            0x0136d77a
                            0x0136d783
                            0x0136d928
                            0x0136d92c
                            0x0136d93d
                            0x0136d944
                            0x0136d94f
                            0x0136d954
                            0x0136d956
                            0x0136d95f
                            0x0136d961
                            0x0136d973
                            0x0136d973
                            0x0136d956
                            0x0136d944
                            0x0136d92c
                            0x0136d78b
                            0x013bb394
                            0x0136d791
                            0x0136d798
                            0x013bb3a3
                            0x013bb3bb
                            0x013bb3bb
                            0x0136d7a5
                            0x0136d866
                            0x0136d870
                            0x0136d884
                            0x0136d892
                            0x0136d898
                            0x0136d89e
                            0x0136d8a0
                            0x0136d8a6
                            0x0136d8ac
                            0x0136d8ae
                            0x0136d8b4
                            0x0136d8b4
                            0x0136d8ae
                            0x0136d7a5
                            0x0136d78b
                            0x0136d7b1
                            0x013bb3c5
                            0x013bb3c5
                            0x0136d7c3
                            0x0136d7ca
                            0x0136d7e5
                            0x0136d7eb
                            0x0136d8eb
                            0x0136d8ed
                            0x00000000
                            0x0136d8f3
                            0x0136d8f3
                            0x0136d8f3
                            0x00000000
                            0x0136d8ed
                            0x0136d7cc
                            0x0136d7cc
                            0x0136d7d2
                            0x00000000
                            0x0136d7d4
                            0x0136d7d4
                            0x0136d7d7
                            0x0136d7df
                            0x013bb3d4
                            0x013bb3d9
                            0x013bb3dc
                            0x013bb3dc
                            0x013bb3df
                            0x013bb3e2
                            0x013bb468
                            0x013bb46d
                            0x013bb46f
                            0x013bb46f
                            0x013bb475
                            0x0136d8f8
                            0x0136d8f9
                            0x0136d8fd
                            0x013bb3e8
                            0x013bb3e8
                            0x013bb3eb
                            0x013bb3ed
                            0x00000000
                            0x013bb3ef
                            0x013bb3ef
                            0x013bb3f1
                            0x013bb3f4
                            0x013bb3fe
                            0x013bb404
                            0x013bb409
                            0x013bb40e
                            0x013bb410
                            0x013bb410
                            0x013bb414
                            0x013bb414
                            0x013bb41b
                            0x013bb420
                            0x013bb423
                            0x013bb425
                            0x013bb427
                            0x013bb42a
                            0x013bb42d
                            0x013bb42d
                            0x013bb42a
                            0x013bb432
                            0x013bb436
                            0x013bb438
                            0x013bb43b
                            0x013bb43b
                            0x013bb449
                            0x013bb44e
                            0x013bb454
                            0x013bb458
                            0x013bb458
                            0x013bb45d
                            0x00000000
                            0x013bb45d
                            0x013bb3ed
                            0x00000000
                            0x00000000
                            0x00000000
                            0x0136d7df
                            0x0136d7d2
                            0x0136d7ca
                            0x013bb37c
                            0x013bb37e
                            0x013bb385
                            0x013bb38a
                            0x00000000
                            0x013bb38a
                            0x0136d742
                            0x0136d7f1
                            0x0136d7f8
                            0x013bb49b
                            0x013bb49b
                            0x0136d800
                            0x0136d837
                            0x0136d843
                            0x0136d845
                            0x0136d847
                            0x0136d84a
                            0x0136d84b
                            0x0136d84e
                            0x0136d857
                            0x0136d802
                            0x0136d802
                            0x0136d80d
                            0x00000000
                            0x0136d818
                            0x0136d818
                            0x0136d824
                            0x0136d831
                            0x013bb4a5
                            0x013bb4ab
                            0x013bb4b3
                            0x013bb4b8
                            0x013bb4bb
                            0x00000000
                            0x013bb4c1
                            0x013bb4c1
                            0x013bb4c8
                            0x00000000
                            0x013bb4ce
                            0x013bb4d4
                            0x013bb4e1
                            0x013bb4e3
                            0x013bb4e5
                            0x00000000
                            0x013bb4eb
                            0x013bb4f0
                            0x013bb4f2
                            0x0136dac9
                            0x0136dacc
                            0x0136dacf
                            0x0136dad1
                            0x0136dd78
                            0x0136dd78
                            0x0136dcf2
                            0x00000000
                            0x0136dad7
                            0x0136dad7
                            0x0136dad9
                            0x0136dadb
                            0x00000000
                            0x00000000
                            0x0136dae1
                            0x0136dae1
                            0x0136dae4
                            0x0136dae6
                            0x013bb4f9
                            0x013bb4f9
                            0x013bb500
                            0x0136daec
                            0x0136daec
                            0x0136daf5
                            0x0136daf8
                            0x0136dafb
                            0x0136db03
                            0x0136db11
                            0x0136db16
                            0x0136db19
                            0x0136db1b
                            0x013bb52c
                            0x013bb531
                            0x013bb534
                            0x0136db21
                            0x0136db21
                            0x0136db24
                            0x0136dcd9
                            0x0136dce2
                            0x0136dce5
                            0x0136dd6a
                            0x0136dd6d
                            0x00000000
                            0x0136dd73
                            0x013bb51a
                            0x013bb51c
                            0x013bb51f
                            0x013bb524
                            0x00000000
                            0x013bb524
                            0x0136dce7
                            0x0136dce7
                            0x0136dce7
                            0x00000000
                            0x0136dce7
                            0x00000000
                            0x0136db2a
                            0x0136db2c
                            0x0136db31
                            0x0136db33
                            0x0136db36
                            0x0136db39
                            0x0136db3b
                            0x0136db66
                            0x0136db66
                            0x0136db3d
                            0x0136db3d
                            0x0136db3e
                            0x0136db46
                            0x0136db47
                            0x0136db49
                            0x0136db4c
                            0x0136db53
                            0x0136db55
                            0x0136db58
                            0x0136db5a
                            0x013bb50a
                            0x013bb50f
                            0x013bb512
                            0x0136db60
                            0x0136db60
                            0x0136db63
                            0x0136db63
                            0x00000000
                            0x0136db63
                            0x0136db5a
                            0x0136db3b
                            0x0136db24
                            0x0136db69
                            0x0136db69
                            0x0136db6c
                            0x0136db6f
                            0x0136db74
                            0x013bb557
                            0x013bb557
                            0x013bb55e
                            0x0136db7a
                            0x0136db7c
                            0x0136db7f
                            0x0136db82
                            0x0136db85
                            0x00000000
                            0x0136db8b
                            0x0136db8b
                            0x0136db8d
                            0x0136db9b
                            0x0136db9b
                            0x0136db9d
                            0x0136dba0
                            0x0136dba2
                            0x0136dba4
                            0x0136dba7
                            0x0136dba9
                            0x0136dbae
                            0x0136dbae
                            0x0136dbb1
                            0x0136dbb4
                            0x0136dbb4
                            0x0136dbb7
                            0x0136dbba
                            0x0136dcd2
                            0x0136dcd4
                            0x00000000
                            0x0136dbc0
                            0x0136dbc0
                            0x0136dbd2
                            0x0136dbd7
                            0x0136dbda
                            0x0136dbdd
                            0x0136dbdf
                            0x00000000
                            0x0136dbe5
                            0x0136dbe5
                            0x0136dbee
                            0x0136dbf1
                            0x013bb541
                            0x013bb544
                            0x00000000
                            0x013bb546
                            0x013bb546
                            0x00000000
                            0x013bb546
                            0x0136dbf7
                            0x0136dbf7
                            0x0136dbfd
                            0x0136dbfd
                            0x0136dbff
                            0x0136dc0b
                            0x0136dc18
                            0x0136dc1b
                            0x0136dc1d
                            0x0136dc21
                            0x0136dc21
                            0x0136dc23
                            0x0136dc23
                            0x0136dc26
                            0x0136dc29
                            0x0136dc2b
                            0x00000000
                            0x00000000
                            0x0136dc31
                            0x0136dc34
                            0x0136dc36
                            0x0136dcbf
                            0x0136dcbf
                            0x0136dcc2
                            0x00000000
                            0x0136dc3c
                            0x0136dc41
                            0x0136dc43
                            0x00000000
                            0x0136dc45
                            0x0136dc45
                            0x0136dc47
                            0x00000000
                            0x0136dc4d
                            0x0136dc4d
                            0x0136dc50
                            0x0136dc52
                            0x0136dc55
                            0x0136dcfa
                            0x0136dcfe
                            0x0136dd08
                            0x0136dd0a
                            0x0136dd0c
                            0x00000000
                            0x0136dd12
                            0x0136dd15
                            0x0136dd2d
                            0x0136dd2f
                            0x0136dd32
                            0x0136dd35
                            0x00000000
                            0x0136dd35
                            0x0136dc5b
                            0x0136dc5b
                            0x0136dc5e
                            0x0136dc61
                            0x0136dc64
                            0x0136dc67
                            0x0136dc67
                            0x0136dc6a
                            0x0136dc6c
                            0x0136dc8e
                            0x0136dc8e
                            0x0136dc91
                            0x0136dc93
                            0x0136dcce
                            0x0136dcce
                            0x0136dc95
                            0x0136dc9c
                            0x0136dc6e
                            0x0136dc72
                            0x0136dc75
                            0x0136dc77
                            0x0136dc79
                            0x013bb551
                            0x013bb551
                            0x00000000
                            0x0136dc7f
                            0x0136dc7f
                            0x0136dc81
                            0x00000000
                            0x0136dc83
                            0x0136dc86
                            0x0136dc88
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x0136dc88
                            0x0136dc81
                            0x0136dc79
                            0x0136dc6c
                            0x0136dc55
                            0x0136dc47
                            0x0136dc43
                            0x00000000
                            0x0136dc36
                            0x0136dc23
                            0x00000000
                            0x0136dbff
                            0x0136dbf1
                            0x0136dbdf
                            0x0136db8f
                            0x0136db92
                            0x0136db95
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x0136db95
                            0x0136db8d
                            0x0136db85
                            0x0136db74
                            0x0136dc9f
                            0x0136dca2
                            0x0136dcb0
                            0x0136dcb0
                            0x0136dad1
                            0x013bb4e5
                            0x013bb4c8
                            0x00000000
                            0x00000000
                            0x00000000
                            0x0136d831
                            0x0136d80d
                            0x00000000
                            0x0136d800
                            0x013bb47f
                            0x013bb485
                            0x00000000
                            0x013bb485
                            0x0136d665
                            0x0136d652
                            0x00000000

                            APIs
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID: DebugPrintTimes
                            • String ID:
                            • API String ID: 3446177414-0
                            • Opcode ID: 25d025159f052d087e17b94b9fd6783dcb0a2da00aad5c1c27fbab05bab4e516
                            • Instruction ID: 74ab951e0dd3c530e62e9b1959f00e80ad2ee03e0b955cddd6ae9b153f44365e
                            • Opcode Fuzzy Hash: 25d025159f052d087e17b94b9fd6783dcb0a2da00aad5c1c27fbab05bab4e516
                            • Instruction Fuzzy Hash: CCE1E430B0035ACFEB31CF58C884BA9BBB9BF4531CF0481A9DA495B699DB349D41CB52
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0138513A Relevance: 1.8, APIs: 1, Instructions: 258timeCOMMON
                            Download Yara Rule
                            C-Code - Quality: 67%
                            			E0138513A(intOrPtr __ecx, void* __edx) {
				signed int _v8;
				signed char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				char _v63;
				char _v64;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed char* _v92;
				signed int _v100;
				signed int _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t157;
				signed int _t159;
				signed int _t160;
				unsigned int* _t161;
				intOrPtr _t165;
				signed int _t172;
				signed char* _t181;
				intOrPtr _t189;
				intOrPtr* _t200;
				signed int _t202;
				signed int _t203;
				char _t204;
				signed int _t207;
				signed int _t208;
				void* _t209;
				intOrPtr _t210;
				signed int _t212;
				signed int _t214;
				signed int _t221;
				signed int _t222;
				signed int _t226;
				intOrPtr* _t232;
				signed int _t233;
				signed int _t234;
				intOrPtr _t237;
				intOrPtr _t238;
				intOrPtr _t240;
				void* _t245;
				signed int _t246;
				signed int _t247;
				void* _t248;
				void* _t251;
				void* _t252;
				signed int _t253;
				signed int _t255;
				signed int _t256;

				_t255 = (_t253 & 0xfffffff8) - 0x6c;
				_v8 =  *0x144d360 ^ _t255;
				_v32 = _v32 & 0x00000000;
				_t251 = __edx;
				_t237 = __ecx;
				_t212 = 6;
				_t245 =  &_v84;
				_t207 =  *((intOrPtr*)(__ecx + 0x48));
				_v44 =  *((intOrPtr*)(__edx + 0xc8));
				_v48 = __ecx;
				_v36 = _t207;
				_t157 = memset(_t245, 0, _t212 << 2);
				_t256 = _t255 + 0xc;
				_t246 = _t245 + _t212;
				if(_t207 == 2) {
					_t247 =  *(_t237 + 0x60);
					_t208 =  *(_t237 + 0x64);
					_v63 =  *((intOrPtr*)(_t237 + 0x4c));
					_t159 =  *((intOrPtr*)(_t237 + 0x58));
					_v104 = _t159;
					_v76 = _t159;
					_t160 =  *((intOrPtr*)(_t237 + 0x5c));
					_v100 = _t160;
					_v72 = _t160;
					L19:
					_v80 = _t208;
					_v84 = _t247;
					L8:
					_t214 = 0;
					if( *(_t237 + 0x74) > 0) {
						_t82 = _t237 + 0x84; // 0x124
						_t161 = _t82;
						_v92 = _t161;
						while( *_t161 >> 0x1f != 0) {
							_t200 = _v92;
							if( *_t200 == 0x80000000) {
								break;
							}
							_t214 = _t214 + 1;
							_t161 = _t200 + 0x10;
							_v92 = _t161;
							if(_t214 <  *(_t237 + 0x74)) {
								continue;
							}
							goto L9;
						}
						_v88 = _t214 << 4;
						_v40 = _t237 +  *((intOrPtr*)(_v88 + _t237 + 0x78));
						_t165 = 0;
						asm("adc eax, [ecx+edx+0x7c]");
						_v24 = _t165;
						_v28 = _v40;
						_v20 =  *((intOrPtr*)(_v88 + _t237 + 0x80));
						_t221 = _v40;
						_v16 =  *_v92;
						_v32 =  &_v28;
						if( *(_t237 + 0x4e) >> 0xf == 0) {
							goto L9;
						}
						_t240 = _v48;
						if( *_v92 != 0x80000000) {
							goto L9;
						}
						 *((intOrPtr*)(_t221 + 8)) = 0;
						 *((intOrPtr*)(_t221 + 0xc)) = 0;
						 *((intOrPtr*)(_t221 + 0x14)) = 0;
						 *((intOrPtr*)(_t221 + 0x10)) = _v20;
						_t226 = 0;
						_t181 = _t251 + 0x66;
						_v88 = 0;
						_v92 = _t181;
						do {
							if( *((char*)(_t181 - 2)) == 0) {
								goto L31;
							}
							_t226 = _v88;
							if(( *_t181 & 0x000000ff) == ( *(_t240 + 0x4e) & 0x7fff)) {
								_t181 = E0139D0F0(1, _t226 + 0x20, 0);
								_t226 = _v40;
								 *(_t226 + 8) = _t181;
								 *((intOrPtr*)(_t226 + 0xc)) = 0;
								L34:
								if(_v44 == 0) {
									goto L9;
								}
								_t210 = _v44;
								_t127 = _t210 + 0x1c; // 0x1c
								_t249 = _t127;
								E01372280(_t181, _t127);
								 *(_t210 + 0x20) =  *( *[fs:0x18] + 0x24);
								_t185 =  *((intOrPtr*)(_t210 + 0x94));
								if( *((intOrPtr*)(_t210 + 0x94)) != 0) {
									L013777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t185);
								}
								_t189 = E01374620(_t226,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v20 + 0x10);
								 *((intOrPtr*)(_t210 + 0x94)) = _t189;
								if(_t189 != 0) {
									 *((intOrPtr*)(_t189 + 8)) = _v20;
									 *( *((intOrPtr*)(_t210 + 0x94)) + 0xc) = _v16;
									_t232 =  *((intOrPtr*)(_t210 + 0x94));
									 *_t232 = _t232 + 0x10;
									 *(_t232 + 4) =  *(_t232 + 4) & 0x00000000;
									E0139F3E0( *((intOrPtr*)( *((intOrPtr*)(_t210 + 0x94)))), _v28, _v20);
									_t256 = _t256 + 0xc;
								}
								 *(_t210 + 0x20) =  *(_t210 + 0x20) & 0x00000000;
								E0136FFB0(_t210, _t249, _t249);
								_t222 = _v76;
								_t172 = _v80;
								_t208 = _v84;
								_t247 = _v88;
								L10:
								_t238 =  *((intOrPtr*)(_t251 + 0x1c));
								_v44 = _t238;
								if(_t238 != 0) {
									 *0x144b1e0(_v48 + 0x38, _v36, _v63, _t172, _t222, _t247, _t208, _v32,  *((intOrPtr*)(_t251 + 0x20)));
									_v44();
								}
								_pop(_t248);
								_pop(_t252);
								_pop(_t209);
								return E0139B640(0, _t209, _v8 ^ _t256, _t238, _t248, _t252);
							}
							_t181 = _v92;
							L31:
							_t226 = _t226 + 1;
							_t181 =  &(_t181[0x18]);
							_v88 = _t226;
							_v92 = _t181;
						} while (_t226 < 4);
						goto L34;
					}
					L9:
					_t172 = _v104;
					_t222 = _v100;
					goto L10;
				}
				_t247 = _t246 | 0xffffffff;
				_t208 = _t247;
				_v84 = _t247;
				_v80 = _t208;
				if( *((intOrPtr*)(_t251 + 0x4c)) == _t157) {
					_t233 = _v72;
					_v105 = _v64;
					_t202 = _v76;
				} else {
					_t204 =  *((intOrPtr*)(_t251 + 0x4d));
					_v105 = 1;
					if(_v63 <= _t204) {
						_v63 = _t204;
					}
					_t202 = _v76 |  *(_t251 + 0x40);
					_t233 = _v72 |  *(_t251 + 0x44);
					_t247 =  *(_t251 + 0x38);
					_t208 =  *(_t251 + 0x3c);
					_v76 = _t202;
					_v72 = _t233;
					_v84 = _t247;
					_v80 = _t208;
				}
				_v104 = _t202;
				_v100 = _t233;
				if( *((char*)(_t251 + 0xc4)) != 0) {
					_t237 = _v48;
					_v105 = 1;
					if(_v63 <=  *((intOrPtr*)(_t251 + 0xc5))) {
						_v63 =  *((intOrPtr*)(_t251 + 0xc5));
						_t237 = _v48;
					}
					_t203 = _t202 |  *(_t251 + 0xb8);
					_t234 = _t233 |  *(_t251 + 0xbc);
					_t247 = _t247 &  *(_t251 + 0xb0);
					_t208 = _t208 &  *(_t251 + 0xb4);
					_v104 = _t203;
					_v76 = _t203;
					_v100 = _t234;
					_v72 = _t234;
					_v84 = _t247;
					_v80 = _t208;
				}
				if(_v105 == 0) {
					_v36 = _v36 & 0x00000000;
					_t208 = 0;
					_t247 = 0;
					 *(_t237 + 0x74) =  *(_t237 + 0x74) & 0;
					goto L19;
				} else {
					_v36 = 1;
					goto L8;
				}
			}































































                            0x01385142
                            0x0138514c
                            0x01385150
                            0x01385157
                            0x01385159
                            0x0138515e
                            0x01385165
                            0x01385169
                            0x0138516c
                            0x01385172
                            0x01385176
                            0x0138517a
                            0x0138517a
                            0x0138517a
                            0x0138517f
                            0x013c6d8b
                            0x013c6d8e
                            0x013c6d91
                            0x013c6d95
                            0x013c6d98
                            0x013c6d9c
                            0x013c6da0
                            0x013c6da3
                            0x013c6da7
                            0x013c6e26
                            0x013c6e26
                            0x013c6e2a
                            0x013851f9
                            0x013851f9
                            0x013851fe
                            0x013c6e33
                            0x013c6e33
                            0x013c6e39
                            0x013c6e3d
                            0x013c6e46
                            0x013c6e50
                            0x00000000
                            0x00000000
                            0x013c6e52
                            0x013c6e53
                            0x013c6e56
                            0x013c6e5d
                            0x00000000
                            0x00000000
                            0x00000000
                            0x013c6e5f
                            0x013c6e67
                            0x013c6e77
                            0x013c6e7f
                            0x013c6e80
                            0x013c6e88
                            0x013c6e90
                            0x013c6e9f
                            0x013c6ea5
                            0x013c6ea9
                            0x013c6eb1
                            0x013c6ebf
                            0x00000000
                            0x00000000
                            0x013c6ecf
                            0x013c6ed3
                            0x00000000
                            0x00000000
                            0x013c6edb
                            0x013c6ede
                            0x013c6ee1
                            0x013c6ee8
                            0x013c6eeb
                            0x013c6eed
                            0x013c6ef0
                            0x013c6ef4
                            0x013c6ef8
                            0x013c6efc
                            0x00000000
                            0x00000000
                            0x013c6f0d
                            0x013c6f11
                            0x013c6f32
                            0x013c6f37
                            0x013c6f3b
                            0x013c6f3e
                            0x013c6f41
                            0x013c6f46
                            0x00000000
                            0x00000000
                            0x013c6f4c
                            0x013c6f50
                            0x013c6f50
                            0x013c6f54
                            0x013c6f62
                            0x013c6f65
                            0x013c6f6d
                            0x013c6f7b
                            0x013c6f7b
                            0x013c6f93
                            0x013c6f98
                            0x013c6fa0
                            0x013c6fa6
                            0x013c6fb3
                            0x013c6fb6
                            0x013c6fbf
                            0x013c6fc1
                            0x013c6fd5
                            0x013c6fda
                            0x013c6fda
                            0x013c6fdd
                            0x013c6fe2
                            0x013c6fe7
                            0x013c6feb
                            0x013c6fef
                            0x013c6ff3
                            0x0138520c
                            0x0138520c
                            0x0138520f
                            0x01385215
                            0x01385234
                            0x0138523a
                            0x0138523a
                            0x01385244
                            0x01385245
                            0x01385246
                            0x01385251
                            0x01385251
                            0x013c6f13
                            0x013c6f17
                            0x013c6f17
                            0x013c6f18
                            0x013c6f1b
                            0x013c6f1f
                            0x013c6f23
                            0x00000000
                            0x013c6f28
                            0x01385204
                            0x01385204
                            0x01385208
                            0x00000000
                            0x01385208
                            0x01385185
                            0x01385188
                            0x0138518a
                            0x0138518e
                            0x01385195
                            0x013c6db1
                            0x013c6db5
                            0x013c6db9
                            0x0138519b
                            0x0138519b
                            0x0138519e
                            0x013851a7
                            0x013851a9
                            0x013851a9
                            0x013851b5
                            0x013851b8
                            0x013851bb
                            0x013851be
                            0x013851c1
                            0x013851c5
                            0x013851c9
                            0x013851cd
                            0x013851cd
                            0x013851d8
                            0x013851dc
                            0x013851e0
                            0x013c6dcc
                            0x013c6dd0
                            0x013c6dd5
                            0x013c6ddd
                            0x013c6de1
                            0x013c6de1
                            0x013c6de5
                            0x013c6deb
                            0x013c6df1
                            0x013c6df7
                            0x013c6dfd
                            0x013c6e01
                            0x013c6e05
                            0x013c6e09
                            0x013c6e0d
                            0x013c6e11
                            0x013c6e11
                            0x013851eb
                            0x013c6e1a
                            0x013c6e1f
                            0x013c6e21
                            0x013c6e23
                            0x00000000
                            0x013851f1
                            0x013851f1
                            0x00000000
                            0x013851f1

                            APIs
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID: DebugPrintTimes
                            • String ID:
                            • API String ID: 3446177414-0
                            • Opcode ID: eb99d76fbb019664d9837d6f7706d6b9172978f74736cb22f399cbd580352575
                            • Instruction ID: dd7ef7d09e0050bb64e769beb11e052734eea5b3b446ea84f7e696b283e41312
                            • Opcode Fuzzy Hash: eb99d76fbb019664d9837d6f7706d6b9172978f74736cb22f399cbd580352575
                            • Instruction Fuzzy Hash: 71C122B55083818FD354CF28C581A6AFBF1BF88708F184A6EF9998B352D771E845CB42
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 013803E2 Relevance: 1.8, APIs: 1, Instructions: 254COMMON
                            Download Yara Rule
                            C-Code - Quality: 74%
                            			E013803E2(signed int __ecx, signed int __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr _v40;
				signed int _v44;
				signed int _v48;
				char _v52;
				char _v56;
				char _v64;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t56;
				signed int _t58;
				char* _t64;
				intOrPtr _t65;
				signed int _t74;
				signed int _t79;
				char* _t83;
				intOrPtr _t84;
				signed int _t93;
				signed int _t94;
				signed char* _t95;
				signed int _t99;
				signed int _t100;
				signed char* _t101;
				signed int _t105;
				signed int _t119;
				signed int _t120;
				void* _t122;
				signed int _t123;
				signed int _t127;

				_v8 =  *0x144d360 ^ _t127;
				_t119 = __ecx;
				_t105 = __edx;
				_t118 = 0;
				_v20 = __edx;
				_t120 =  *(__ecx + 0x20);
				if(E01380548(__ecx, 0) != 0) {
					_t56 = 0xc000022d;
					L23:
					return E0139B640(_t56, _t105, _v8 ^ _t127, _t118, _t119, _t120);
				} else {
					_v12 = _v12 | 0xffffffff;
					_t58 = _t120 + 0x24;
					_t109 =  *(_t120 + 0x18);
					_t118 = _t58;
					_v16 = _t58;
					E0136B02A( *(_t120 + 0x18), _t118, 0x14a5);
					_v52 = 0x18;
					_v48 = 0;
					0x840 = 0x40;
					if( *0x1447c1c != 0) {
					}
					_v40 = 0x840;
					_v44 = _t105;
					_v36 = 0;
					_v32 = 0;
					if(E01377D50() != 0) {
						_t64 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t64 = 0x7ffe0384;
					}
					if( *_t64 != 0) {
						_t65 =  *[fs:0x30];
						__eflags =  *(_t65 + 0x240) & 0x00000004;
						if(( *(_t65 + 0x240) & 0x00000004) != 0) {
							_t100 = E01377D50();
							__eflags = _t100;
							if(_t100 == 0) {
								_t101 = 0x7ffe0385;
							} else {
								_t101 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t101 & 0x00000020;
							if(( *_t101 & 0x00000020) != 0) {
								_t118 = _t118 | 0xffffffff;
								_t109 = 0x1485;
								E013D7016(0x1485, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					_t105 = 0;
					while(1) {
						_push(0x60);
						_push(5);
						_push( &_v64);
						_push( &_v52);
						_push(0x100021);
						_push( &_v12);
						_t122 = E01399830();
						if(_t122 >= 0) {
							break;
						}
						__eflags = _t122 - 0xc0000034;
						if(_t122 == 0xc0000034) {
							L38:
							_t120 = 0xc0000135;
							break;
						}
						__eflags = _t122 - 0xc000003a;
						if(_t122 == 0xc000003a) {
							goto L38;
						}
						__eflags = _t122 - 0xc0000022;
						if(_t122 != 0xc0000022) {
							break;
						}
						__eflags = _t105;
						if(__eflags != 0) {
							break;
						}
						_t109 = _t119;
						_t99 = E013D69A6(_t119, __eflags);
						__eflags = _t99;
						if(_t99 == 0) {
							break;
						}
						_t105 = _t105 + 1;
					}
					if( !_t120 >= 0) {
						L22:
						_t56 = _t120;
						goto L23;
					}
					if( *0x1447c04 != 0) {
						_t118 = _v12;
						_t120 = E013DA7AC(_t119, _t118, _t109);
						__eflags = _t120;
						if(_t120 >= 0) {
							goto L10;
						}
						__eflags =  *0x1447bd8;
						if( *0x1447bd8 != 0) {
							L20:
							if(_v12 != 0xffffffff) {
								_push(_v12);
								E013995D0();
							}
							goto L22;
						}
					}
					L10:
					_push(_v12);
					_t105 = _t119 + 0xc;
					_push(0x1000000);
					_push(0x10);
					_push(0);
					_push(0);
					_push(0xf);
					_push(_t105);
					_t120 = E013999A0();
					if(_t120 < 0) {
						__eflags = _t120 - 0xc000047e;
						if(_t120 == 0xc000047e) {
							L51:
							_t74 = E013D3540(_t120);
							_t119 = _v16;
							_t120 = _t74;
							L52:
							_t118 = 0x1485;
							E0135B1E1(_t120, 0x1485, 0, _t119);
							goto L20;
						}
						__eflags = _t120 - 0xc000047f;
						if(_t120 == 0xc000047f) {
							goto L51;
						}
						__eflags = _t120 - 0xc0000462;
						if(_t120 == 0xc0000462) {
							goto L51;
						}
						_t119 = _v16;
						__eflags = _t120 - 0xc0000017;
						if(_t120 != 0xc0000017) {
							__eflags = _t120 - 0xc000009a;
							if(_t120 != 0xc000009a) {
								__eflags = _t120 - 0xc000012d;
								if(_t120 != 0xc000012d) {
									_v28 = _t119;
									_push( &_v56);
									_push(1);
									_v24 = _t120;
									_push( &_v28);
									_push(1);
									_push(2);
									_push(0xc000007b);
									_t79 = E0139AAF0();
									__eflags = _t79;
									if(_t79 >= 0) {
										__eflags =  *0x1448474 - 3;
										if( *0x1448474 != 3) {
											 *0x14479dc =  *0x14479dc + 1;
										}
									}
								}
							}
						}
						goto L52;
					}
					if(E01377D50() != 0) {
						_t83 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t83 = 0x7ffe0384;
					}
					if( *_t83 != 0) {
						_t84 =  *[fs:0x30];
						__eflags =  *(_t84 + 0x240) & 0x00000004;
						if(( *(_t84 + 0x240) & 0x00000004) != 0) {
							_t94 = E01377D50();
							__eflags = _t94;
							if(_t94 == 0) {
								_t95 = 0x7ffe0385;
							} else {
								_t95 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t95 & 0x00000020;
							if(( *_t95 & 0x00000020) != 0) {
								E013D7016(0x1486, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					if(( *(_t119 + 0x10) & 0x00000100) == 0) {
						if( *0x1448708 != 0) {
							_t118 =  *0x7ffe0330;
							_t123 =  *0x1447b00; // 0x0
							asm("ror esi, cl");
							 *0x144b1e0(_v12, _v20, 0x20);
							_t93 =  *(_t123 ^  *0x7ffe0330)();
							_t50 = _t93 + 0x3ffffddb; // 0x3ffffddb
							asm("sbb esi, esi");
							_t120 =  ~_t50 & _t93;
						} else {
							_t120 = 0;
						}
					}
					if( !_t120 >= 0) {
						L19:
						_push( *_t105);
						E013995D0();
						 *_t105 =  *_t105 & 0x00000000;
						goto L20;
					}
					_t120 = E01367F65(_t119);
					if( *((intOrPtr*)(_t119 + 0x60)) != 0) {
						__eflags = _t120;
						if(_t120 < 0) {
							goto L19;
						}
						 *(_t119 + 0x64) = _v12;
						goto L22;
					}
					goto L19;
				}
			}








































                            0x013803f1
                            0x013803f7
                            0x013803f9
                            0x013803fb
                            0x013803fd
                            0x01380400
                            0x0138040a
                            0x013c4c7a
                            0x01380537
                            0x01380547
                            0x01380410
                            0x01380410
                            0x01380414
                            0x01380417
                            0x0138041a
                            0x01380421
                            0x01380424
                            0x0138042b
                            0x0138043b
                            0x0138043e
                            0x0138043f
                            0x0138043f
                            0x01380446
                            0x01380449
                            0x0138044c
                            0x0138044f
                            0x01380459
                            0x013c4c8d
                            0x0138045f
                            0x0138045f
                            0x0138045f
                            0x01380467
                            0x013c4c97
                            0x013c4c9d
                            0x013c4ca4
                            0x013c4caa
                            0x013c4caf
                            0x013c4cb1
                            0x013c4cc3
                            0x013c4cb3
                            0x013c4cbc
                            0x013c4cbc
                            0x013c4cc8
                            0x013c4ccb
                            0x013c4cd7
                            0x013c4cda
                            0x013c4cdf
                            0x013c4cdf
                            0x013c4ccb
                            0x013c4ca4
                            0x0138046d
                            0x0138046f
                            0x0138046f
                            0x01380471
                            0x01380476
                            0x0138047a
                            0x0138047b
                            0x01380483
                            0x01380489
                            0x0138048d
                            0x00000000
                            0x00000000
                            0x013c4ce9
                            0x013c4cef
                            0x013c4d22
                            0x013c4d22
                            0x00000000
                            0x013c4d22
                            0x013c4cf1
                            0x013c4cf7
                            0x00000000
                            0x00000000
                            0x013c4cf9
                            0x013c4cff
                            0x00000000
                            0x00000000
                            0x013c4d05
                            0x013c4d07
                            0x00000000
                            0x00000000
                            0x013c4d0d
                            0x013c4d0f
                            0x013c4d14
                            0x013c4d16
                            0x00000000
                            0x00000000
                            0x013c4d1c
                            0x013c4d1c
                            0x01380499
                            0x01380535
                            0x01380535
                            0x00000000
                            0x01380535
                            0x013804a6
                            0x013c4d2c
                            0x013c4d37
                            0x013c4d39
                            0x013c4d3b
                            0x00000000
                            0x00000000
                            0x013c4d41
                            0x013c4d48
                            0x01380527
                            0x0138052b
                            0x0138052d
                            0x01380530
                            0x01380530
                            0x00000000
                            0x0138052b
                            0x013c4d4e
                            0x013804ac
                            0x013804ac
                            0x013804af
                            0x013804b2
                            0x013804b7
                            0x013804b9
                            0x013804bb
                            0x013804bd
                            0x013804bf
                            0x013804c5
                            0x013804c9
                            0x013c4d53
                            0x013c4d59
                            0x013c4db9
                            0x013c4dba
                            0x013c4dbf
                            0x013c4dc2
                            0x013c4dc4
                            0x013c4dc7
                            0x013c4dce
                            0x00000000
                            0x013c4dce
                            0x013c4d5b
                            0x013c4d61
                            0x00000000
                            0x00000000
                            0x013c4d63
                            0x013c4d69
                            0x00000000
                            0x00000000
                            0x013c4d6b
                            0x013c4d6e
                            0x013c4d74
                            0x013c4d76
                            0x013c4d7c
                            0x013c4d7e
                            0x013c4d84
                            0x013c4d89
                            0x013c4d8c
                            0x013c4d8d
                            0x013c4d92
                            0x013c4d95
                            0x013c4d96
                            0x013c4d98
                            0x013c4d9a
                            0x013c4d9f
                            0x013c4da4
                            0x013c4da6
                            0x013c4da8
                            0x013c4daf
                            0x013c4db1
                            0x013c4db1
                            0x013c4daf
                            0x013c4da6
                            0x013c4d84
                            0x013c4d7c
                            0x00000000
                            0x013c4d74
                            0x013804d6
                            0x013c4de1
                            0x013804dc
                            0x013804dc
                            0x013804dc
                            0x013804e4
                            0x013c4deb
                            0x013c4df1
                            0x013c4df8
                            0x013c4dfe
                            0x013c4e03
                            0x013c4e05
                            0x013c4e17
                            0x013c4e07
                            0x013c4e10
                            0x013c4e10
                            0x013c4e1c
                            0x013c4e1f
                            0x013c4e35
                            0x013c4e35
                            0x013c4e1f
                            0x013c4df8
                            0x013804f1
                            0x013804fa
                            0x013c4e3f
                            0x013c4e47
                            0x013c4e5b
                            0x013c4e61
                            0x013c4e67
                            0x013c4e69
                            0x013c4e71
                            0x013c4e73
                            0x01380500
                            0x01380500
                            0x01380500
                            0x013804fa
                            0x01380508
                            0x0138051d
                            0x0138051d
                            0x0138051f
                            0x01380524
                            0x00000000
                            0x01380524
                            0x01380515
                            0x01380517
                            0x013c4e7a
                            0x013c4e7c
                            0x00000000
                            0x00000000
                            0x013c4e85
                            0x00000000
                            0x013c4e85
                            0x00000000
                            0x01380517

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: bdf4e8f4f4ca872c49639b8f7d7f0d6b07c0baf98e330c3f20dc4cc7d931edc0
                            • Instruction ID: 3aeed3ad8151e4d6d0910988ee4be04ec81fe29533ef31cf93195687129e7722
                            • Opcode Fuzzy Hash: bdf4e8f4f4ca872c49639b8f7d7f0d6b07c0baf98e330c3f20dc4cc7d931edc0
                            • Instruction Fuzzy Hash: 45913B31E04359EFEF35AB6CC858BAD7BA4AB01B2CF050265F910A72E1D7749D04CB91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0137B944 Relevance: 1.7, APIs: 1, Instructions: 166COMMON
                            Download Yara Rule
                            C-Code - Quality: 76%
                            			E0137B944(signed int* __ecx, char __edx) {
				signed int _v8;
				signed int _v16;
				signed int _v20;
				char _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				intOrPtr _v44;
				signed int* _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				char _v77;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t65;
				intOrPtr _t67;
				intOrPtr _t68;
				char* _t73;
				intOrPtr _t77;
				intOrPtr _t78;
				signed int _t82;
				intOrPtr _t83;
				void* _t87;
				char _t88;
				intOrPtr* _t89;
				intOrPtr _t91;
				void* _t97;
				intOrPtr _t100;
				void* _t102;
				void* _t107;
				signed int _t108;
				intOrPtr* _t112;
				void* _t113;
				intOrPtr* _t114;
				intOrPtr _t115;
				intOrPtr _t116;
				intOrPtr _t117;
				signed int _t118;
				void* _t130;

				_t120 = (_t118 & 0xfffffff8) - 0x4c;
				_v8 =  *0x144d360 ^ (_t118 & 0xfffffff8) - 0x0000004c;
				_t112 = __ecx;
				_v77 = __edx;
				_v48 = __ecx;
				_v28 = 0;
				_t5 = _t112 + 0xc; // 0x575651ff
				_t105 =  *_t5;
				_v20 = 0;
				_v16 = 0;
				if(_t105 == 0) {
					_t50 = _t112 + 4; // 0x5de58b5b
					_t60 =  *__ecx |  *_t50;
					if(( *__ecx |  *_t50) != 0) {
						 *__ecx = 0;
						__ecx[1] = 0;
						if(E01377D50() != 0) {
							_t65 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t65 = 0x7ffe0386;
						}
						if( *_t65 != 0) {
							E01428CD6(_t112);
						}
						_push(0);
						_t52 = _t112 + 0x10; // 0x778df98b
						_push( *_t52);
						_t60 = E01399E20();
					}
					L20:
					_pop(_t107);
					_pop(_t113);
					_pop(_t87);
					return E0139B640(_t60, _t87, _v8 ^ _t120, _t105, _t107, _t113);
				}
				_t8 = _t112 + 8; // 0x8b000cc2
				_t67 =  *_t8;
				_t88 =  *((intOrPtr*)(_t67 + 0x10));
				_t97 =  *((intOrPtr*)(_t105 + 0x10)) - _t88;
				_t108 =  *(_t67 + 0x14);
				_t68 =  *((intOrPtr*)(_t105 + 0x14));
				_t105 = 0x2710;
				asm("sbb eax, edi");
				_v44 = _t88;
				_v52 = _t108;
				_t60 = E0139CE00(_t97, _t68, 0x2710, 0);
				_v56 = _t60;
				if( *_t112 != _t88 ||  *(_t112 + 4) != _t108) {
					L3:
					 *(_t112 + 0x44) = _t60;
					_t105 = _t60 * 0x2710 >> 0x20;
					 *_t112 = _t88;
					 *(_t112 + 4) = _t108;
					_v20 = _t60 * 0x2710;
					_v16 = _t60 * 0x2710 >> 0x20;
					if(_v77 != 0) {
						L16:
						_v36 = _t88;
						_v32 = _t108;
						if(E01377D50() != 0) {
							_t73 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t73 = 0x7ffe0386;
						}
						if( *_t73 != 0) {
							_t105 = _v40;
							E01428F6A(_t112, _v40, _t88, _t108);
						}
						_push( &_v28);
						_push(0);
						_push( &_v36);
						_t48 = _t112 + 0x10; // 0x778df98b
						_push( *_t48);
						_t60 = E0139AF60();
						goto L20;
					} else {
						_t89 = 0x7ffe03b0;
						do {
							_t114 = 0x7ffe0010;
							do {
								_t77 =  *0x1448628; // 0x0
								_v68 = _t77;
								_t78 =  *0x144862c; // 0x0
								_v64 = _t78;
								_v72 =  *_t89;
								_v76 =  *((intOrPtr*)(_t89 + 4));
								while(1) {
									_t105 =  *0x7ffe000c;
									_t100 =  *0x7ffe0008;
									if(_t105 ==  *_t114) {
										goto L8;
									}
									asm("pause");
								}
								L8:
								_t89 = 0x7ffe03b0;
								_t115 =  *0x7ffe03b0;
								_t82 =  *0x7FFE03B4;
								_v60 = _t115;
								_t114 = 0x7ffe0010;
								_v56 = _t82;
							} while (_v72 != _t115 || _v76 != _t82);
							_t83 =  *0x1448628; // 0x0
							_t116 =  *0x144862c; // 0x0
							_v76 = _t116;
							_t117 = _v68;
						} while (_t117 != _t83 || _v64 != _v76);
						asm("sbb edx, [esp+0x24]");
						_t102 = _t100 - _v60 - _t117;
						_t112 = _v48;
						_t91 = _v44;
						asm("sbb edx, eax");
						_t130 = _t105 - _v52;
						if(_t130 < 0 || _t130 <= 0 && _t102 <= _t91) {
							_t88 = _t102 - _t91;
							asm("sbb edx, edi");
							_t108 = _t105;
						} else {
							_t88 = 0;
							_t108 = 0;
						}
						goto L16;
					}
				} else {
					if( *(_t112 + 0x44) == _t60) {
						goto L20;
					}
					goto L3;
				}
			}
















































                            0x0137b94c
                            0x0137b956
                            0x0137b95c
                            0x0137b95e
                            0x0137b964
                            0x0137b969
                            0x0137b96d
                            0x0137b96d
                            0x0137b970
                            0x0137b974
                            0x0137b97a
                            0x0137badf
                            0x0137badf
                            0x0137bae2
                            0x0137bae4
                            0x0137bae6
                            0x0137baf0
                            0x013c2cb8
                            0x0137baf6
                            0x0137baf6
                            0x0137baf6
                            0x0137bafd
                            0x0137bb1f
                            0x0137bb1f
                            0x0137baff
                            0x0137bb00
                            0x0137bb00
                            0x0137bb03
                            0x0137bb03
                            0x0137bacb
                            0x0137bacf
                            0x0137bad0
                            0x0137bad1
                            0x0137badc
                            0x0137badc
                            0x0137b980
                            0x0137b980
                            0x0137b988
                            0x0137b98b
                            0x0137b98d
                            0x0137b990
                            0x0137b993
                            0x0137b999
                            0x0137b99b
                            0x0137b9a1
                            0x0137b9a5
                            0x0137b9aa
                            0x0137b9b0
                            0x0137b9bb
                            0x0137b9c0
                            0x0137b9c3
                            0x0137b9ca
                            0x0137b9cc
                            0x0137b9cf
                            0x0137b9d3
                            0x0137b9d7
                            0x0137ba94
                            0x0137ba94
                            0x0137ba98
                            0x0137baa3
                            0x013c2ccb
                            0x0137baa9
                            0x0137baa9
                            0x0137baa9
                            0x0137bab1
                            0x013c2cd5
                            0x013c2cdd
                            0x013c2cdd
                            0x0137babb
                            0x0137babc
                            0x0137bac2
                            0x0137bac3
                            0x0137bac3
                            0x0137bac6
                            0x00000000
                            0x0137b9dd
                            0x0137b9dd
                            0x0137b9e7
                            0x0137b9e7
                            0x0137b9ec
                            0x0137b9ec
                            0x0137b9f1
                            0x0137b9f5
                            0x0137b9fa
                            0x0137ba00
                            0x0137ba0c
                            0x0137ba10
                            0x0137ba10
                            0x0137ba12
                            0x0137ba18
                            0x00000000
                            0x00000000
                            0x0137bb26
                            0x0137bb26
                            0x0137ba1e
                            0x0137ba1e
                            0x0137ba23
                            0x0137ba25
                            0x0137ba2c
                            0x0137ba30
                            0x0137ba35
                            0x0137ba35
                            0x0137ba41
                            0x0137ba46
                            0x0137ba4c
                            0x0137ba50
                            0x0137ba54
                            0x0137ba6a
                            0x0137ba6e
                            0x0137ba70
                            0x0137ba74
                            0x0137ba78
                            0x0137ba7a
                            0x0137ba7c
                            0x0137ba8e
                            0x0137ba90
                            0x0137ba92
                            0x0137bb14
                            0x0137bb14
                            0x0137bb16
                            0x0137bb16
                            0x00000000
                            0x0137ba7c
                            0x0137bb0a
                            0x0137bb0d
                            0x00000000
                            0x00000000
                            0x00000000
                            0x0137bb0f

                            APIs
                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0137B9A5
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                            • String ID:
                            • API String ID: 885266447-0
                            • Opcode ID: 989d34fff9d53e984fbacabc8d6a0696bd67ebbabe1b0820ed292a2bef4d01ae
                            • Instruction ID: 9f251cc511b370cc106d59dcfa7b668b3598a0d3bc5dbaf319af2130618cb319
                            • Opcode Fuzzy Hash: 989d34fff9d53e984fbacabc8d6a0696bd67ebbabe1b0820ed292a2bef4d01ae
                            • Instruction Fuzzy Hash: B0513871A08345CFD720EF6DC48092AFBF9BB88618F14896EE99587359D734E844CB92
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 013899BC Relevance: 1.6, APIs: 1, Instructions: 117timeCOMMON
                            Download Yara Rule
                            C-Code - Quality: 56%
                            			E013899BC(void* __ebx, intOrPtr __ecx, signed int __edi, void* __esi, void* __eflags, signed int _a12) {
				signed int _v4;
				intOrPtr _v128;
				intOrPtr* _v132;
				char _v180;
				intOrPtr _v184;
				signed int _t40;
				void* _t65;
				intOrPtr _t69;
				signed int _t70;
				signed int _t71;
				signed int _t72;
				signed int _t76;
				intOrPtr _t77;
				intOrPtr* _t78;
				void* _t79;
				signed int _t80;
				signed int _t82;
				signed int _t84;
				intOrPtr* _t85;
				intOrPtr _t88;
				signed int _t89;
				void* _t103;

				_t65 = __ebx;
				_push(0xa8);
				_push(0x1430198);
				E013AD0E8(__ebx, __edi, __esi);
				_t88 = __ecx;
				_v184 = __ecx;
				if( *((intOrPtr*)(__ecx + 8)) != 0) {
					E0135716E(__ebx, __ecx, __edi, __ecx, __eflags);
					_t69 =  *((intOrPtr*)(__ecx + 8));
					_t82 = __edi | 0xffffffff;
					__eflags = _t82;
					asm("lock xadd [ecx], eax");
					if(_t82 == 0) {
						L013777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)),  *0x14484c4, _t69);
					}
				} else {
					_t82 = __edi | 0xffffffff;
				}
				if( *((intOrPtr*)(_t88 + 0x38)) != _t82) {
					_push( *((intOrPtr*)(_t88 + 0x38)));
					L20();
				}
				_t38 =  *((intOrPtr*)(_t88 + 0x5c));
				if( *((intOrPtr*)(_t88 + 0x5c)) == 0) {
					E01372280(_t38, 0x144a74c);
					_v4 = 1;
					_t40 = _t88 + 0x60;
					_t79 =  *_t40;
					_t70 =  *(_t40 + 4);
					__eflags =  *(_t79 + 4) - _t40;
					if( *(_t79 + 4) != _t40) {
						goto L19;
					} else {
						__eflags =  *_t70 - _t40;
						if( *_t70 != _t40) {
							goto L19;
						} else {
							 *_t70 = _t79;
							 *(_t79 + 4) = _t70;
							 *(_t40 + 4) = _t40;
							 *_t40 = _t40;
							_v4 = 0xfffffffe;
							E013C97DE();
							goto L10;
						}
					}
				} else {
					E01372280(_t38 + 0x2c, _t38 + 0x2c);
					_v4 = _v4 & 0x00000000;
					_t40 = _t88 + 0x60;
					_t79 =  *_t40;
					_t76 =  *(_t40 + 4);
					if( *(_t79 + 4) != _t40 ||  *_t76 != _t40) {
						L19:
						_t71 = 3;
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(_t65);
						_push(_t88);
						_t89 = _a12;
						_push(_t82);
						__eflags = _t89;
						if(_t89 != 0) {
							_t40 = _t89 - 0x00000001 | 0x00000007;
							__eflags = _t40 - 0xffffffff;
							if(_t40 != 0xffffffff) {
								__eflags =  *_t89;
								if( *_t89 > 0) {
									__eflags =  *_t89 - 0x7fffffff;
									if( *_t89 != 0x7fffffff) {
										while(1) {
											_t80 =  *_t89;
											__eflags = _t80 - 0x7fffffff;
											if(_t80 == 0x7fffffff) {
												break;
											}
											_t84 = _t80 - 1;
											_t40 = _t80;
											_t71 = _t84;
											asm("lock cmpxchg [esi], ecx");
											__eflags = _t40 - _t80;
											if(_t40 != _t80) {
												continue;
											}
											L26:
											__eflags =  *0x144871c;
											if( *0x144871c != 0) {
												asm("lock xadd [esi+0xe8], eax");
												_t40 = E01388690(_t71, 1, 4, 0xbadc99 + _t89, 0);
											}
											__eflags = _t84;
											if(_t84 == 0) {
												__eflags =  *0x144871d;
												_t72 = _t89;
												if(__eflags != 0) {
													_t40 = E013E4257(0x7fffffff, _t72, _t84, _t89, __eflags);
												} else {
													_t40 = L01357055(_t72);
												}
											}
											goto L28;
										}
										_t84 = 0x7fffffff;
										goto L26;
									}
								}
							}
						}
						L28:
						return _t40;
					} else {
						 *_t76 = _t79;
						 *(_t79 + 4) = _t76;
						 *(_t40 + 4) = _t40;
						 *_t40 = _t40;
						_v4 = 0xfffffffe;
						E01389AF3(_t88);
						_t77 =  *((intOrPtr*)(_t88 + 0x5c));
						_t103 = _t77 -  *0x14486c0; // 0xe207b0
						if(_t103 != 0) {
							__eflags = _t77 -  *0x14486b8; // 0x0
							if(__eflags == 0) {
								_t79 = 0x14486bc;
								_t78 = 0x14486b8;
								goto L9;
							} else {
								asm("lock xadd [ecx], edi");
								_t86 = _t82 - 1;
								__eflags = _t82 - 1;
								if(__eflags == 0) {
									E01359240(_t65, _t77, _t86, _t88, __eflags);
								}
							}
						} else {
							_t79 = 0x14486c4;
							_t78 = 0x14486c0;
							L9:
							E01389B82(_t65, _t78, _t79, _t82, _t88, _t103);
						}
						L10:
						_t85 =  *((intOrPtr*)(_t88 + 0x10));
						if(_t85 != 0) {
							E0139FA60( &_v180, 0, 0x98);
							_v132 = _t85;
							_t88 =  *((intOrPtr*)(_t88 + 0x34));
							_v128 = _t88;
							E0137DB6D( &_v180);
							 *0x144b1e0( &_v180, _t88);
							 *_t85();
							E0137CFEB( &_v180, _t79);
						}
						return E013AD130(_t65, _t85, _t88);
					}
				}
			}

























                            0x013899bc
                            0x013899bc
                            0x013899c1
                            0x013899c6
                            0x013899cb
                            0x013899cd
                            0x013899d7
                            0x01389aab
                            0x01389ab0
                            0x01389ab3
                            0x01389ab3
                            0x01389ab8
                            0x01389abc
                            0x013c977b
                            0x013c977b
                            0x013899dd
                            0x013899dd
                            0x013899dd
                            0x013899e3
                            0x013899e5
                            0x013899e8
                            0x013899e8
                            0x013899ed
                            0x013899f2
                            0x013c9798
                            0x013c979d
                            0x013c97a4
                            0x013c97a7
                            0x013c97a9
                            0x013c97ac
                            0x013c97af
                            0x00000000
                            0x013c97b5
                            0x013c97b5
                            0x013c97b7
                            0x00000000
                            0x013c97bd
                            0x013c97bd
                            0x013c97bf
                            0x013c97c2
                            0x013c97c5
                            0x013c97c7
                            0x013c97ce
                            0x00000000
                            0x013c97ce
                            0x013c97b7
                            0x013899f8
                            0x013899fc
                            0x01389a01
                            0x01389a05
                            0x01389a08
                            0x01389a0a
                            0x01389a10
                            0x01389b00
                            0x01389b02
                            0x01389b03
                            0x01389b05
                            0x01389b06
                            0x01389b07
                            0x01389b08
                            0x01389b09
                            0x01389b0a
                            0x01389b0b
                            0x01389b0c
                            0x01389b0d
                            0x01389b0e
                            0x01389b0f
                            0x01389b15
                            0x01389b16
                            0x01389b17
                            0x01389b1a
                            0x01389b1b
                            0x01389b1d
                            0x01389b22
                            0x01389b25
                            0x01389b28
                            0x01389b2a
                            0x01389b2d
                            0x01389b34
                            0x01389b36
                            0x01389b38
                            0x01389b38
                            0x01389b3a
                            0x01389b3c
                            0x00000000
                            0x00000000
                            0x01389b3e
                            0x01389b41
                            0x01389b43
                            0x01389b45
                            0x01389b49
                            0x01389b4b
                            0x00000000
                            0x00000000
                            0x01389b4d
                            0x01389b4d
                            0x01389b54
                            0x013c97ec
                            0x013c9809
                            0x013c9809
                            0x01389b5a
                            0x01389b5c
                            0x01389b65
                            0x01389b6c
                            0x01389b6e
                            0x01389b7b
                            0x01389b70
                            0x01389b70
                            0x01389b70
                            0x01389b6e
                            0x00000000
                            0x01389b5c
                            0x01389b77
                            0x00000000
                            0x01389b77
                            0x01389b36
                            0x01389b2d
                            0x01389b28
                            0x01389b5e
                            0x01389b62
                            0x01389a1e
                            0x01389a1e
                            0x01389a20
                            0x01389a23
                            0x01389a26
                            0x01389a28
                            0x01389a2f
                            0x01389a34
                            0x01389a37
                            0x01389a3d
                            0x01389ac7
                            0x01389acd
                            0x01389ae4
                            0x01389ae9
                            0x00000000
                            0x01389acf
                            0x01389acf
                            0x01389ad3
                            0x01389ad3
                            0x01389ad4
                            0x01389ada
                            0x01389ada
                            0x01389ad4
                            0x01389a43
                            0x01389a43
                            0x01389a48
                            0x01389a4d
                            0x01389a4d
                            0x01389a4d
                            0x01389a52
                            0x01389a52
                            0x01389a57
                            0x01389a6d
                            0x01389a75
                            0x01389a7b
                            0x01389a7e
                            0x01389a87
                            0x01389a96
                            0x01389a9c
                            0x01389aa4
                            0x01389aa4
                            0x01389a5e
                            0x01389a5e
                            0x01389a10

                            APIs
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID: DebugPrintTimes
                            • String ID:
                            • API String ID: 3446177414-0
                            • Opcode ID: b4dd12836337806eb6f4f213385c643c65769bf8bfb7166181677c5e229a0aac
                            • Instruction ID: fb55a83210897110753e3a7a8f9f81911380f5e2ed8e73fdcfc1903d64de8d5d
                            • Opcode Fuzzy Hash: b4dd12836337806eb6f4f213385c643c65769bf8bfb7166181677c5e229a0aac
                            • Instruction Fuzzy Hash: D541BD70501706CFDB62FF68C940B69B7B5FF9431CF1582AAC40A8BAA1DB34AA41CB41
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0135B080 Relevance: 1.6, APIs: 1, Instructions: 97timeCOMMON
                            Download Yara Rule
                            C-Code - Quality: 33%
                            			E0135B080(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				char _v16;
				intOrPtr _v28;
				intOrPtr* _v32;
				char _v36;
				intOrPtr _v40;
				void* __ebp;
				intOrPtr* _t32;
				void* _t34;
				signed int _t36;
				intOrPtr _t38;
				intOrPtr _t47;
				intOrPtr _t50;
				void* _t51;
				intOrPtr* _t56;
				intOrPtr _t57;
				void* _t59;
				void* _t64;
				intOrPtr* _t66;
				void* _t67;
				intOrPtr* _t70;
				void* _t71;
				signed int _t76;
				signed int _t78;

				_t62 = __edx;
				_t78 = (_t76 & 0xfffffff8) - 0x1c;
				_v8 =  *0x144d360 ^ _t78;
				_push(__ebx);
				_t50 = _a8;
				_push(__esi);
				_push(__edi);
				E01372280(_t50 + 0x14, _t50 + 0x14);
				_t70 = _t50 + 0x18;
				_t32 =  *_t70;
				_v32 = _t32;
				if(_t32 == _t70) {
					_t66 = 0;
					goto L4;
				} else {
					_t66 = _t32;
					if( *((intOrPtr*)(_t66 + 4)) != _t70) {
						L10:
						_t59 = 3;
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(_t59);
						_push(1);
						_push( &_v36);
						_push(_v40);
						_push(3);
						_t64 = 0x65;
						return E0135B171(_t50, 0x13348a4, _t64, _t66, _t70, __eflags);
					} else {
						_t47 =  *_t66;
						if( *((intOrPtr*)(_t47 + 4)) != _t66) {
							goto L10;
						} else {
							 *_t70 = _t47;
							 *((intOrPtr*)(_t47 + 4)) = _t70;
							_v28 =  *_t70;
							L4:
							_t34 = E0136FFB0(_t50, _t66, _t50 + 0x14);
							if(_v32 != _t70) {
								_t62 =  *((intOrPtr*)(_a4 + 0x48));
								_t34 = E01389702(_t50, _t50,  *((intOrPtr*)(_a4 + 0x48)), 1, 0);
							}
							if(_t66 != 0) {
								_t12 = _t66 - 0x10; // -16
								_t36 = _t12;
								asm("movsd");
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t56 =  *((intOrPtr*)(_t36 + 0x18));
								asm("lock xadd [ecx+0x4], eax");
								if((_t36 | 0xffffffff) == 0) {
									_t38 =  *0x14484c4; // 0x0
									L013777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0x300000,  *_t56);
								}
								_t57 = _a4;
								 *((intOrPtr*)(_t57 + 0x30)) =  *((intOrPtr*)(_t50 + 0x20));
								 *((intOrPtr*)(_t57 + 0x34)) = _t50;
								 *0x144b1e0(_t57, _t50,  *((intOrPtr*)(_t78 + 0x1c)),  &_v16);
								_t34 =  *((intOrPtr*)( *((intOrPtr*)(_t50 + 0x20))))();
							}
							_pop(_t67);
							_pop(_t71);
							_pop(_t51);
							return E0139B640(_t34, _t51, _v8 ^ _t78, _t62, _t67, _t71);
						}
					}
				}
			}



























                            0x0135b080
                            0x0135b088
                            0x0135b092
                            0x0135b096
                            0x0135b097
                            0x0135b09a
                            0x0135b09b
                            0x0135b0a0
                            0x0135b0a5
                            0x0135b0a8
                            0x0135b0aa
                            0x0135b0b0
                            0x0135b140
                            0x00000000
                            0x0135b0b6
                            0x0135b0b6
                            0x0135b0bb
                            0x0135b144
                            0x0135b146
                            0x0135b147
                            0x0135b149
                            0x0135b14a
                            0x0135b14b
                            0x0135b14c
                            0x0135b14d
                            0x0135b14e
                            0x0135b14f
                            0x0135b155
                            0x0135b156
                            0x0135b160
                            0x0135b161
                            0x0135b164
                            0x0135b168
                            0x0135b170
                            0x0135b0c1
                            0x0135b0c1
                            0x0135b0c6
                            0x00000000
                            0x0135b0c8
                            0x0135b0c8
                            0x0135b0ca
                            0x0135b0cf
                            0x0135b0d3
                            0x0135b0d7
                            0x0135b0e0
                            0x013b47cc
                            0x013b47cf
                            0x013b47cf
                            0x0135b0e8
                            0x0135b0ea
                            0x0135b0ea
                            0x0135b0f3
                            0x0135b0f4
                            0x0135b0f5
                            0x0135b0f6
                            0x0135b0f7
                            0x0135b0fd
                            0x0135b102
                            0x013b47db
                            0x013b47ef
                            0x013b47ef
                            0x0135b108
                            0x0135b10e
                            0x0135b11a
                            0x0135b124
                            0x0135b12a
                            0x0135b12a
                            0x0135b130
                            0x0135b131
                            0x0135b132
                            0x0135b13d
                            0x0135b13d
                            0x0135b0c6
                            0x0135b0bb

                            APIs
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID: DebugPrintTimes
                            • String ID:
                            • API String ID: 3446177414-0
                            • Opcode ID: 51704775cd3f80e57c559382ef7d860a14004a17655a58d37808d17380cb79a9
                            • Instruction ID: 2e0634c5db1e07512e3dd12a44d9621fce5fa9824b5ea06116ed7538ce59466e
                            • Opcode Fuzzy Hash: 51704775cd3f80e57c559382ef7d860a14004a17655a58d37808d17380cb79a9
                            • Instruction Fuzzy Hash: FF31DF72600204DFC761DF28C880E66BBEAFF88714F21466AFD558B245DB31EA01CBD1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 01356730 Relevance: 1.6, APIs: 1, Instructions: 92timeCOMMON
                            Download Yara Rule
                            C-Code - Quality: 73%
                            			E01356730(intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				void* _v24;
				void* _v40;
				void* _v60;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t32;
				char* _t35;
				char* _t42;
				char* _t51;
				void* _t52;
				signed int _t67;
				void* _t68;
				void* _t71;
				signed int _t73;

				_t75 = (_t73 & 0xfffffff8) - 0xc;
				_v8 =  *0x144d360 ^ (_t73 & 0xfffffff8) - 0x0000000c;
				_t70 = _a8;
				_t67 = _a8 - 0x78;
				_t32 = E01377D50();
				_t51 = 0x7ffe0386;
				if(_t32 != 0) {
					_t35 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				} else {
					_t35 = 0x7ffe0386;
				}
				if( *_t35 != 0) {
					E014289E7( *((intOrPtr*)(_t67 + 0x5c)), _t70,  *((intOrPtr*)(_t67 + 0x30)),  *((intOrPtr*)(_t67 + 0x34)),  *((intOrPtr*)(_t67 + 0x3c)));
				}
				_t64 = _t67;
				if(E013895EC(_a4, _t67, 1) != 0) {
					if(E01377D50() != 0) {
						_t42 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					} else {
						_t42 = _t51;
					}
					if( *_t42 != 0) {
						E01429CB3( *((intOrPtr*)(_t67 + 0x5c)), _t70,  *((intOrPtr*)(_t67 + 0x30)),  *((intOrPtr*)(_t67 + 0x34)),  *((intOrPtr*)(_t67 + 0x3c)));
					}
					_t64 =  *((intOrPtr*)(_t67 + 0x30));
					E0137C677(_t75 + 0x14,  *((intOrPtr*)(_t67 + 0x30)),  *((intOrPtr*)(_t67 + 0x34)),  *((intOrPtr*)(_t67 + 0x3c)));
					 *0x144b1e0(_a4,  *((intOrPtr*)(_t67 + 0x34)));
					 *((intOrPtr*)( *((intOrPtr*)(_t67 + 0x30))))();
					if(E01377D50() != 0) {
						_t51 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					}
					if( *_t51 != 0) {
						_t64 = _a8;
						E01428ADD( *((intOrPtr*)(_t67 + 0x5c)), _a8,  *((intOrPtr*)(_t67 + 0x30)),  *((intOrPtr*)(_t67 + 0x34)),  *((intOrPtr*)(_t67 + 0x3c)));
					}
					_t37 = E0137C5F8( *((intOrPtr*)(_t75 + 0x10)));
				}
				_pop(_t68);
				_pop(_t71);
				_pop(_t52);
				return E0139B640(_t37, _t52, _v8 ^ _t75, _t64, _t68, _t71);
			}



















                            0x01356738
                            0x01356742
                            0x01356748
                            0x0135674c
                            0x0135674f
                            0x01356754
                            0x0135675b
                            0x013b1aac
                            0x01356761
                            0x01356761
                            0x01356761
                            0x01356766
                            0x013b1ac4
                            0x013b1ac4
                            0x0135676f
                            0x0135677a
                            0x01356783
                            0x013b1ad7
                            0x01356789
                            0x01356789
                            0x01356789
                            0x0135678e
                            0x013b1aef
                            0x013b1aef
                            0x01356797
                            0x013567a1
                            0x013567b1
                            0x013567b7
                            0x013567c0
                            0x013b1b02
                            0x013b1b02
                            0x013567c9
                            0x013b1b10
                            0x013b1b1c
                            0x013b1b1c
                            0x013567d3
                            0x013567d3
                            0x013567dc
                            0x013567dd
                            0x013567de
                            0x013567e9

                            APIs
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID: DebugPrintTimes
                            • String ID:
                            • API String ID: 3446177414-0
                            • Opcode ID: 26b7dcdec2d4b95d1a9d07689b95191b4e59e0f15d8d5a2b2c297c7e93c8cd12
                            • Instruction ID: 48fc35ca6a53e5346a788022d0224b92f2945ab200eb05702782c59f36e3c102
                            • Opcode Fuzzy Hash: 26b7dcdec2d4b95d1a9d07689b95191b4e59e0f15d8d5a2b2c297c7e93c8cd12
                            • Instruction Fuzzy Hash: 5431C435610906EFDB62AF28DE94EAABBA5FF44758F405015ED0147E61EB35F830CB81
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 01382581 Relevance: 1.6, Strings: 1, Instructions: 329COMMONCrypto
                            Download Yara Rule
                            C-Code - Quality: 83%
                            			E01382581(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, signed int _a4, char _a8, signed int _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24, char _a1546912052) {
				signed int _v8;
				signed int _v16;
				unsigned int _v24;
				void* _v28;
				signed int _v32;
				unsigned int _v36;
				void* _v37;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _t234;
				signed int _t238;
				intOrPtr* _t239;
				intOrPtr* _t240;
				signed int _t243;
				signed int _t245;
				intOrPtr _t247;
				signed int _t250;
				signed int _t257;
				signed int _t260;
				signed int _t268;
				signed int _t274;
				signed int _t276;
				void* _t278;
				signed int _t279;
				unsigned int _t282;
				signed int _t286;
				intOrPtr* _t287;
				signed int _t288;
				signed int _t292;
				intOrPtr _t304;
				signed int _t313;
				signed int _t315;
				signed int _t316;
				signed int _t320;
				signed int _t321;
				void* _t323;
				signed int _t324;
				signed int _t326;
				signed int _t329;
				intOrPtr* _t330;
				intOrPtr* _t332;
				void* _t333;

				_t326 = _t329;
				_t330 = _t329 - 0x4c;
				_v8 =  *0x144d360 ^ _t326;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t320 = 0x144b2e8;
				_v56 = _a4;
				_v48 = __edx;
				_v60 = __ecx;
				_t282 = 0;
				_v80 = 0;
				asm("movsd");
				_v64 = 0;
				_v76 = 0;
				_v72 = 0;
				asm("movsd");
				_v44 = 0;
				_v52 = 0;
				_v68 = 0;
				asm("movsd");
				_v32 = 0;
				_v36 = 0;
				asm("movsd");
				_v16 = 0;
				_t333 = (_v24 >> 0x0000001c & 0x00000003) - 1;
				_t274 = 0x48;
				_t302 = 0 | _t333 == 0x00000000;
				_t313 = 0;
				_v37 = _t333 == 0;
				if(_v48 <= 0) {
					L16:
					_t45 = _t274 - 0x48; // 0x0
					__eflags = _t45 - 0xfffe;
					if(_t45 > 0xfffe) {
						_t321 = 0xc0000106;
						goto L32;
					} else {
						_t320 = E01374620(_t282,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t274);
						_v52 = _t320;
						__eflags = _t320;
						if(_t320 == 0) {
							_t321 = 0xc0000017;
							goto L32;
						} else {
							 *(_t320 + 0x44) =  *(_t320 + 0x44) & 0x00000000;
							_t50 = _t320 + 0x48; // 0x48
							_t315 = _t50;
							_t302 = _v32;
							 *(_t320 + 0x3c) = _t274;
							_t276 = 0;
							 *((short*)(_t320 + 0x30)) = _v48;
							__eflags = _t302;
							if(_t302 != 0) {
								 *(_t320 + 0x18) = _t315;
								__eflags = _t302 - 0x1448478;
								 *_t320 = ((0 | _t302 == 0x01448478) - 0x00000001 & 0xfffffffb) + 7;
								E0139F3E0(_t315,  *((intOrPtr*)(_t302 + 4)),  *_t302 & 0x0000ffff);
								_t302 = _v32;
								_t330 = _t330 + 0xc;
								_t276 = 1;
								__eflags = _a8;
								_t315 = _t315 + (( *_t302 & 0x0000ffff) >> 1) * 2;
								if(_a8 != 0) {
									_t268 = E013E39F2(_t315);
									_t302 = _v32;
									_t315 = _t268;
								}
							}
							_t286 = 0;
							_v16 = 0;
							__eflags = _v48;
							if(_v48 <= 0) {
								L31:
								_t321 = _v68;
								__eflags = 0;
								 *((short*)(_t315 - 2)) = 0;
								goto L32;
							} else {
								_t274 = _t320 + _t276 * 4;
								_v56 = _t274;
								do {
									__eflags = _t302;
									if(_t302 != 0) {
										_t234 =  *(_v60 + _t286 * 4);
										__eflags = _t234;
										if(_t234 == 0) {
											goto L30;
										} else {
											__eflags = _t234 == 5;
											if(_t234 == 5) {
												goto L30;
											} else {
												goto L22;
											}
										}
									} else {
										L22:
										 *_t274 =  *(_v60 + _t286 * 4);
										 *(_t274 + 0x18) = _t315;
										_t238 =  *(_v60 + _t286 * 4);
										__eflags = _t238 - 8;
										if(_t238 > 8) {
											goto L56;
										} else {
											switch( *((intOrPtr*)(_t238 * 4 +  &M01382959))) {
												case 0:
													__ax =  *0x1448488;
													__eflags = __ax;
													if(__ax == 0) {
														goto L29;
													} else {
														__ax & 0x0000ffff = E0139F3E0(__edi,  *0x144848c, __ax & 0x0000ffff);
														__eax =  *0x1448488 & 0x0000ffff;
														goto L26;
													}
													goto L108;
												case 1:
													L45:
													E0139F3E0(_t315, _v80, _v64);
													_t263 = _v64;
													goto L26;
												case 2:
													 *0x1448480 & 0x0000ffff = E0139F3E0(__edi,  *0x1448484,  *0x1448480 & 0x0000ffff);
													__eax =  *0x1448480 & 0x0000ffff;
													__eax = ( *0x1448480 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													goto L28;
												case 3:
													__eax = _v44;
													__eflags = __eax;
													if(__eax == 0) {
														goto L29;
													} else {
														__esi = __eax + __eax;
														__eax = E0139F3E0(__edi, _v72, __esi);
														__edi = __edi + __esi;
														__esi = _v52;
														goto L27;
													}
													goto L108;
												case 4:
													_push(0x2e);
													_pop(__eax);
													 *(__esi + 0x44) = __edi;
													 *__edi = __ax;
													__edi = __edi + 4;
													_push(0x3b);
													_pop(__eax);
													 *(__edi - 2) = __ax;
													goto L29;
												case 5:
													__eflags = _v36;
													if(_v36 == 0) {
														goto L45;
													} else {
														E0139F3E0(_t315, _v76, _v36);
														_t263 = _v36;
													}
													L26:
													_t330 = _t330 + 0xc;
													_t315 = _t315 + (_t263 >> 1) * 2 + 2;
													__eflags = _t315;
													L27:
													_push(0x3b);
													_pop(_t265);
													 *((short*)(_t315 - 2)) = _t265;
													goto L28;
												case 6:
													__ebx =  *0x144575c;
													__eflags = __ebx - 0x144575c;
													if(__ebx != 0x144575c) {
														_push(0x3b);
														_pop(__esi);
														do {
															 *(__ebx + 8) & 0x0000ffff = __ebx + 0xa;
															E0139F3E0(__edi, __ebx + 0xa,  *(__ebx + 8) & 0x0000ffff) =  *(__ebx + 8) & 0x0000ffff;
															__eax = ( *(__ebx + 8) & 0x0000ffff) >> 1;
															__edi = __edi + __eax * 2;
															__edi = __edi + 2;
															 *(__edi - 2) = __si;
															__ebx =  *__ebx;
															__eflags = __ebx - 0x144575c;
														} while (__ebx != 0x144575c);
														__esi = _v52;
														__ecx = _v16;
														__edx = _v32;
													}
													__ebx = _v56;
													goto L29;
												case 7:
													 *0x1448478 & 0x0000ffff = E0139F3E0(__edi,  *0x144847c,  *0x1448478 & 0x0000ffff);
													__eax =  *0x1448478 & 0x0000ffff;
													__eax = ( *0x1448478 & 0x0000ffff) >> 1;
													__eflags = _a8;
													__edi = __edi + __eax * 2;
													if(_a8 != 0) {
														__ecx = __edi;
														__eax = E013E39F2(__ecx);
														__edi = __eax;
													}
													goto L28;
												case 8:
													__eax = 0;
													 *(__edi - 2) = __ax;
													 *0x1446e58 & 0x0000ffff = E0139F3E0(__edi,  *0x1446e5c,  *0x1446e58 & 0x0000ffff);
													 *(__esi + 0x38) = __edi;
													__eax =  *0x1446e58 & 0x0000ffff;
													__eax = ( *0x1446e58 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													__edi = __edi + 2;
													L28:
													_t286 = _v16;
													_t302 = _v32;
													L29:
													_t274 = _t274 + 4;
													__eflags = _t274;
													_v56 = _t274;
													goto L30;
											}
										}
									}
									goto L108;
									L30:
									_t286 = _t286 + 1;
									_v16 = _t286;
									__eflags = _t286 - _v48;
								} while (_t286 < _v48);
								goto L31;
							}
						}
					}
				} else {
					while(1) {
						L1:
						_t238 =  *(_v60 + _t313 * 4);
						if(_t238 > 8) {
							break;
						}
						switch( *((intOrPtr*)(_t238 * 4 +  &M01382935))) {
							case 0:
								__ax =  *0x1448488;
								__eflags = __ax;
								if(__ax != 0) {
									__eax = __ax & 0x0000ffff;
									__ebx = __ebx + 2;
									__eflags = __ebx;
									goto L53;
								}
								goto L14;
							case 1:
								L44:
								_t302 =  &_v64;
								_v80 = E01382E3E(0,  &_v64);
								_t274 = _t274 + _v64 + 2;
								goto L13;
							case 2:
								__eax =  *0x1448480 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0x1448480;
									goto L80;
								}
								goto L14;
							case 3:
								__eax = E0136EEF0(0x14479a0);
								__eax =  &_v44;
								_push(__eax);
								_push(0);
								_push(0);
								_push(4);
								_push(L"PATH");
								_push(0);
								L57();
								__esi = __eax;
								_v68 = __esi;
								__eflags = __esi - 0xc0000023;
								if(__esi != 0xc0000023) {
									L10:
									__eax = E0136EB70(__ecx, 0x14479a0);
									__eflags = __esi - 0xc0000100;
									if(__esi == 0xc0000100) {
										_v44 = _v44 & 0x00000000;
										__eax = 0;
										_v68 = 0;
										goto L13;
									} else {
										__eflags = __esi;
										if(__esi < 0) {
											L32:
											_t212 = _v72;
											__eflags = _t212;
											if(_t212 != 0) {
												L013777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t212);
											}
											_t213 = _v52;
											__eflags = _t213;
											if(_t213 != 0) {
												__eflags = _t321;
												if(_t321 < 0) {
													L013777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t213);
													_t213 = 0;
												}
											}
											goto L36;
										} else {
											__eax = _v44;
											__ebx = __ebx + __eax * 2;
											__ebx = __ebx + 2;
											__eflags = __ebx;
											L13:
											_t282 = _v36;
											goto L14;
										}
									}
								} else {
									__eax = _v44;
									__ecx =  *0x1447b9c; // 0x0
									_v44 + _v44 =  *[fs:0x30];
									__ecx = __ecx + 0x180000;
									__eax = E01374620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), __ecx,  *[fs:0x30]);
									_v72 = __eax;
									__eflags = __eax;
									if(__eax == 0) {
										__eax = E0136EB70(__ecx, 0x14479a0);
										__eax = _v52;
										L36:
										_pop(_t314);
										_pop(_t322);
										__eflags = _v8 ^ _t326;
										_pop(_t275);
										return E0139B640(_t213, _t275, _v8 ^ _t326, _t302, _t314, _t322);
									} else {
										__ecx =  &_v44;
										_push(__ecx);
										_push(_v44);
										_push(__eax);
										_push(4);
										_push(L"PATH");
										_push(0);
										L57();
										__esi = __eax;
										_v68 = __eax;
										goto L10;
									}
								}
								goto L108;
							case 4:
								__ebx = __ebx + 4;
								goto L14;
							case 5:
								_t270 = _v56;
								if(_v56 != 0) {
									_t302 =  &_v36;
									_t272 = E01382E3E(_t270,  &_v36);
									_t282 = _v36;
									_v76 = _t272;
								}
								if(_t282 == 0) {
									goto L44;
								} else {
									_t274 = _t274 + 2 + _t282;
								}
								goto L14;
							case 6:
								__eax =  *0x1445764 & 0x0000ffff;
								goto L53;
							case 7:
								__eax =  *0x1448478 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = _a8;
								if(_a8 != 0) {
									__ebx = __ebx + 0x16;
									__ebx = __ebx + __eax;
								}
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0x1448478;
									L80:
									_v32 = __eax;
								}
								goto L14;
							case 8:
								__eax =  *0x1446e58 & 0x0000ffff;
								__eax = ( *0x1446e58 & 0x0000ffff) + 2;
								L53:
								__ebx = __ebx + __eax;
								L14:
								_t313 = _t313 + 1;
								if(_t313 >= _v48) {
									goto L16;
								} else {
									_t302 = _v37;
									goto L1;
								}
								goto L108;
						}
					}
					L56:
					_t287 = 0x25;
					asm("int 0x29");
					asm("out 0x28, al");
					__eflags =  *_t287 - _t238;
					asm("o16 sub [eax], bh");
					_t239 = _t238 + _t330;
					asm("daa");
					 *_t287 - _t239 =  *[es:ecx] - _t239;
					_t323 = _t320 + 1;
					 *_t239 =  *_t239 - _t274;
					 *0x1f013826 =  *0x1f013826 + _t239;
					_pop(_t278);
					__eflags = _t239 - 1;
					_t240 = _t330;
					_t332 = _t239;
					 *_t240 =  *_t240 - _t278;
					 *0x2013c5b =  *0x2013c5b + _t323;
					 *_t240 =  *_t240 - _t315;
					 *((intOrPtr*)(_t240 - 0x9fec7d8)) =  *((intOrPtr*)(_t240 - 0x9fec7d8)) + _t240;
					asm("daa");
					__eflags =  *_t287 - _t240;
					_push(ds);
					 *_t240 =  *_t240 - _t278;
					 *((intOrPtr*)(_t323 + 0x28)) =  *((intOrPtr*)(_t323 + 0x28)) + _t287;
					__eflags =  *_t287 - _t240;
					asm("daa");
					__eflags =  *_t287 - _t240;
					asm("fcomp dword [ebx+0x3c]");
					 *((intOrPtr*)(_t240 +  &_a1546912052)) =  *((intOrPtr*)(_t240 +  &_a1546912052)) + _t323;
					__eflags = _t240 - 1;
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(0x20);
					_push(0x142ff00);
					E013AD08C(_t278, _t315, _t323);
					_v44 =  *[fs:0x18];
					_t316 = 0;
					 *_a24 = 0;
					_t279 = _a12;
					__eflags = _t279;
					if(_t279 == 0) {
						_t243 = 0xc0000100;
					} else {
						_v8 = 0;
						_t324 = 0xc0000100;
						_v52 = 0xc0000100;
						_t245 = 4;
						while(1) {
							_v40 = _t245;
							__eflags = _t245;
							if(_t245 == 0) {
								break;
							}
							_t292 = _t245 * 0xc;
							_v48 = _t292;
							__eflags = _t279 -  *((intOrPtr*)(_t292 + 0x1331664));
							if(__eflags <= 0) {
								if(__eflags == 0) {
									_t260 = E0139E5C0(_a8,  *((intOrPtr*)(_t292 + 0x1331668)), _t279);
									_t332 = _t332 + 0xc;
									__eflags = _t260;
									if(__eflags == 0) {
										_t324 = E013D51BE(_t279,  *((intOrPtr*)(_v48 + 0x133166c)), _a16, _t316, _t324, __eflags, _a20, _a24);
										_v52 = _t324;
										break;
									} else {
										_t245 = _v40;
										goto L62;
									}
									goto L70;
								} else {
									L62:
									_t245 = _t245 - 1;
									continue;
								}
							}
							break;
						}
						_v32 = _t324;
						__eflags = _t324;
						if(_t324 < 0) {
							__eflags = _t324 - 0xc0000100;
							if(_t324 == 0xc0000100) {
								_t288 = _a4;
								__eflags = _t288;
								if(_t288 != 0) {
									_v36 = _t288;
									__eflags =  *_t288 - _t316;
									if( *_t288 == _t316) {
										_t324 = 0xc0000100;
										goto L76;
									} else {
										_t304 =  *((intOrPtr*)(_v44 + 0x30));
										_t247 =  *((intOrPtr*)(_t304 + 0x10));
										__eflags =  *((intOrPtr*)(_t247 + 0x48)) - _t288;
										if( *((intOrPtr*)(_t247 + 0x48)) == _t288) {
											__eflags =  *(_t304 + 0x1c);
											if( *(_t304 + 0x1c) == 0) {
												L106:
												_t324 = E01382AE4( &_v36, _a8, _t279, _a16, _a20, _a24);
												_v32 = _t324;
												__eflags = _t324 - 0xc0000100;
												if(_t324 != 0xc0000100) {
													goto L69;
												} else {
													_t316 = 1;
													_t288 = _v36;
													goto L75;
												}
											} else {
												_t250 = E01366600( *(_t304 + 0x1c));
												__eflags = _t250;
												if(_t250 != 0) {
													goto L106;
												} else {
													_t288 = _a4;
													goto L75;
												}
											}
										} else {
											L75:
											_t324 = E01382C50(_t288, _a8, _t279, _a16, _a20, _a24, _t316);
											L76:
											_v32 = _t324;
											goto L69;
										}
									}
									goto L108;
								} else {
									E0136EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
									_v8 = 1;
									_v36 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v44 + 0x30)) + 0x10)) + 0x48));
									_t324 = _a24;
									_t257 = E01382AE4( &_v36, _a8, _t279, _a16, _a20, _t324);
									_v32 = _t257;
									__eflags = _t257 - 0xc0000100;
									if(_t257 == 0xc0000100) {
										_v32 = E01382C50(_v36, _a8, _t279, _a16, _a20, _t324, 1);
									}
									_v8 = _t316;
									E01382ACB();
								}
							}
						}
						L69:
						_v8 = 0xfffffffe;
						_t243 = _t324;
					}
					L70:
					return E013AD0D1(_t243);
				}
				L108:
			}






















































                            0x01382584
                            0x01382586
                            0x01382590
                            0x01382596
                            0x01382597
                            0x01382598
                            0x01382599
                            0x0138259e
                            0x013825a4
                            0x013825a9
                            0x013825ac
                            0x013825ae
                            0x013825b1
                            0x013825b2
                            0x013825b5
                            0x013825b8
                            0x013825bb
                            0x013825bc
                            0x013825bf
                            0x013825c2
                            0x013825c5
                            0x013825c6
                            0x013825cb
                            0x013825ce
                            0x013825d8
                            0x013825db
                            0x013825dd
                            0x013825de
                            0x013825e1
                            0x013825e3
                            0x013825e9
                            0x013826da
                            0x013826da
                            0x013826dd
                            0x013826e2
                            0x013c5b56
                            0x00000000
                            0x013826e8
                            0x013826f9
                            0x013826fb
                            0x013826fe
                            0x01382700
                            0x013c5b60
                            0x00000000
                            0x01382706
                            0x01382706
                            0x0138270a
                            0x0138270a
                            0x0138270d
                            0x01382713
                            0x01382716
                            0x01382718
                            0x0138271c
                            0x0138271e
                            0x013c5b6c
                            0x013c5b6f
                            0x013c5b7f
                            0x013c5b89
                            0x013c5b8e
                            0x013c5b93
                            0x013c5b96
                            0x013c5b9c
                            0x013c5ba0
                            0x013c5ba3
                            0x013c5bab
                            0x013c5bb0
                            0x013c5bb3
                            0x013c5bb3
                            0x013c5ba3
                            0x01382724
                            0x01382726
                            0x01382729
                            0x0138272c
                            0x0138279d
                            0x0138279d
                            0x013827a0
                            0x013827a2
                            0x00000000
                            0x0138272e
                            0x0138272e
                            0x01382731
                            0x01382734
                            0x01382734
                            0x01382736
                            0x013c5bc1
                            0x013c5bc1
                            0x013c5bc4
                            0x00000000
                            0x013c5bca
                            0x013c5bca
                            0x013c5bcd
                            0x00000000
                            0x013c5bd3
                            0x00000000
                            0x013c5bd3
                            0x013c5bcd
                            0x0138273c
                            0x0138273c
                            0x01382742
                            0x01382747
                            0x0138274a
                            0x0138274d
                            0x01382750
                            0x00000000
                            0x01382756
                            0x01382756
                            0x00000000
                            0x01382902
                            0x01382908
                            0x0138290b
                            0x00000000
                            0x01382911
                            0x0138291c
                            0x01382921
                            0x00000000
                            0x01382921
                            0x00000000
                            0x00000000
                            0x01382880
                            0x01382887
                            0x0138288c
                            0x00000000
                            0x00000000
                            0x01382805
                            0x0138280a
                            0x01382814
                            0x01382816
                            0x00000000
                            0x00000000
                            0x0138281e
                            0x01382821
                            0x01382823
                            0x00000000
                            0x01382829
                            0x01382829
                            0x01382831
                            0x0138283c
                            0x0138283e
                            0x00000000
                            0x0138283e
                            0x00000000
                            0x00000000
                            0x0138284e
                            0x01382850
                            0x01382851
                            0x01382854
                            0x01382857
                            0x0138285a
                            0x0138285c
                            0x0138285d
                            0x00000000
                            0x00000000
                            0x0138275d
                            0x01382761
                            0x00000000
                            0x01382767
                            0x0138276e
                            0x01382773
                            0x01382773
                            0x01382776
                            0x01382778
                            0x0138277e
                            0x0138277e
                            0x01382781
                            0x01382781
                            0x01382783
                            0x01382784
                            0x00000000
                            0x00000000
                            0x013c5bd8
                            0x013c5bde
                            0x013c5be4
                            0x013c5be6
                            0x013c5be8
                            0x013c5be9
                            0x013c5bee
                            0x013c5bf8
                            0x013c5bff
                            0x013c5c01
                            0x013c5c04
                            0x013c5c07
                            0x013c5c0b
                            0x013c5c0d
                            0x013c5c0d
                            0x013c5c15
                            0x013c5c18
                            0x013c5c1b
                            0x013c5c1b
                            0x013c5c1e
                            0x00000000
                            0x00000000
                            0x013828c3
                            0x013828c8
                            0x013828d2
                            0x013828d4
                            0x013828d8
                            0x013828db
                            0x013c5c26
                            0x013c5c28
                            0x013c5c2d
                            0x013c5c2d
                            0x00000000
                            0x00000000
                            0x013c5c34
                            0x013c5c36
                            0x013c5c49
                            0x013c5c4e
                            0x013c5c54
                            0x013c5c5b
                            0x013c5c5d
                            0x013c5c60
                            0x01382788
                            0x01382788
                            0x0138278b
                            0x0138278e
                            0x0138278e
                            0x0138278e
                            0x01382791
                            0x00000000
                            0x00000000
                            0x01382756
                            0x01382750
                            0x00000000
                            0x01382794
                            0x01382794
                            0x01382795
                            0x01382798
                            0x01382798
                            0x00000000
                            0x01382734
                            0x0138272c
                            0x01382700
                            0x013825ef
                            0x013825ef
                            0x013825ef
                            0x013825f2
                            0x013825f8
                            0x00000000
                            0x00000000
                            0x013825fe
                            0x00000000
                            0x013828e6
                            0x013828ec
                            0x013828ef
                            0x013828f5
                            0x013828f8
                            0x013828f8
                            0x00000000
                            0x013828f8
                            0x00000000
                            0x00000000
                            0x01382866
                            0x01382866
                            0x01382876
                            0x01382879
                            0x00000000
                            0x00000000
                            0x013827e0
                            0x013827e7
                            0x013827e9
                            0x013827eb
                            0x013c5afd
                            0x00000000
                            0x013c5afd
                            0x00000000
                            0x00000000
                            0x01382633
                            0x01382638
                            0x0138263b
                            0x0138263c
                            0x0138263e
                            0x01382640
                            0x01382642
                            0x01382647
                            0x01382649
                            0x0138264e
                            0x01382650
                            0x01382653
                            0x01382659
                            0x013826a2
                            0x013826a7
                            0x013826ac
                            0x013826b2
                            0x013c5b11
                            0x013c5b15
                            0x013c5b17
                            0x00000000
                            0x013826b8
                            0x013826b8
                            0x013826ba
                            0x013827a6
                            0x013827a6
                            0x013827a9
                            0x013827ab
                            0x013827b9
                            0x013827b9
                            0x013827be
                            0x013827c1
                            0x013827c3
                            0x013827c5
                            0x013827c7
                            0x013c5c74
                            0x013c5c79
                            0x013c5c79
                            0x013827c7
                            0x00000000
                            0x013826c0
                            0x013826c0
                            0x013826c3
                            0x013826c6
                            0x013826c6
                            0x013826c9
                            0x013826c9
                            0x00000000
                            0x013826c9
                            0x013826ba
                            0x0138265b
                            0x0138265b
                            0x0138265e
                            0x01382667
                            0x0138266d
                            0x01382677
                            0x0138267c
                            0x0138267f
                            0x01382681
                            0x013c5b49
                            0x013c5b4e
                            0x013827cd
                            0x013827d0
                            0x013827d1
                            0x013827d2
                            0x013827d4
                            0x013827dd
                            0x01382687
                            0x01382687
                            0x0138268a
                            0x0138268b
                            0x0138268e
                            0x0138268f
                            0x01382691
                            0x01382696
                            0x01382698
                            0x0138269d
                            0x0138269f
                            0x00000000
                            0x0138269f
                            0x01382681
                            0x00000000
                            0x00000000
                            0x01382846
                            0x00000000
                            0x00000000
                            0x01382605
                            0x0138260a
                            0x0138260c
                            0x01382611
                            0x01382616
                            0x01382619
                            0x01382619
                            0x0138261e
                            0x00000000
                            0x01382624
                            0x01382627
                            0x01382627
                            0x00000000
                            0x00000000
                            0x013c5b1f
                            0x00000000
                            0x00000000
                            0x01382894
                            0x0138289b
                            0x0138289d
                            0x013828a1
                            0x013c5b2b
                            0x013c5b2e
                            0x013c5b2e
                            0x013828a7
                            0x013828a9
                            0x013c5b04
                            0x013c5b09
                            0x013c5b09
                            0x013c5b09
                            0x00000000
                            0x00000000
                            0x013c5b35
                            0x013c5b3c
                            0x013828fb
                            0x013828fb
                            0x013826cc
                            0x013826cc
                            0x013826d0
                            0x00000000
                            0x013826d2
                            0x013826d2
                            0x00000000
                            0x013826d2
                            0x00000000
                            0x00000000
                            0x013825fe
                            0x0138292d
                            0x0138292f
                            0x01382930
                            0x01382935
                            0x01382937
                            0x01382939
                            0x0138293c
                            0x0138293e
                            0x01382941
                            0x01382945
                            0x01382946
                            0x01382948
                            0x0138294e
                            0x0138294f
                            0x01382951
                            0x01382951
                            0x01382952
                            0x01382954
                            0x0138295a
                            0x0138295c
                            0x01382962
                            0x01382963
                            0x01382965
                            0x01382966
                            0x01382968
                            0x0138296b
                            0x0138296e
                            0x0138296f
                            0x01382971
                            0x01382974
                            0x0138297b
                            0x0138297d
                            0x0138297e
                            0x0138297f
                            0x01382980
                            0x01382981
                            0x01382982
                            0x01382983
                            0x01382984
                            0x01382985
                            0x01382986
                            0x01382987
                            0x01382988
                            0x01382989
                            0x0138298a
                            0x0138298b
                            0x0138298c
                            0x0138298d
                            0x0138298e
                            0x0138298f
                            0x01382990
                            0x01382992
                            0x01382997
                            0x013829a3
                            0x013829a6
                            0x013829ab
                            0x013829ad
                            0x013829b0
                            0x013829b2
                            0x013c5c80
                            0x013829b8
                            0x013829b8
                            0x013829bb
                            0x013829c0
                            0x013829c5
                            0x013829c6
                            0x013829c6
                            0x013829c9
                            0x013829cb
                            0x00000000
                            0x00000000
                            0x013829cd
                            0x013829d0
                            0x013829d9
                            0x013829db
                            0x013829dd
                            0x01382a7f
                            0x01382a84
                            0x01382a87
                            0x01382a89
                            0x013c5ca1
                            0x013c5ca3
                            0x00000000
                            0x01382a8f
                            0x01382a8f
                            0x00000000
                            0x01382a8f
                            0x00000000
                            0x013829e3
                            0x013829e3
                            0x013829e3
                            0x00000000
                            0x013829e3
                            0x013829dd
                            0x00000000
                            0x013829db
                            0x013829e6
                            0x013829e9
                            0x013829eb
                            0x013829ed
                            0x013829f3
                            0x013829f5
                            0x013829f8
                            0x013829fa
                            0x01382a97
                            0x01382a9a
                            0x01382a9d
                            0x01382add
                            0x00000000
                            0x01382a9f
                            0x01382aa2
                            0x01382aa5
                            0x01382aa8
                            0x01382aab
                            0x013c5cab
                            0x013c5caf
                            0x013c5cc5
                            0x013c5cda
                            0x013c5cdc
                            0x013c5cdf
                            0x013c5ce5
                            0x00000000
                            0x013c5ceb
                            0x013c5ced
                            0x013c5cee
                            0x00000000
                            0x013c5cee
                            0x013c5cb1
                            0x013c5cb4
                            0x013c5cb9
                            0x013c5cbb
                            0x00000000
                            0x013c5cbd
                            0x013c5cbd
                            0x00000000
                            0x013c5cbd
                            0x013c5cbb
                            0x01382ab1
                            0x01382ab1
                            0x01382ac4
                            0x01382ac6
                            0x01382ac6
                            0x00000000
                            0x01382ac6
                            0x01382aab
                            0x00000000
                            0x01382a00
                            0x01382a09
                            0x01382a0e
                            0x01382a21
                            0x01382a24
                            0x01382a35
                            0x01382a3a
                            0x01382a3d
                            0x01382a42
                            0x01382a59
                            0x01382a59
                            0x01382a5c
                            0x01382a5f
                            0x01382a5f
                            0x013829fa
                            0x013829f3
                            0x01382a64
                            0x01382a64
                            0x01382a6b
                            0x01382a6b
                            0x01382a6d
                            0x01382a72
                            0x01382a72
                            0x00000000

                            Strings
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID: PATH
                            • API String ID: 0-1036084923
                            • Opcode ID: 7dbbe09d2074dd47cc43d823380d571fbb77352ee09bf6ba57b4eec5376e2f05
                            • Instruction ID: 1b16017df528271cddde0be93a926e27affae557fb735834f93541c672555325
                            • Opcode Fuzzy Hash: 7dbbe09d2074dd47cc43d823380d571fbb77352ee09bf6ba57b4eec5376e2f05
                            • Instruction Fuzzy Hash: 40C1AF75E00319EFDB25EF9DD880BAEBBB5FF48758F444029E901AB250E774A941CB60
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0135C962 Relevance: 1.6, APIs: 1, Instructions: 57COMMON
                            Download Yara Rule
                            C-Code - Quality: 42%
                            			E0135C962(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t19;
				intOrPtr _t22;
				void* _t26;
				void* _t27;
				void* _t32;
				intOrPtr _t34;
				void* _t35;
				void* _t37;
				intOrPtr* _t38;
				signed int _t39;

				_t41 = (_t39 & 0xfffffff8) - 0xc;
				_v8 =  *0x144d360 ^ (_t39 & 0xfffffff8) - 0x0000000c;
				_t34 = __ecx;
				if(( *( *[fs:0x30] + 0x68) & 0x00000100) != 0) {
					_t26 = 0;
					E0136EEF0(0x14470a0);
					_t29 =  *((intOrPtr*)(_t34 + 0x18));
					if(E013DF625( *((intOrPtr*)(_t34 + 0x18))) != 0) {
						L9:
						E0136EB70(_t29, 0x14470a0);
						_t19 = _t26;
						L2:
						_pop(_t35);
						_pop(_t37);
						_pop(_t27);
						return E0139B640(_t19, _t27, _v8 ^ _t41, _t32, _t35, _t37);
					}
					_t29 = _t34;
					_t26 = E013DF1FC(_t34, _t32);
					if(_t26 < 0) {
						goto L9;
					}
					_t38 =  *0x14470c0; // 0x0
					while(_t38 != 0x14470c0) {
						_t22 =  *((intOrPtr*)(_t38 + 0x18));
						_t38 =  *_t38;
						_v12 = _t22;
						if(_t22 != 0) {
							_t29 = _t22;
							 *0x144b1e0( *((intOrPtr*)(_t34 + 0x30)),  *((intOrPtr*)(_t34 + 0x18)),  *((intOrPtr*)(_t34 + 0x20)), _t34);
							_v12();
						}
					}
					goto L9;
				}
				_t19 = 0;
				goto L2;
			}


















                            0x0135c96a
                            0x0135c974
                            0x0135c988
                            0x0135c98a
                            0x013c7c9d
                            0x013c7c9f
                            0x013c7ca4
                            0x013c7cae
                            0x013c7cf0
                            0x013c7cf5
                            0x013c7cfa
                            0x0135c992
                            0x0135c996
                            0x0135c997
                            0x0135c998
                            0x0135c9a3
                            0x0135c9a3
                            0x013c7cb0
                            0x013c7cb7
                            0x013c7cbb
                            0x00000000
                            0x00000000
                            0x013c7cbd
                            0x013c7ce8
                            0x013c7cc5
                            0x013c7cc8
                            0x013c7cca
                            0x013c7cd0
                            0x013c7cd6
                            0x013c7cde
                            0x013c7ce4
                            0x013c7ce4
                            0x013c7cd0
                            0x00000000
                            0x013c7ce8
                            0x0135c990
                            0x00000000

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: f48215a8b3d495ba2e8b7f4aaa376e262e3e94f7c8c7ab4f28e68a034584f030
                            • Instruction ID: e30b928104f3d3b96ca0d27faeec2e82c856b8fc2f48c6763869c3c857f6f838
                            • Opcode Fuzzy Hash: f48215a8b3d495ba2e8b7f4aaa376e262e3e94f7c8c7ab4f28e68a034584f030
                            • Instruction Fuzzy Hash: 3A11E5363006079BCB20AF3DDC8592BBBE9FB94A18B10453DED4583661EB20EC15CBD1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 01357057 Relevance: 1.5, APIs: 1, Instructions: 42timeCOMMON
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID: DebugPrintTimes
                            • String ID:
                            • API String ID: 3446177414-0
                            • Opcode ID: ddf675adc5ed5668282af9e8201c8d48f7c18f691c989680bb594437ca9624da
                            • Instruction ID: 9c5e2a21a6013f712f99e685f574b5307add9a6ea72b462b46a00e9934ffe99c
                            • Opcode Fuzzy Hash: ddf675adc5ed5668282af9e8201c8d48f7c18f691c989680bb594437ca9624da
                            • Instruction Fuzzy Hash: CC01AD35200608ABD731DF68DC05FABFBF9EF44A14F10016DE90583190CAA1AA04CB91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0138D7CA Relevance: 1.4, Strings: 1, Instructions: 192COMMON
                            Download Yara Rule
                            C-Code - Quality: 73%
                            			E0138D7CA(signed int __ecx, intOrPtr* __edx, char _a4, intOrPtr* _a8, intOrPtr* _a12, intOrPtr* _a16) {
				char _v8;
				char _v12;
				char _v16;
				signed int _v20;
				char _v24;
				signed int _v28;
				intOrPtr _v32;
				char _v36;
				intOrPtr _v40;
				char _v44;
				intOrPtr _v48;
				signed int _v52;
				intOrPtr _v56;
				char _v60;
				signed int _v64;
				signed int _v68;
				intOrPtr _v72;
				char* _v76;
				signed int _v80;
				char _v84;
				signed int _t78;
				intOrPtr _t100;
				signed int _t102;
				signed int _t103;
				void* _t105;
				signed int _t107;
				void* _t108;
				intOrPtr* _t111;
				intOrPtr* _t112;
				void* _t116;
				intOrPtr _t117;
				signed int _t119;

				_t116 = 0;
				_v28 = __ecx;
				_v8 = 0;
				_v12 = 0;
				_v16 = 0;
				_v24 = 0;
				if(__ecx == 0 || __edx == 0 || _a12 == 0) {
					return 0xc000000d;
				} else {
					if(E0136B060(__ecx, __ecx & 0xfffffffc) == 0) {
						_t119 = 0xc000007b;
						L27:
						if(_v8 != 0) {
							_push(_v8);
							E013995D0();
							_v8 = _t116;
						}
						if(_v16 != 0) {
							_push(_v16);
							_push(0xffffffff);
							E013997A0();
						}
						L25:
						return _t119;
					}
					_t107 = 6;
					asm("sbb ebx, ebx");
					_t108 = 2;
					_t105 = (_t103 & _t107) + _t108;
					if(_a4 != 0) {
						_v36 =  *__edx;
						_v32 =  *((intOrPtr*)(__edx + 4));
						_v20 = 0;
						_v84 = 0x18;
						L33:
						_v80 = _v80 & 0x00000000;
						L10:
						_v68 = _v68 & 0x00000000;
						_v64 = _v64 & 0x00000000;
						_t109 =  &_v8;
						_v72 = 0x40;
						_v76 =  &_v36;
						_t78 = E0138D976( &_v8,  &_v84, _v28);
						_t119 = _t78;
						if(_t116 == 0) {
							_t116 = 0;
							L14:
							if(_t119 < 0) {
								goto L27;
							}
							_push(_v8);
							_push(0x8000000);
							_push(_t105);
							_push(_t116);
							_push(_t116);
							_push(0xf0005);
							_push( &_v12);
							_t119 = E013999A0();
							if(_t119 < 0) {
								goto L27;
							}
							_push(_t105);
							_push(_t116);
							_push(1);
							_v44 = _t116;
							_push( &_v24);
							_v40 = _t116;
							_push( &_v44);
							_push(_t116);
							_push(_t116);
							_push( &_v16);
							_push(0xffffffff);
							_push(_v12);
							_t119 = E01399780();
							if(_v12 != 0) {
								_push(_v12);
								E013995D0();
								_v12 = _t116;
							}
							if(_t119 < 0) {
								goto L27;
							} else {
								if(E0136B060(_t109, _v16) == 0) {
									_t119 = 0xc000007b;
								}
								if(_t119 < 0) {
									goto L27;
								} else {
									 *_a12 = _v16;
									_t111 = _a16;
									if(_t111 != 0) {
										 *_t111 = _v24;
									}
									_t112 = _a8;
									if(_t112 == 0) {
										if(_v8 != 0) {
											_push(_v8);
											E013995D0();
										}
									} else {
										 *_t112 = _v8;
									}
									goto L25;
								}
							}
						}
						_t117 = _v48;
						if(_t117 != 0) {
							asm("lock xadd [edi], eax");
							if((_t78 | 0xffffffff) != 0) {
								goto L12;
							}
							_push( *((intOrPtr*)(_t117 + 4)));
							E013995D0();
							_t116 = 0;
							L013777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t117);
							L13:
							L013777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t116, _v20);
							goto L14;
						}
						L12:
						_t116 = 0;
						goto L13;
					}
					_t119 = E013665BA(_t108,  *((intOrPtr*)(__edx + 4)),  &_v36, 0,  &_v60);
					if(_t119 < 0) {
						goto L27;
					}
					_t100 = _v60;
					_t116 = _v32;
					_v20 = _t116;
					if(_t100 != 0) {
						_v36 = _t100;
						_v32 = _v56;
						_t102 = _v52;
					} else {
						_t102 = 0;
					}
					_v84 = 0x18;
					if(_t116 == 0) {
						goto L33;
					} else {
						_v80 = _t102;
						goto L10;
					}
				}
			}



































                            0x0138d7d9
                            0x0138d7db
                            0x0138d7de
                            0x0138d7e1
                            0x0138d7e4
                            0x0138d7e7
                            0x0138d7ec
                            0x00000000
                            0x0138d803
                            0x0138d80e
                            0x013cb180
                            0x0138d95a
                            0x0138d95e
                            0x013cb203
                            0x013cb206
                            0x013cb20b
                            0x013cb20b
                            0x0138d968
                            0x013cb213
                            0x013cb216
                            0x013cb218
                            0x013cb218
                            0x0138d94f
                            0x00000000
                            0x0138d94f
                            0x0138d816
                            0x0138d81d
                            0x0138d821
                            0x0138d822
                            0x0138d828
                            0x013cb18c
                            0x013cb192
                            0x013cb195
                            0x013cb198
                            0x013cb19f
                            0x013cb19f
                            0x0138d86f
                            0x0138d872
                            0x0138d879
                            0x0138d880
                            0x0138d883
                            0x0138d88a
                            0x0138d88d
                            0x0138d892
                            0x0138d896
                            0x013cb1e5
                            0x0138d8bb
                            0x0138d8bd
                            0x00000000
                            0x00000000
                            0x0138d8c3
                            0x0138d8c9
                            0x0138d8ce
                            0x0138d8cf
                            0x0138d8d0
                            0x0138d8d1
                            0x0138d8d6
                            0x0138d8dc
                            0x0138d8e0
                            0x00000000
                            0x00000000
                            0x0138d8e2
                            0x0138d8e3
                            0x0138d8e4
                            0x0138d8e9
                            0x0138d8ec
                            0x0138d8f0
                            0x0138d8f3
                            0x0138d8f4
                            0x0138d8f5
                            0x0138d8f9
                            0x0138d8fa
                            0x0138d8fc
                            0x0138d908
                            0x0138d90a
                            0x0138d90c
                            0x0138d90f
                            0x0138d914
                            0x0138d914
                            0x0138d919
                            0x00000000
                            0x0138d91b
                            0x0138d925
                            0x0138d96f
                            0x0138d96f
                            0x0138d929
                            0x00000000
                            0x0138d92b
                            0x0138d931
                            0x0138d933
                            0x0138d938
                            0x0138d93d
                            0x0138d93d
                            0x0138d93f
                            0x0138d944
                            0x013cb1f0
                            0x013cb1f6
                            0x013cb1f9
                            0x013cb1f9
                            0x0138d94a
                            0x0138d94d
                            0x0138d94d
                            0x00000000
                            0x0138d944
                            0x0138d929
                            0x0138d919
                            0x0138d89c
                            0x0138d8a1
                            0x013cb1bc
                            0x013cb1c0
                            0x00000000
                            0x00000000
                            0x013cb1c6
                            0x013cb1c9
                            0x013cb1d5
                            0x013cb1db
                            0x0138d8a9
                            0x0138d8b6
                            0x00000000
                            0x0138d8b6
                            0x0138d8a7
                            0x0138d8a7
                            0x00000000
                            0x0138d8a7
                            0x0138d83f
                            0x0138d843
                            0x00000000
                            0x00000000
                            0x0138d849
                            0x0138d84c
                            0x0138d84f
                            0x0138d855
                            0x013cb1a8
                            0x013cb1ae
                            0x013cb1b1
                            0x0138d85b
                            0x0138d85b
                            0x0138d85b
                            0x0138d85d
                            0x0138d866
                            0x00000000
                            0x0138d86c
                            0x0138d86c
                            0x00000000
                            0x0138d86c
                            0x0138d866

                            Strings
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID: @
                            • API String ID: 0-2766056989
                            • Opcode ID: f9e51fa7ed1cb36f85b7a86adbf40520465290fbffd2fdb35cf32ec65272afcf
                            • Instruction ID: 023aac065a4b0fc1d5cd5d18895dd83967e6cd3c86db10432abd60e749863caa
                            • Opcode Fuzzy Hash: f9e51fa7ed1cb36f85b7a86adbf40520465290fbffd2fdb35cf32ec65272afcf
                            • Instruction Fuzzy Hash: 2C618F71D0020AEBDF11EFA9C840BAEBBB9FF84718F104169E914A7294D7749E01CB50
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 013552A5 Relevance: 1.4, Strings: 1, Instructions: 161COMMON
                            Download Yara Rule
                            C-Code - Quality: 78%
                            			E013552A5(char __ecx) {
				char _v20;
				char _v28;
				char _v29;
				void* _v32;
				void* _v36;
				void* _v37;
				void* _v38;
				void* _v40;
				void* _v46;
				void* _v64;
				void* __ebx;
				intOrPtr* _t49;
				signed int _t53;
				short _t85;
				signed int _t87;
				signed int _t88;
				signed int _t89;
				intOrPtr _t101;
				intOrPtr* _t102;
				intOrPtr* _t104;
				signed int _t106;
				void* _t108;

				_t93 = __ecx;
				_t108 = (_t106 & 0xfffffff8) - 0x1c;
				_push(_t88);
				_v29 = __ecx;
				_t89 = _t88 | 0xffffffff;
				while(1) {
					E0136EEF0(0x14479a0);
					_t104 =  *0x1448210; // 0xe22ce8
					if(_t104 == 0) {
						break;
					}
					asm("lock inc dword [esi]");
					 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)(_t104 + 8));
					E0136EB70(_t93, 0x14479a0);
					if( *((char*)(_t108 + 0xf)) != 0) {
						_t101 =  *0x7ffe02dc;
						__eflags =  *(_t104 + 0x14) & 0x00000001;
						if(( *(_t104 + 0x14) & 0x00000001) != 0) {
							L9:
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0x90028);
							_push(_t108 + 0x20);
							_push(0);
							_push(0);
							_push(0);
							_push( *((intOrPtr*)(_t104 + 4)));
							_t53 = E01399890();
							__eflags = _t53;
							if(_t53 >= 0) {
								__eflags =  *(_t104 + 0x14) & 0x00000001;
								if(( *(_t104 + 0x14) & 0x00000001) == 0) {
									E0136EEF0(0x14479a0);
									 *((intOrPtr*)(_t104 + 8)) = _t101;
									E0136EB70(0, 0x14479a0);
								}
								goto L3;
							}
							__eflags = _t53 - 0xc0000012;
							if(__eflags == 0) {
								L12:
								_t13 = _t104 + 0xc; // 0xe22cf5
								_t93 = _t13;
								 *((char*)(_t108 + 0x12)) = 0;
								__eflags = E0138F0BF(_t13,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
								if(__eflags >= 0) {
									L15:
									_t102 = _v28;
									 *_t102 = 2;
									 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
									E0136EEF0(0x14479a0);
									__eflags =  *0x1448210 - _t104; // 0xe22ce8
									if(__eflags == 0) {
										__eflags =  *((char*)(_t108 + 0xe));
										_t95 =  *((intOrPtr*)(_t108 + 0x14));
										 *0x1448210 = _t102;
										_t32 = _t102 + 0xc; // 0x0
										 *_t95 =  *_t32;
										_t33 = _t102 + 0x10; // 0x0
										 *((intOrPtr*)(_t95 + 4)) =  *_t33;
										_t35 = _t102 + 4; // 0xffffffff
										 *((intOrPtr*)(_t95 + 8)) =  *_t35;
										if(__eflags != 0) {
											_t95 =  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10))));
											E013D4888(_t89,  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10)))), __eflags);
										}
										E0136EB70(_t95, 0x14479a0);
										asm("lock xadd [esi], eax");
										if(__eflags == 0) {
											_push( *((intOrPtr*)(_t104 + 4)));
											E013995D0();
											L013777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										asm("lock xadd [esi], ebx");
										__eflags = _t89 == 1;
										if(_t89 == 1) {
											_push( *((intOrPtr*)(_t104 + 4)));
											E013995D0();
											L013777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										_t49 = _t102;
										L4:
										return _t49;
									}
									E0136EB70(_t93, 0x14479a0);
									asm("lock xadd [esi], eax");
									if(__eflags == 0) {
										_push( *((intOrPtr*)(_t104 + 4)));
										E013995D0();
										L013777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
										_t102 =  *((intOrPtr*)(_t108 + 0x10));
									}
									 *_t102 = 1;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										_t28 = _t102 + 4; // 0xffffffff
										_push( *_t28);
										E013995D0();
										L013777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t102);
									}
									continue;
								}
								_t93 =  &_v20;
								 *((intOrPtr*)(_t108 + 0x20)) =  *((intOrPtr*)(_t104 + 0x10));
								_t85 = 6;
								_v20 = _t85;
								_t87 = E0138F0BF( &_v20,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
								__eflags = _t87;
								if(_t87 < 0) {
									goto L3;
								}
								 *((char*)(_t108 + 0xe)) = 1;
								goto L15;
							}
							__eflags = _t53 - 0xc000026e;
							if(__eflags != 0) {
								goto L3;
							}
							goto L12;
						}
						__eflags = 0x7ffe02dc -  *((intOrPtr*)(_t108 + 0x14));
						if(0x7ffe02dc ==  *((intOrPtr*)(_t108 + 0x14))) {
							goto L3;
						} else {
							goto L9;
						}
					}
					L3:
					_t49 = _t104;
					goto L4;
				}
				_t49 = 0;
				goto L4;
			}

























                            0x013552a5
                            0x013552ad
                            0x013552b0
                            0x013552b3
                            0x013552b7
                            0x013552ba
                            0x013552bf
                            0x013552c4
                            0x013552cc
                            0x00000000
                            0x00000000
                            0x013552ce
                            0x013552d9
                            0x013552dd
                            0x013552e7
                            0x013552f7
                            0x013552f9
                            0x013552fd
                            0x013b0dcf
                            0x013b0dd5
                            0x013b0dd6
                            0x013b0dd7
                            0x013b0dd8
                            0x013b0dd9
                            0x013b0dde
                            0x013b0ddf
                            0x013b0de0
                            0x013b0de1
                            0x013b0de2
                            0x013b0de5
                            0x013b0dea
                            0x013b0dec
                            0x013b0f60
                            0x013b0f64
                            0x013b0f70
                            0x013b0f76
                            0x013b0f79
                            0x013b0f79
                            0x00000000
                            0x013b0f64
                            0x013b0df2
                            0x013b0df7
                            0x013b0e04
                            0x013b0e0d
                            0x013b0e0d
                            0x013b0e10
                            0x013b0e1a
                            0x013b0e1c
                            0x013b0e4c
                            0x013b0e52
                            0x013b0e61
                            0x013b0e67
                            0x013b0e6b
                            0x013b0e70
                            0x013b0e76
                            0x013b0ed7
                            0x013b0edc
                            0x013b0ee0
                            0x013b0ee6
                            0x013b0eea
                            0x013b0eed
                            0x013b0ef0
                            0x013b0ef3
                            0x013b0ef6
                            0x013b0ef9
                            0x013b0efe
                            0x013b0f01
                            0x013b0f01
                            0x013b0f0b
                            0x013b0f12
                            0x013b0f16
                            0x013b0f18
                            0x013b0f1b
                            0x013b0f2c
                            0x013b0f31
                            0x013b0f31
                            0x013b0f35
                            0x013b0f39
                            0x013b0f3a
                            0x013b0f3c
                            0x013b0f3f
                            0x013b0f50
                            0x013b0f55
                            0x013b0f55
                            0x013b0f59
                            0x013552eb
                            0x013552f1
                            0x013552f1
                            0x013b0e7d
                            0x013b0e84
                            0x013b0e88
                            0x013b0e8a
                            0x013b0e8d
                            0x013b0e9e
                            0x013b0ea3
                            0x013b0ea3
                            0x013b0ea7
                            0x013b0eaf
                            0x013b0eb3
                            0x013b0eb9
                            0x013b0eb9
                            0x013b0ebc
                            0x013b0ecd
                            0x013b0ecd
                            0x00000000
                            0x013b0eb3
                            0x013b0e21
                            0x013b0e2b
                            0x013b0e2f
                            0x013b0e30
                            0x013b0e3a
                            0x013b0e3f
                            0x013b0e41
                            0x00000000
                            0x00000000
                            0x013b0e47
                            0x00000000
                            0x013b0e47
                            0x013b0df9
                            0x013b0dfe
                            0x00000000
                            0x00000000
                            0x00000000
                            0x013b0dfe
                            0x01355303
                            0x01355307
                            0x00000000
                            0x01355309
                            0x00000000
                            0x01355309
                            0x01355307
                            0x013552e9
                            0x013552e9
                            0x00000000
                            0x013552e9
                            0x0135530e
                            0x00000000

                            Strings
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID: ,
                            • API String ID: 0-4120420056
                            • Opcode ID: dfe46ceb45e7946a104bb47330a7e35f38a78a3d6fb228902d63e27b069b789a
                            • Instruction ID: eaf9f339e76c83ffc4d6deab78b7ef8b67538887babf518733db20829f856377
                            • Opcode Fuzzy Hash: dfe46ceb45e7946a104bb47330a7e35f38a78a3d6fb228902d63e27b069b789a
                            • Instruction Fuzzy Hash: 4851EE71204782ABD721EF68C840B27BBE8FF54B58F10491EF99987A61E770E805C792
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0138F0BF Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                            Download Yara Rule
                            C-Code - Quality: 75%
                            			E0138F0BF(signed short* __ecx, signed short __edx, void* __eflags, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char* _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				char _v36;
				char _v44;
				char _v52;
				intOrPtr _v56;
				char _v60;
				intOrPtr _v72;
				void* _t51;
				void* _t58;
				signed short _t82;
				short _t84;
				signed int _t91;
				signed int _t100;
				signed short* _t103;
				void* _t108;
				intOrPtr* _t109;

				_t103 = __ecx;
				_t82 = __edx;
				_t51 = E01374120(0, __ecx, 0,  &_v52, 0, 0, 0);
				if(_t51 >= 0) {
					_push(0x21);
					_push(3);
					_v56 =  *0x7ffe02dc;
					_v20 =  &_v52;
					_push( &_v44);
					_v28 = 0x18;
					_push( &_v28);
					_push(0x100020);
					_v24 = 0;
					_push( &_v60);
					_v16 = 0x40;
					_v12 = 0;
					_v8 = 0;
					_t58 = E01399830();
					_t87 =  *[fs:0x30];
					_t108 = _t58;
					L013777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v72);
					if(_t108 < 0) {
						L11:
						_t51 = _t108;
					} else {
						_push(4);
						_push(8);
						_push( &_v36);
						_push( &_v44);
						_push(_v60);
						_t108 = E01399990();
						if(_t108 < 0) {
							L10:
							_push(_v60);
							E013995D0();
							goto L11;
						} else {
							_t109 = E01374620(_t87,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t82 + 0x18);
							if(_t109 == 0) {
								_t108 = 0xc0000017;
								goto L10;
							} else {
								_t21 = _t109 + 0x18; // 0x18
								 *((intOrPtr*)(_t109 + 4)) = _v60;
								 *_t109 = 1;
								 *((intOrPtr*)(_t109 + 0x10)) = _t21;
								 *(_t109 + 0xe) = _t82;
								 *((intOrPtr*)(_t109 + 8)) = _v56;
								 *((intOrPtr*)(_t109 + 0x14)) = _v32;
								E0139F3E0(_t21, _t103[2],  *_t103 & 0x0000ffff);
								 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
								 *((short*)(_t109 + 0xc)) =  *_t103;
								_t91 =  *_t103 & 0x0000ffff;
								_t100 = _t91 & 0xfffffffe;
								_t84 = 0x5c;
								if( *((intOrPtr*)(_t103[2] + _t100 - 2)) != _t84) {
									if(_t91 + 4 > ( *(_t109 + 0xe) & 0x0000ffff)) {
										_push(_v60);
										E013995D0();
										L013777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t109);
										_t51 = 0xc0000106;
									} else {
										 *((short*)(_t100 +  *((intOrPtr*)(_t109 + 0x10)))) = _t84;
										 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + 2 + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
										 *((short*)(_t109 + 0xc)) =  *((short*)(_t109 + 0xc)) + 2;
										goto L5;
									}
								} else {
									L5:
									 *_a4 = _t109;
									_t51 = 0;
								}
							}
						}
					}
				}
				return _t51;
			}

























                            0x0138f0d3
                            0x0138f0d9
                            0x0138f0e0
                            0x0138f0e7
                            0x0138f0f2
                            0x0138f0f4
                            0x0138f0f8
                            0x0138f100
                            0x0138f108
                            0x0138f10d
                            0x0138f115
                            0x0138f116
                            0x0138f11f
                            0x0138f123
                            0x0138f124
                            0x0138f12c
                            0x0138f130
                            0x0138f134
                            0x0138f13d
                            0x0138f144
                            0x0138f14b
                            0x0138f152
                            0x013cbab0
                            0x013cbab0
                            0x0138f158
                            0x0138f158
                            0x0138f15a
                            0x0138f160
                            0x0138f165
                            0x0138f166
                            0x0138f16f
                            0x0138f173
                            0x013cbaa7
                            0x013cbaa7
                            0x013cbaab
                            0x00000000
                            0x0138f179
                            0x0138f18d
                            0x0138f191
                            0x013cbaa2
                            0x00000000
                            0x0138f197
                            0x0138f19b
                            0x0138f1a2
                            0x0138f1a9
                            0x0138f1af
                            0x0138f1b2
                            0x0138f1b6
                            0x0138f1b9
                            0x0138f1c4
                            0x0138f1d8
                            0x0138f1df
                            0x0138f1e3
                            0x0138f1eb
                            0x0138f1ee
                            0x0138f1f4
                            0x0138f20f
                            0x013cbab7
                            0x013cbabb
                            0x013cbacc
                            0x013cbad1
                            0x0138f215
                            0x0138f218
                            0x0138f226
                            0x0138f22b
                            0x00000000
                            0x0138f22b
                            0x0138f1f6
                            0x0138f1f6
                            0x0138f1f9
                            0x0138f1fb
                            0x0138f1fb
                            0x0138f1f4
                            0x0138f191
                            0x0138f173
                            0x0138f152
                            0x0138f203

                            Strings
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID: @
                            • API String ID: 0-2766056989
                            • Opcode ID: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                            • Instruction ID: fbd07eeff18e15c4873fd97dd955893214f4c8945fdbbf62827d16f16511d079
                            • Opcode Fuzzy Hash: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                            • Instruction Fuzzy Hash: 10518D71504711AFD320DF19C841A6BBBF8FF58758F00892DFA9587690E7B4E904CB91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 01355050 Relevance: 1.4, Strings: 1, Instructions: 133COMMON
                            Download Yara Rule
                            C-Code - Quality: 96%
                            			E01355050(intOrPtr _a4) {
				char _v24;
				intOrPtr _v28;
				void* _v30;
				intOrPtr _v32;
				void* _v44;
				void* _v46;
				void* _v48;
				void* _v52;
				void* _v60;
				void* _v72;
				intOrPtr _t34;
				short _t36;
				intOrPtr _t38;
				signed short _t41;
				signed int _t51;
				short _t60;
				intOrPtr _t68;
				intOrPtr _t73;
				signed int _t77;
				short _t78;
				short _t79;
				intOrPtr _t80;
				signed int _t81;
				void* _t83;

				_t83 = (_t81 & 0xfffffff8) - 0x1c;
				_t34 =  *[fs:0x30];
				_t58 =  *((intOrPtr*)(_t34 + 0x18));
				_t73 =  *((intOrPtr*)(_t34 + 0x10));
				_v28 =  *((intOrPtr*)(_t34 + 0x18));
				if(E0135519E(_a4) != 0) {
					_t36 = 0;
					L14:
					return _t36;
				}
				_t62 = _a4;
				if(E013774C0(_a4) != 0) {
					_t36 = 0xc0000103;
				} else {
					_t77 =  *(_t73 + 0x26) & 0x0000ffff;
					while(1) {
						_t38 = E01374620(_t62, _t58, 0, _t77);
						_v28 = _t38;
						if(_t38 == 0) {
							break;
						}
						 *((short*)(_t83 + 0x18)) = 0;
						if(_t77 > 0xffff) {
							 *(_t83 + 0x1a) = 0xffff;
							L25:
							_t78 = 0xc0000095;
							L26:
							L013777F0(_t58, 0, _t38);
							_t36 = _t78;
							goto L14;
						}
						 *(_t83 + 0x1a) = _t77;
						_t79 = E01376E30(_a4, _t77, _t38, 0, 0, _t83 + 0x20);
						if(_t79 == 0) {
							_t78 = 0xc0000033;
							L23:
							_t38 =  *((intOrPtr*)(_t83 + 0x1c));
							goto L26;
						}
						_t41 =  *(_t83 + 0x1a);
						_t62 = (_t41 & 0x0000ffff) - 4;
						if(_t79 > (_t41 & 0x0000ffff) - 4) {
							__eflags =  *((char*)( *[fs:0x30] + 3));
							if(__eflags >= 0) {
								_t41 =  *(_t83 + 0x1a);
								goto L7;
							}
							L013777F0(_t58, 0,  *((intOrPtr*)(_t83 + 0x1c)));
							_t77 = _t79 + 4;
							continue;
						}
						L7:
						_t71 = _t41 & 0x0000ffff;
						if(_t79 > (_t41 & 0x0000ffff)) {
							_t78 = 0xc0000106;
							goto L23;
						}
						_t91 = _t79 - 0xffff;
						if(_t79 > 0xffff) {
							 *((short*)(_t83 + 0x18)) = 0xffff;
							_t38 =  *((intOrPtr*)(_t83 + 0x1c));
							goto L25;
						}
						 *((short*)(_t83 + 0x18)) = _t79;
						_t60 = E0138F0BF(_t83 + 0x1c, _t71, _t91,  &_v24);
						L013777F0(_v32, 0,  *((intOrPtr*)(_t83 + 0x1c)));
						if(_t60 >= 0) {
							E0136EEF0(0x14479a0);
							_t68 = _v28;
							_t80 =  *0x1448210; // 0xe22ce8
							 *((intOrPtr*)(_t73 + 0x2c)) =  *((intOrPtr*)(_t68 + 4));
							 *((intOrPtr*)(_t73 + 0x28)) =  *((intOrPtr*)(_t68 + 0x10));
							 *((short*)(_t73 + 0x24)) =  *((intOrPtr*)(_t68 + 0xc));
							 *0x1448210 = _t68;
							_t51 = E0136EB70(_t68, 0x14479a0);
							if(_t80 != 0) {
								asm("lock xadd [esi], eax");
								if((_t51 | 0xffffffff) == 0) {
									_push( *((intOrPtr*)(_t80 + 4)));
									E013995D0();
									L013777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t80);
								}
							}
						}
						_t36 = _t60;
						goto L14;
					}
					_t36 = 0xc0000017;
				}
			}



























                            0x01355058
                            0x0135505b
                            0x01355066
                            0x0135506a
                            0x0135506d
                            0x01355078
                            0x0135519a
                            0x01355191
                            0x01355197
                            0x01355197
                            0x0135507e
                            0x01355088
                            0x013b0c21
                            0x0135508e
                            0x0135508e
                            0x01355092
                            0x01355096
                            0x0135509b
                            0x013550a1
                            0x00000000
                            0x00000000
                            0x013550ae
                            0x013550b5
                            0x013b0c72
                            0x013b0c77
                            0x013b0c77
                            0x013b0c7c
                            0x013b0c80
                            0x013b0c85
                            0x00000000
                            0x013b0c85
                            0x013550bf
                            0x013550d4
                            0x013550d8
                            0x013b0c67
                            0x013b0c6c
                            0x013b0c6c
                            0x00000000
                            0x013b0c6c
                            0x013550de
                            0x013550e6
                            0x013550eb
                            0x013b0c31
                            0x013b0c35
                            0x013b0c4b
                            0x00000000
                            0x013b0c4b
                            0x013b0c3e
                            0x013b0c43
                            0x00000000
                            0x013b0c43
                            0x013550f1
                            0x013550f1
                            0x013550f6
                            0x013b0c55
                            0x00000000
                            0x013b0c55
                            0x01355101
                            0x01355103
                            0x013b0c5c
                            0x013b0c61
                            0x00000000
                            0x013b0c61
                            0x0135510d
                            0x01355120
                            0x01355128
                            0x0135512f
                            0x01355136
                            0x0135513b
                            0x0135513f
                            0x0135514d
                            0x01355153
                            0x0135515a
                            0x0135515e
                            0x01355164
                            0x0135516b
                            0x01355170
                            0x01355174
                            0x01355176
                            0x01355179
                            0x0135518a
                            0x0135518a
                            0x01355174
                            0x0135516b
                            0x0135518f
                            0x00000000
                            0x0135518f
                            0x013b0c8c
                            0x013b0c8c

                            Strings
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID: ,
                            • API String ID: 0-4120420056
                            • Opcode ID: c173ef8773b8da16cb40e023d9aeb7cd28e54df7d5ce4568ab1806181241333b
                            • Instruction ID: f1b19edd1b8ec4a6c5dbde5c7d78f8ad4a5e97c109e57a216a193217e342ac32
                            • Opcode Fuzzy Hash: c173ef8773b8da16cb40e023d9aeb7cd28e54df7d5ce4568ab1806181241333b
                            • Instruction Fuzzy Hash: 7A4124366043029BD724EF28C880B6BBBB8AF54718F104929FD968BB51E734ED02C7D5
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 013D3540 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                            Download Yara Rule
                            C-Code - Quality: 75%
                            			E013D3540(intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v88;
				intOrPtr _v92;
				char _v96;
				char _v352;
				char _v1072;
				intOrPtr _v1140;
				intOrPtr _v1148;
				char _v1152;
				char _v1156;
				char _v1160;
				char _v1164;
				char _v1168;
				char* _v1172;
				short _v1174;
				char _v1176;
				char _v1180;
				char _v1192;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				short _t41;
				short _t42;
				intOrPtr _t80;
				intOrPtr _t81;
				signed int _t82;
				void* _t83;

				_v12 =  *0x144d360 ^ _t82;
				_t41 = 0x14;
				_v1176 = _t41;
				_t42 = 0x16;
				_v1174 = _t42;
				_v1164 = 0x100;
				_v1172 = L"BinaryHash";
				_t81 = E01390BE0(0xfffffffc,  &_v352,  &_v1164, 0, 0, 0,  &_v1192);
				if(_t81 < 0) {
					L11:
					_t75 = _t81;
					E013D3706(0, _t81, _t79, _t80);
					L12:
					if(_a4 != 0xc000047f) {
						E0139FA60( &_v1152, 0, 0x50);
						_v1152 = 0x60c201e;
						_v1148 = 1;
						_v1140 = E013D3540;
						E0139FA60( &_v1072, 0, 0x2cc);
						_push( &_v1072);
						E013ADDD0( &_v1072, _t75, _t79, _t80, _t81);
						E013E0C30(0, _t75, _t80,  &_v1152,  &_v1072, 2);
						_push(_v1152);
						_push(0xffffffff);
						E013997C0();
					}
					return E0139B640(0xc0000135, 0, _v12 ^ _t82, _t79, _t80, _t81);
				}
				_t79 =  &_v352;
				_t81 = E013D3971(0, _a4,  &_v352,  &_v1156);
				if(_t81 < 0) {
					goto L11;
				}
				_t75 = _v1156;
				_t79 =  &_v1160;
				_t81 = E013D3884(_v1156,  &_v1160,  &_v1168);
				if(_t81 >= 0) {
					_t80 = _v1160;
					E0139FA60( &_v96, 0, 0x50);
					_t83 = _t83 + 0xc;
					_push( &_v1180);
					_push(0x50);
					_push( &_v96);
					_push(2);
					_push( &_v1176);
					_push(_v1156);
					_t81 = E01399650();
					if(_t81 >= 0) {
						if(_v92 != 3 || _v88 == 0) {
							_t81 = 0xc000090b;
						}
						if(_t81 >= 0) {
							_t75 = _a4;
							_t79 =  &_v352;
							E013D3787(_a4,  &_v352, _t80);
						}
					}
					L013777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v1168);
				}
				_push(_v1156);
				E013995D0();
				if(_t81 >= 0) {
					goto L12;
				} else {
					goto L11;
				}
			}































                            0x013d3552
                            0x013d355a
                            0x013d355d
                            0x013d3566
                            0x013d3567
                            0x013d357e
                            0x013d358f
                            0x013d35a1
                            0x013d35a5
                            0x013d366b
                            0x013d366b
                            0x013d366d
                            0x013d3672
                            0x013d3679
                            0x013d3685
                            0x013d368d
                            0x013d369d
                            0x013d36a7
                            0x013d36b8
                            0x013d36c6
                            0x013d36c7
                            0x013d36dc
                            0x013d36e1
                            0x013d36e7
                            0x013d36e9
                            0x013d36e9
                            0x013d3703
                            0x013d3703
                            0x013d35b5
                            0x013d35c0
                            0x013d35c4
                            0x00000000
                            0x00000000
                            0x013d35ca
                            0x013d35d7
                            0x013d35e2
                            0x013d35e6
                            0x013d35e8
                            0x013d35f5
                            0x013d35fa
                            0x013d3603
                            0x013d3604
                            0x013d3609
                            0x013d360a
                            0x013d3612
                            0x013d3613
                            0x013d361e
                            0x013d3622
                            0x013d3628
                            0x013d362f
                            0x013d362f
                            0x013d3636
                            0x013d3638
                            0x013d363b
                            0x013d3642
                            0x013d3642
                            0x013d3636
                            0x013d3657
                            0x013d3657
                            0x013d365c
                            0x013d3662
                            0x013d3669
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000

                            Strings
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID: BinaryHash
                            • API String ID: 0-2202222882
                            • Opcode ID: de0fc92bd67bd35017d72e2d80eaa32e5219475bfce2366bb997d57051162490
                            • Instruction ID: 7b03eaac2cdaf1359bd2a61eb81b7427b1b49d315684af6ce16cb00698540928
                            • Opcode Fuzzy Hash: de0fc92bd67bd35017d72e2d80eaa32e5219475bfce2366bb997d57051162490
                            • Instruction Fuzzy Hash: 0D4146F2D0052D9BDF21DA54DC84FEEB77CAB54718F0045A5EA09A7240DB309E88CF95
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 014205AC Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                            Download Yara Rule
                            C-Code - Quality: 71%
                            			E014205AC(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v28;
				char _v32;
				signed int _v36;
				intOrPtr _v40;
				void* __ebx;
				void* _t35;
				signed int _t42;
				char* _t48;
				signed int _t59;
				signed char _t61;
				signed int* _t79;
				void* _t88;

				_v28 = __edx;
				_t79 = __ecx;
				if(E014207DF(__ecx, __edx,  &_a4,  &_a8, 0) == 0) {
					L13:
					_t35 = 0;
					L14:
					return _t35;
				}
				_t61 = __ecx[1];
				_t59 = __ecx[0xf];
				_v32 = (_a4 << 0xc) + (__edx - ( *__ecx & __edx) >> 4 << _t61) + ( *__ecx & __edx);
				_v36 = _a8 << 0xc;
				_t42 =  *(_t59 + 0xc) & 0x40000000;
				asm("sbb esi, esi");
				_t88 = ( ~_t42 & 0x0000003c) + 4;
				if(_t42 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t59);
					_push(0xffffffff);
					if(E01399730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t59) {
						_push(_t61);
						E0141A80D(_t59, 1, _v20, 0);
						_t88 = 4;
					}
				}
				_t35 = E0141A854( &_v32,  &_v36, 0, 0x1000, _t88, 0,  *((intOrPtr*)(_t79 + 0x34)),  *((intOrPtr*)(_t79 + 0x38)));
				if(_t35 < 0) {
					goto L14;
				}
				E01421293(_t79, _v40, E014207DF(_t79, _v28,  &_a4,  &_a8, 1));
				if(E01377D50() == 0) {
					_t48 = 0x7ffe0380;
				} else {
					_t48 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				if( *_t48 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
					E0141138A(_t59,  *((intOrPtr*)(_t79 + 0x3c)), _v32, _v36, 0xa);
				}
				goto L13;
			}

















                            0x014205c5
                            0x014205ca
                            0x014205d3
                            0x014206db
                            0x014206db
                            0x014206dd
                            0x014206e3
                            0x014206e3
                            0x014205dd
                            0x014205e7
                            0x014205f6
                            0x01420600
                            0x01420607
                            0x01420610
                            0x01420615
                            0x0142061a
                            0x0142061c
                            0x0142061e
                            0x01420624
                            0x01420625
                            0x01420627
                            0x01420628
                            0x01420631
                            0x01420640
                            0x0142064d
                            0x01420654
                            0x01420654
                            0x01420631
                            0x0142066d
                            0x01420674
                            0x00000000
                            0x00000000
                            0x01420692
                            0x0142069e
                            0x014206b0
                            0x014206a0
                            0x014206a9
                            0x014206a9
                            0x014206b8
                            0x014206d6
                            0x014206d6
                            0x00000000

                            Strings
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID: `
                            • API String ID: 0-2679148245
                            • Opcode ID: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                            • Instruction ID: adc4c2b990cd404fede9cf03cde09606a1eb9b2f7ebc87e980fdee9e4b22cc4e
                            • Opcode Fuzzy Hash: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                            • Instruction Fuzzy Hash: 3E3104323003566BE720DE29CD45F9B7BD9EBC4754F14422AFA58EB2A0D770E944C7A1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 013614A9 Relevance: 1.4, Strings: 1, Instructions: 112COMMON
                            Download Yara Rule
                            C-Code - Quality: 100%
                            			E013614A9(void* __ecx, void* __edx, signed int* _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int* _t62;
				intOrPtr _t64;
				intOrPtr _t66;
				signed int _t72;
				void* _t75;
				intOrPtr _t76;
				void* _t77;
				signed int _t79;

				_v12 = _v12 & 0x00000000;
				_t77 = __edx;
				_t75 = __ecx;
				if(__edx == 0 || __ecx == 0) {
					L24:
					return 0xc000000d;
				} else {
					_t62 = _a4;
					if(_t62 == 0) {
						goto L24;
					}
					_v16 =  *_t62;
					_t64 = E01374620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0xaa);
					_v20 = _t64;
					if(_t64 == 0) {
						return 0xc0000017;
					}
					_t45 =  *(_t77 + 6) & 0x0000ffff;
					if(( *(_t77 + 6) & 0x0000ffff) <= 0) {
						_v24 = _t64;
						_v28 = 0xaa0000;
						if(L01363B30( *(_t77 + 4) & 0x0000ffff,  &_v28) != 0) {
							L6:
							_t76 = _a8;
							_t66 = _a12;
							if( *_t62 <= 0 ||  *_t62 > _t66) {
								L8:
								_t72 = _v16;
								_t20 = _t72 + 1; // 0x1
								_t79 = _t20 + ((_v28 & 0x0000ffff) >> 1);
								if(_t76 != 0) {
									if(_t72 >= _t79) {
										goto L9;
									}
									if(_t79 >= _t66) {
										L10:
										if(_t76 != 0) {
											_v12 = 0xc0000023;
										}
										L11:
										 *_t62 = _t79;
										goto L12;
									}
									E0139F3E0(_t76 + _t72 * 2, _v24, _v28 & 0x0000ffff);
									 *((short*)(_t76 + _t79 * 2 - 2)) = 0;
									goto L11;
								}
								L9:
								if(_t79 < _t66) {
									goto L11;
								}
								goto L10;
							} else {
								if(E01362E22(_v24,  *_t62) != 0) {
									L12:
									L013777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v20);
									return _v12;
								}
								_t66 = _a12;
								goto L8;
							}
						}
						_v12 = 0xc00000e5;
						goto L12;
					}
					E0139BB40( *( *((intOrPtr*)( *((intOrPtr*)(_t75 + 0x18)) + 0xc)) + _t45 * 2),  &_v28,  *((intOrPtr*)( *((intOrPtr*)(_t75 + 0x18)) + 0x10)) +  *( *((intOrPtr*)( *((intOrPtr*)(_t75 + 0x18)) + 0xc)) + _t45 * 2) * 2);
					goto L6;
				}
			}
















                            0x013614b1
                            0x013614b7
                            0x013614ba
                            0x013614be
                            0x013b6968
                            0x00000000
                            0x013614cc
                            0x013614cc
                            0x013614d1
                            0x00000000
                            0x00000000
                            0x013614d9
                            0x013614f2
                            0x013614f4
                            0x013614f9
                            0x00000000
                            0x013b6946
                            0x013614ff
                            0x01361506
                            0x0136157c
                            0x01361584
                            0x01361592
                            0x01361525
                            0x01361528
                            0x0136152b
                            0x0136152e
                            0x01361538
                            0x01361538
                            0x01361541
                            0x01361544
                            0x01361548
                            0x0136159b
                            0x00000000
                            0x00000000
                            0x0136159f
                            0x0136154e
                            0x01361550
                            0x013b695c
                            0x013b695c
                            0x01361556
                            0x01361556
                            0x00000000
                            0x01361556
                            0x013615ad
                            0x013615b7
                            0x00000000
                            0x013615b7
                            0x0136154a
                            0x0136154c
                            0x00000000
                            0x00000000
                            0x00000000
                            0x013615be
                            0x013615cc
                            0x01361558
                            0x01361567
                            0x00000000
                            0x0136156c
                            0x013615ce
                            0x00000000
                            0x013615ce
                            0x0136152e
                            0x013b6950
                            0x00000000
                            0x013b6950
                            0x01361520
                            0x00000000
                            0x01361520

                            Strings
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID: #
                            • API String ID: 0-1885708031
                            • Opcode ID: 7214fd34cf6f3db3f10b96e9e4271c303fd579c4ef9ef36f97b02541178c6b54
                            • Instruction ID: e74f6d81666065283fffee7672004291ae609853d8850c0d0b27879ae1342070
                            • Opcode Fuzzy Hash: 7214fd34cf6f3db3f10b96e9e4271c303fd579c4ef9ef36f97b02541178c6b54
                            • Instruction Fuzzy Hash: 2B41CF71A0021ADBCF21DF48C890BBEF7B9EF84709F04815AEA56A7609D734D941C791
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 01384020 Relevance: 1.4, Strings: 1, Instructions: 110COMMON
                            Download Yara Rule
                            C-Code - Quality: 86%
                            			E01384020(intOrPtr* _a4) {
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				intOrPtr* _t43;
				char _t70;
				intOrPtr _t77;
				intOrPtr* _t79;

				_t79 = _a4;
				_t70 = 0;
				_t77 =  *[fs:0x30];
				_v32 = 0;
				_v28 = 0;
				_v12 = 0;
				 *((intOrPtr*)(_t79 + 4)) =  *((intOrPtr*)(_t77 + 0xa4));
				 *((intOrPtr*)(_t79 + 8)) =  *((intOrPtr*)(_t77 + 0xa8));
				 *(_t79 + 0xc) =  *(_t77 + 0xac) & 0x0000ffff;
				 *((intOrPtr*)(_t79 + 0x10)) =  *((intOrPtr*)(_t77 + 0xb0));
				_t43 =  *((intOrPtr*)(_t77 + 0x1f4));
				if(_t43 == 0 ||  *_t43 == 0) {
					 *((short*)(_t79 + 0x14)) = 0;
				} else {
					if(E01364921(_t79 + 0x14, 0x100, _t43) < 0) {
						 *((short*)(_t79 + 0x14)) = 0;
					}
					_t70 = 0;
				}
				if( *_t79 != 0x11c) {
					if( *_t79 != 0x124) {
						goto L10;
					}
					goto L4;
				} else {
					L4:
					 *((short*)(_t79 + 0x114)) =  *(_t77 + 0xaf) & 0x000000ff;
					 *(_t79 + 0x116) =  *(_t77 + 0xae) & 0x000000ff;
					 *(_t79 + 0x118) = E01384190();
					if( *_t79 == 0x124) {
						 *(_t79 + 0x11c) = E01384190() & 0x0001ffff;
					}
					 *((char*)(_t79 + 0x11a)) = _t70;
					if(E01384710( &_v16) != 0) {
						 *((char*)(_t79 + 0x11a)) = _v16;
					}
					E0139BB40(0xff,  &_v32, L"TerminalServices-RemoteConnectionManager-AllowAppServerMode");
					_push( &_v24);
					_push(4);
					_push( &_v12);
					_push( &_v20);
					_push( &_v32);
					if(E0139A9B0() < 0) {
						L10:
						return 0;
					} else {
						if(_v12 == 1) {
							if(_v20 != 4 || _v24 != 4) {
								goto L9;
							} else {
								goto L10;
							}
						}
						L9:
						 *(_t79 + 0x118) =  *(_t79 + 0x118) & 0x0000ffef | 0x00000100;
						if( *_t79 == 0x124) {
							 *(_t79 + 0x11c) =  *(_t79 + 0x11c) & 0xfffdffef | 0x00000100;
						}
						goto L10;
					}
				}
			}













                            0x0138402a
                            0x0138402d
                            0x01384030
                            0x0138403c
                            0x0138403f
                            0x01384042
                            0x0138404b
                            0x01384054
                            0x0138405e
                            0x01384067
                            0x0138406a
                            0x01384072
                            0x0138407f
                            0x013c63db
                            0x013c63e8
                            0x013c63ec
                            0x013c63ec
                            0x013c63f0
                            0x013c63f0
                            0x01384089
                            0x0138414e
                            0x00000000
                            0x00000000
                            0x00000000
                            0x0138408f
                            0x0138408f
                            0x0138409b
                            0x013840ac
                            0x013840bd
                            0x013840c6
                            0x0138415f
                            0x0138415f
                            0x013840cf
                            0x013840dd
                            0x013840e2
                            0x013840e2
                            0x013840f1
                            0x013840f9
                            0x013840fa
                            0x013840ff
                            0x01384103
                            0x01384107
                            0x0138410f
                            0x0138413f
                            0x01384145
                            0x01384111
                            0x01384115
                            0x013c63fb
                            0x00000000
                            0x013c640b
                            0x00000000
                            0x013c640b
                            0x013c63fb
                            0x0138411b
                            0x01384132
                            0x0138413b
                            0x01384177
                            0x01384177
                            0x00000000
                            0x0138413b
                            0x0138410f

                            Strings
                            • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 013840E8
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode
                            • API String ID: 0-996340685
                            • Opcode ID: d4c88770b3685c8a00eb1b7695f341223cf624c542e80280c2e956125f420eb3
                            • Instruction ID: 013e79d3b1ee6c3ad5762a44cefd3c903f6d6857a93bfbb69b4497e7e0f500a3
                            • Opcode Fuzzy Hash: d4c88770b3685c8a00eb1b7695f341223cf624c542e80280c2e956125f420eb3
                            • Instruction Fuzzy Hash: 6F416175A0074B9AD725EFA8C4417E7F7F8EF59708F00492ED6AAC3A40E334A545CB91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0138D294 Relevance: 1.3, Strings: 1, Instructions: 93COMMON
                            Download Yara Rule
                            C-Code - Quality: 33%
                            			E0138D294(void* __ecx, char __edx, void* __eflags) {
				signed int _v8;
				char _v52;
				signed int _v56;
				signed int _v60;
				intOrPtr _v64;
				char* _v68;
				intOrPtr _v72;
				char _v76;
				signed int _v84;
				intOrPtr _v88;
				char _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				char _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				char _t38;
				signed int _t40;
				signed int _t44;
				signed int _t52;
				void* _t53;
				void* _t55;
				void* _t61;
				intOrPtr _t62;
				void* _t64;
				signed int _t65;
				signed int _t66;

				_t68 = (_t66 & 0xfffffff8) - 0x6c;
				_v8 =  *0x144d360 ^ (_t66 & 0xfffffff8) - 0x0000006c;
				_v105 = __edx;
				_push( &_v92);
				_t52 = 0;
				_push(0);
				_push(0);
				_push( &_v104);
				_push(0);
				_t59 = __ecx;
				_t55 = 2;
				if(E01374120(_t55, __ecx) < 0) {
					_t35 = 0;
					L8:
					_pop(_t61);
					_pop(_t64);
					_pop(_t53);
					return E0139B640(_t35, _t53, _v8 ^ _t68, _t59, _t61, _t64);
				}
				_v96 = _v100;
				_t38 = _v92;
				if(_t38 != 0) {
					_v104 = _t38;
					_v100 = _v88;
					_t40 = _v84;
				} else {
					_t40 = 0;
				}
				_v72 = _t40;
				_v68 =  &_v104;
				_push( &_v52);
				_v76 = 0x18;
				_push( &_v76);
				_v64 = 0x40;
				_v60 = _t52;
				_v56 = _t52;
				_t44 = E013998D0();
				_t62 = _v88;
				_t65 = _t44;
				if(_t62 != 0) {
					asm("lock xadd [edi], eax");
					if((_t44 | 0xffffffff) != 0) {
						goto L4;
					}
					_push( *((intOrPtr*)(_t62 + 4)));
					E013995D0();
					L013777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _t62);
					goto L4;
				} else {
					L4:
					L013777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _v96);
					if(_t65 >= 0) {
						_t52 = 1;
					} else {
						if(_t65 == 0xc0000043 || _t65 == 0xc0000022) {
							_t52 = _t52 & 0xffffff00 | _v105 != _t52;
						}
					}
					_t35 = _t52;
					goto L8;
				}
			}

































                            0x0138d29c
                            0x0138d2a6
                            0x0138d2b1
                            0x0138d2b5
                            0x0138d2b6
                            0x0138d2bc
                            0x0138d2bd
                            0x0138d2be
                            0x0138d2bf
                            0x0138d2c2
                            0x0138d2c4
                            0x0138d2cc
                            0x0138d384
                            0x0138d34b
                            0x0138d34f
                            0x0138d350
                            0x0138d351
                            0x0138d35c
                            0x0138d35c
                            0x0138d2d6
                            0x0138d2da
                            0x0138d2e1
                            0x0138d361
                            0x0138d369
                            0x0138d36d
                            0x0138d2e3
                            0x0138d2e3
                            0x0138d2e3
                            0x0138d2e5
                            0x0138d2ed
                            0x0138d2f5
                            0x0138d2fa
                            0x0138d302
                            0x0138d303
                            0x0138d30b
                            0x0138d30f
                            0x0138d313
                            0x0138d318
                            0x0138d31c
                            0x0138d320
                            0x0138d379
                            0x0138d37d
                            0x00000000
                            0x00000000
                            0x013caffe
                            0x013cb001
                            0x013cb011
                            0x00000000
                            0x0138d322
                            0x0138d322
                            0x0138d330
                            0x0138d337
                            0x0138d35d
                            0x0138d339
                            0x0138d33f
                            0x0138d38c
                            0x0138d38c
                            0x0138d33f
                            0x0138d349
                            0x00000000
                            0x0138d349

                            Strings
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID: @
                            • API String ID: 0-2766056989
                            • Opcode ID: 5cb58cad4c2550ee6176ea94662f7b2f120ee76b344072b3fe8290056ae3a866
                            • Instruction ID: ae0e9d181902b349993fea902c3deb6eaeeb902ee6d985e4d65f603319ef380c
                            • Opcode Fuzzy Hash: 5cb58cad4c2550ee6176ea94662f7b2f120ee76b344072b3fe8290056ae3a866
                            • Instruction Fuzzy Hash: 2431B4B2548305DFC721EF6CC980A6BFBE8FB95658F00092EF99493690D674DD05CB92
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0137F716 Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                            Download Yara Rule
                            C-Code - Quality: 100%
                            			E0137F716(signed int __ecx, void* __edx, intOrPtr _a4, intOrPtr* _a8) {
				intOrPtr _t13;
				intOrPtr _t14;
				signed int _t16;
				signed char _t17;
				intOrPtr _t19;
				intOrPtr _t21;
				intOrPtr _t23;
				intOrPtr* _t25;

				_t25 = _a8;
				_t17 = __ecx;
				if(_t25 == 0) {
					_t19 = 0xc00000f2;
					L8:
					return _t19;
				}
				if((__ecx & 0xfffffffe) != 0) {
					_t19 = 0xc00000ef;
					goto L8;
				}
				_t19 = 0;
				 *_t25 = 0;
				_t21 = 0;
				_t23 = "Actx ";
				if(__edx != 0) {
					if(__edx == 0xfffffffc) {
						L21:
						_t21 = 0x200;
						L5:
						_t13 =  *((intOrPtr*)( *[fs:0x30] + _t21));
						 *_t25 = _t13;
						L6:
						if(_t13 == 0) {
							if((_t17 & 0x00000001) != 0) {
								 *_t25 = _t23;
							}
						}
						L7:
						goto L8;
					}
					if(__edx == 0xfffffffd) {
						 *_t25 = _t23;
						_t13 = _t23;
						goto L6;
					}
					_t13 =  *((intOrPtr*)(__edx + 0x10));
					 *_t25 = _t13;
					L14:
					if(_t21 == 0) {
						goto L6;
					}
					goto L5;
				}
				_t14 = _a4;
				if(_t14 != 0) {
					_t16 =  *(_t14 + 0x14) & 0x00000007;
					if(_t16 <= 1) {
						_t21 = 0x1f8;
						_t13 = 0;
						goto L14;
					}
					if(_t16 == 2) {
						goto L21;
					}
					if(_t16 != 4) {
						_t19 = 0xc00000f0;
						goto L7;
					}
					_t13 = 0;
					goto L6;
				} else {
					_t21 = 0x1f8;
					goto L5;
				}
			}











                            0x0137f71d
                            0x0137f722
                            0x0137f726
                            0x013c4770
                            0x0137f765
                            0x0137f769
                            0x0137f769
                            0x0137f732
                            0x013c477a
                            0x00000000
                            0x013c477a
                            0x0137f738
                            0x0137f73a
                            0x0137f73c
                            0x0137f73f
                            0x0137f746
                            0x0137f778
                            0x0137f7a9
                            0x0137f7a9
                            0x0137f754
                            0x0137f75a
                            0x0137f75d
                            0x0137f75f
                            0x0137f761
                            0x0137f76f
                            0x0137f771
                            0x0137f771
                            0x0137f76f
                            0x0137f763
                            0x00000000
                            0x0137f763
                            0x0137f77d
                            0x0137f7a3
                            0x0137f7a5
                            0x00000000
                            0x0137f7a5
                            0x0137f77f
                            0x0137f782
                            0x0137f784
                            0x0137f786
                            0x00000000
                            0x00000000
                            0x00000000
                            0x0137f788
                            0x0137f748
                            0x0137f74d
                            0x0137f78d
                            0x0137f793
                            0x0137f7b7
                            0x0137f7bc
                            0x00000000
                            0x0137f7bc
                            0x0137f798
                            0x00000000
                            0x00000000
                            0x0137f79d
                            0x0137f7b0
                            0x00000000
                            0x0137f7b0
                            0x0137f79f
                            0x00000000
                            0x0137f74f
                            0x0137f74f
                            0x00000000
                            0x0137f74f

                            Strings
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID: Actx
                            • API String ID: 0-89312691
                            • Opcode ID: 48d7c882fc2825651c610d3a16e1d0046f8cc5da5d94b8b5adea7b3b7188cc3f
                            • Instruction ID: 507a206ae0b8a66b3cb433d9323e5010f896b0799ab74c99fbbdbbbb46600ecf
                            • Opcode Fuzzy Hash: 48d7c882fc2825651c610d3a16e1d0046f8cc5da5d94b8b5adea7b3b7188cc3f
                            • Instruction Fuzzy Hash: 3C11E2343086868BEB354E1C8991736F69DBB856ECF24452EE471CB791DB7CC8408740
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 014160F5 Relevance: .6, Instructions: 558COMMONCrypto
                            Download Yara Rule
                            C-Code - Quality: 84%
                            			E014160F5(intOrPtr __ecx) {
				char _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				signed int* _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed char _v40;
				intOrPtr _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int** _v60;
				intOrPtr _v64;
				intOrPtr _v72;
				void* __ebx;
				signed int _t200;
				char* _t203;
				unsigned int _t214;
				signed short _t224;
				char* _t228;
				signed int* _t233;
				signed int _t241;
				signed int _t253;
				signed int* _t256;
				signed int* _t257;
				signed int _t262;
				signed int _t263;
				signed int _t266;
				signed short _t271;
				void* _t275;
				signed int _t279;
				signed int*** _t287;
				signed int _t294;
				signed char _t307;
				intOrPtr _t309;
				intOrPtr* _t310;
				unsigned int _t312;
				signed int _t313;
				signed char* _t315;
				signed int _t321;
				signed int _t322;
				signed int* _t326;
				void* _t327;
				signed int _t328;
				signed char _t331;
				signed int _t332;
				signed int _t340;
				intOrPtr _t349;
				unsigned int _t354;
				signed int _t356;
				signed int* _t367;
				signed int** _t370;
				signed int _t387;
				intOrPtr _t392;
				unsigned int _t398;
				signed int _t403;
				signed int _t410;
				void* _t411;
				signed char _t413;
				signed int _t414;
				signed int** _t415;
				intOrPtr _t417;
				intOrPtr _t420;
				signed int _t423;
				signed int _t425;
				signed int** _t426;
				signed int** _t427;
				intOrPtr* _t430;
				signed int _t433;
				intOrPtr* _t434;
				signed int** _t436;
				signed int**** _t441;
				signed int _t445;
				intOrPtr* _t447;
				signed int _t448;
				signed int _t451;
				signed int _t452;
				signed int* _t453;
				void* _t454;
				signed int _t457;
				signed int* _t458;
				void* _t459;
				signed int _t460;

				_t433 = 0;
				_t309 = __ecx;
				_t403 = 0;
				_v64 = __ecx;
				_v32 = 0;
				_v36 = 0;
				_t331 = 1;
				do {
					if((_t331 &  *(_t309 + 0x1bf + _t403 * 4)) != 0) {
						if(( *(_t309 + 0x1b8) & _t331) != 0) {
							goto L2;
						}
						_t307 =  *0x1446240; // 0x4
						_v40 = _t307;
						if(_t307 == 0) {
							goto L37;
						}
						L5:
						_t332 = _t433;
						_v56 = _t433;
						do {
							if(_t332 != 0) {
								_t445 = _t332 * 0x68;
								_t332 = _v56;
								_t447 = _t445 + 0xffffff98 +  *((intOrPtr*)(_t309 + 0x5c4 + _t403 * 4));
							} else {
								_t447 =  *((intOrPtr*)(_t309 + 0x3c0 + _t403 * 4));
							}
							if(_t447 != 0 &&  *((intOrPtr*)(_t447 + 0x54)) == 1) {
								_t214 = E01415A4F(_t447, _t332);
								_t312 = _t214;
								if(_t312 == 0) {
									L34:
									_t403 = _v36;
									_t332 = _v56;
									_t309 = _v64;
									goto L35;
								}
								 *( *_t447 + 0x14) = _t433;
								_t349 = _v64;
								_t408 =  *(_t349 + 0xc);
								_t354 = _t312 >> 0x00000003 ^  *0x144874c ^  *(_t349 + 0xc) ^  *_t312;
								if(_t354 != 0) {
									L17:
									_push(_t354);
									_push(_t433);
									E0141A80D(_t408, 3, _t312, _t433);
									goto L34;
								}
								_t354 = _t354 >> 0xd;
								_t436 =  *(_t214 - _t354);
								_v60 = _t436;
								if(_t436 == 0) {
									L16:
									_t433 = 0;
									goto L17;
								}
								_t356 = _t436[1];
								_v44 = 0;
								_t410 =  *(_t312 + 4) >> 0x00000008 & 0x0000ffff;
								_v52 = _t356;
								_v48 = _t410;
								_t451 =  *( *( *_t436) + 0xc);
								_t224 =  *(_t356 + 0x10) ^ _t451 ^  *0x144874c ^ _t356;
								_t354 = (_t224 >> 0x10) * _t410 + _v52;
								if((_t224 & 0x0000ffff) + _t354 == _t312) {
									if(E01377D50() == 0) {
										_t228 = 0x7ffe0380;
									} else {
										_t228 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
									}
									if( *_t228 != 0 && ( *( *[fs:0x30] + 0x240) & 1) != 0) {
										_t41 = _t312 + 8; // 0x8
										E01411608( *(_t451 + 0xc), _t41, 2);
									}
									asm("sbb eax, eax");
									_v20 = 0;
									_t411 = 0;
									_t43 =  &(_t436[4]); // 0x10
									_t233 = _t43;
									_v24 = _t233;
									while(1) {
										_t452 =  *_t233;
										_v28 = _t452;
										if((_t452 >> 0x00000010 & 0x00008000) != 0) {
											goto L28;
										}
										L27:
										asm("lock cmpxchg [edi], ecx");
										_t436 = _v60;
										if(_t452 == _t452) {
											L30:
											 *((char*)(_t312 + 7)) = 0x80;
											if(_t452 != 0xffffffff) {
												_t313 = _v48;
												asm("btr [eax], ebx");
												if(_t436[3] == 0) {
													L49:
													_t453 =  *_t436;
													_t241 = (_t452 & 0x0000ffff) + _v44 + 0x00000001 | _t313 << 0x00000010;
													if(_t241 != _t436[6]) {
														L86:
														_t315 =  &(_t436[7]);
														_t436[4] = _t241;
														if(( *_t315 & 0x00000002) != 0 || E01378D76(_t453, _t436) == 0) {
															L33:
															_t433 = 0;
															goto L34;
														} else {
															while(1) {
																_t413 =  *_t315;
																if(_t413 == 0 || (_t413 & 0x00000002) != 0) {
																	goto L33;
																}
																asm("lock cmpxchg [ebx], ecx");
																if(_t413 != _t413) {
																	continue;
																}
																_t367 =  *_t436;
																_v28 = _t367;
																_t454 = 0;
																do {
																	_t414 = _t367[((_t367[0x17] & 0x0000ffff) + _t454 & 0x0000000f) + 2];
																	if(_t414 != 0) {
																		if(( *(_t414 + 0x1c) & 0x00000001) != 0) {
																			goto L98;
																		}
																		asm("lock cmpxchg [ebx], ecx");
																		if(_t414 == _t414) {
																			_t321 = 0xfffffffd;
																			_t253 =  *(_t414 + 0x1c);
																			do {
																				asm("lock cmpxchg [esi], ecx");
																			} while ((_t253 & _t321) != 0);
																			_t433 = 0;
																			if(_t253 == 2) {
																				 *_t414 = 0;
																				E01370010( *((intOrPtr*)( *_t414)), _t414 + 0x20);
																			}
																			goto L34;
																		}
																		L97:
																		_t367 = _v28;
																		goto L98;
																	}
																	asm("lock cmpxchg [ebx], ecx");
																	if(0 == 0) {
																		goto L33;
																	}
																	goto L97;
																	L98:
																	_t454 = _t454 + 1;
																} while (_t454 < 0x10);
																_t415 =  &(_t436[8]);
																_t370 =  *((intOrPtr*)( *( *( *_t436) + 0xc) + 0x3c0 + (( *_t436)[0x17] & 0x0000ffff) * 4)) + 0x48;
																L32:
																E01370010(_t370, _t415);
																goto L33;
															}
															goto L33;
														}
													}
													_t322 = _t453[0x16];
													_t417 =  *((intOrPtr*)( *_t453 + 0x10));
													_t377 = _t453[0x15];
													if(_t453[0x15] != 1 || _t417 < _t322) {
														L53:
														_t256 =  *_t436;
														_v48 = _t256;
														_t257 =  &(_t256[1]);
														_t457 =  *_t257;
														 *_t257 = 0;
														if(_t457 == 0) {
															L73:
															_t458 =  *_t436;
															_t323 =  *( *_v48 + 0xc);
															_v24 =  *( *_v48 + 0xc);
															if((_t436[5] & 0x00000003) != 0) {
																_v12 =  &(_t436[1][0x407]) & 0xfffff000;
																_t271 = E01415634(_t436);
																_push( &_v8);
																_t387 = (_t436[6] & 0x0000ffff) * (_t271 & 0x0000ffff) << 3;
																_v16 = _t387;
																_t275 = E01380678(_t323[3], 1);
																_t377 = _t387;
																_push(_t275);
																_push( &_v16);
																_push( &_v12);
																_push(0xffffffff);
																E01399A00();
															}
															_t436[1][3] = 0;
															E013797ED(_t323, _t436[1], _t377);
															_t262 = _t436[6] & 0x0000ffff;
															_v48 = _t262;
															_t137 =  &(_t458[0x14]); // 0x50
															_t263 = _t137;
															_v48 =  ~_t262;
															_v52 = _t263;
															do {
																_t459 =  *_t263;
																_t420 =  *((intOrPtr*)(_t263 + 4));
																_v20 = _t420;
																asm("lock cmpxchg8b [edi]");
																_t263 = _v48;
															} while (_t459 != _t459 || _t420 != _v20);
															_t441 = _v60;
															_t441[1] = 0;
															asm("lock inc dword [eax+0x20]");
															_t441[4] = 0;
															_t460 = 0xfffffffe;
															_t266 = _t441[7];
															do {
																asm("lock cmpxchg [edx], ecx");
															} while ((_t266 & _t460) != 0);
															if(_t266 != 1) {
																goto L33;
															}
															_t415 =  &(_t441[8]);
															_t370 =  *( *_t441);
															 *_t441 = 0;
															goto L32;
														}
														_t95 = _t457 + 0x1c; // 0x1c
														_t326 = _t95;
														_t423 = 0xfffffff9;
														_t279 =  *_t326;
														do {
															asm("lock cmpxchg [ebx], ecx");
														} while ((_t279 & _t423) != 0);
														if(_t279 != 6) {
															_t377 = _v48;
															if(E01378D76(_v48, _t457) == 0) {
																goto L73;
															} else {
																goto L59;
															}
															while(1) {
																L59:
																_t425 =  *_t326;
																if(_t425 == 0 || (_t425 & 0x00000002) != 0) {
																	goto L73;
																}
																_t377 = _t425 | 0x00000002;
																asm("lock cmpxchg [ebx], ecx");
																if(_t425 != _t425) {
																	continue;
																}
																_t392 =  *_t457;
																_v44 = _t392;
																_t327 = 0;
																do {
																	_t287 = _t392 + ((( *(_t392 + 0x5e) & 0x0000ffff) + _t327 & 0x0000000f) + 2) * 4;
																	_t426 =  *_t287;
																	_v28 = _t287;
																	if(_t426 != 0) {
																		if((_t426[7] & 0x00000001) != 0) {
																			goto L69;
																		}
																		asm("lock cmpxchg [edi], ecx");
																		_t436 = _v60;
																		if(_t426 == _t426) {
																			_t328 = 0xfffffffd;
																			_t294 = _t426[7];
																			do {
																				_t377 = _t294 & _t328;
																				asm("lock cmpxchg [esi], ecx");
																			} while ((_t294 & _t328) != 0);
																			if(_t294 != 2) {
																				goto L73;
																			}
																			_t377 =  *( *_t426);
																			 *_t426 = 0;
																			_t427 =  &(_t426[8]);
																			L72:
																			E01370010(_t377, _t427);
																			goto L73;
																		}
																		L68:
																		_t392 = _v44;
																		goto L69;
																	}
																	_t377 = _t457;
																	asm("lock cmpxchg [edx], ecx");
																	if(0 == 0) {
																		goto L73;
																	}
																	goto L68;
																	L69:
																	_t327 = _t327 + 1;
																} while (_t327 < 0x10);
																_t377 =  *((intOrPtr*)( *((intOrPtr*)( *( *_t457) + 0xc)) + 0x3c0 + (( *_t457)[0x17] & 0x0000ffff) * 4)) + 0x48;
																L71:
																_t116 = _t457 + 0x20; // 0x20
																_t427 = _t116;
																goto L72;
															}
															goto L73;
														}
														_t377 =  *( *_t457);
														 *_t457 = 0;
														goto L71;
													} else {
														_t377 =  *_t453;
														if(_t417 - _t322 <  *((intOrPtr*)( *_t453 + 0x14))) {
															goto L86;
														}
														goto L53;
													}
												}
												_t430 = E013E5208( &(_t436[2]));
												if(_t430 == 0) {
													goto L49;
												}
												do {
													_t398 =  *(_t430 - 4);
													_t430 =  *_t430;
													asm("btr [eax], edi");
													_v44 = _v44 + 1;
													_v48 = _t398 >> 0x00000008 & 0x0000ffff;
												} while (_t430 != 0);
												_t452 = _v28;
												_t436 = _v60;
												_t313 = _v48;
												goto L49;
											}
											_t54 = _t312 + 8; // 0x8
											_t415 = _t54;
											_t370 =  &(_t436[2]);
											goto L32;
										}
										L28:
										_t411 = _t411 + 1;
										if(_t411 <= _v20) {
											_t45 =  &(_t436[4]); // 0x10
											_t233 = _t45;
											_t452 =  *_t233;
											_v28 = _t452;
											if((_t452 >> 0x00000010 & 0x00008000) != 0) {
												goto L28;
											}
											goto L27;
										}
										_t452 = _t452 | 0xffffffff;
										_v28 = _t452;
										goto L30;
									}
								}
								_t408 =  *(_t451 + 0xc);
								goto L16;
							}
							L35:
							_t332 = _t332 + 1;
							_v56 = _t332;
						} while (_t332 < _v40);
						_t331 = 1;
						goto L37;
					}
					L2:
					_v40 = _t331;
					goto L5;
					L37:
					_t403 = _t403 + 1;
					_v36 = _t403;
				} while (_t403 < 0x81);
				_t62 = _t309 + 0x38; // 0x38
				_t195 = _t62;
				_v40 = 0xc;
				_v36 = _t62;
				do {
					_t448 = _t433;
					_t434 = E013E5208(_t195);
					if(_t434 == 0) {
						goto L112;
					} else {
						goto L40;
					}
					do {
						L40:
						_t310 = _t434;
						_t434 =  *_t434;
						_t200 = 1 <<  *(_t310 + 8);
						if(1 > 0x78000) {
							_t200 = 0x78000;
						}
						_t340 = ( *(_t310 + 0xa) & 0x0000ffff) + _t200;
						_v32 = _v32 + _t340;
						_v28 = _t340;
						E0137C111( *((intOrPtr*)(_v64 + 0xc)), _t310, _t340);
						_t448 = _t448 + 1;
						if(E01377D50() == 0) {
							_t203 = 0x7ffe0380;
						} else {
							_t203 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
						}
						if( *_t203 == 0 || ( *( *[fs:0x30] + 0x240) & 1) == 0) {
							_t309 = _v64;
						} else {
							E014118CA(_t310,  *((intOrPtr*)(_v64 + 0xc)), _t310, _v28, 0);
							_t309 = _v72;
							E01411951(_t309,  *((intOrPtr*)(_t309 + 0xc)), _t310, _v36, 0);
						}
					} while (_t434 != 0);
					if(_t448 != 0) {
						asm("lock xadd [eax], esi");
					}
					L112:
					_t195 = _v36 + 0x20;
					_t188 =  &_v40;
					 *_t188 = _v40 - 1;
					_v36 = _t195;
					_t433 = 0;
				} while ( *_t188 != 0);
				if(_v32 != 0) {
					_t192 = _t309 + 0x2c; // 0x2c
					_t195 = _t192;
					asm("lock xadd [eax], ecx");
				}
				return _t195;
			}
























































































                            0x01416103
                            0x01416105
                            0x01416107
                            0x01416109
                            0x0141610f
                            0x01416113
                            0x01416117
                            0x01416118
                            0x01416121
                            0x0141612f
                            0x00000000
                            0x00000000
                            0x01416131
                            0x01416136
                            0x0141613c
                            0x00000000
                            0x00000000
                            0x01416142
                            0x01416142
                            0x01416144
                            0x01416148
                            0x0141614a
                            0x01416155
                            0x01416158
                            0x0141615f
                            0x0141614c
                            0x0141614c
                            0x0141614c
                            0x01416168
                            0x0141617e
                            0x01416183
                            0x01416187
                            0x014162cd
                            0x014162cd
                            0x014162d1
                            0x014162d5
                            0x00000000
                            0x014162d5
                            0x0141618f
                            0x01416192
                            0x01416196
                            0x014161a6
                            0x014161ab
                            0x01416204
                            0x01416204
                            0x01416205
                            0x0141620b
                            0x00000000
                            0x0141620b
                            0x014161ad
                            0x014161b2
                            0x014161b4
                            0x014161ba
                            0x01416202
                            0x01416202
                            0x00000000
                            0x01416202
                            0x014161c1
                            0x014161c7
                            0x014161cb
                            0x014161d0
                            0x014161d4
                            0x014161da
                            0x014161e8
                            0x014161f5
                            0x014161fd
                            0x0141621c
                            0x0141622e
                            0x0141621e
                            0x01416227
                            0x01416227
                            0x01416236
                            0x0141624c
                            0x01416251
                            0x01416251
                            0x01416260
                            0x01416265
                            0x0141626b
                            0x0141626d
                            0x0141626d
                            0x01416270
                            0x01416279
                            0x01416279
                            0x01416280
                            0x01416289
                            0x00000000
                            0x00000000
                            0x0141628b
                            0x01416299
                            0x0141629d
                            0x014162a3
                            0x014162b3
                            0x014162b3
                            0x014162ba
                            0x01416377
                            0x0141637e
                            0x01416387
                            0x014163c4
                            0x014163cc
                            0x014163d3
                            0x014163d9
                            0x0141660c
                            0x0141660c
                            0x0141660f
                            0x01416616
                            0x014162cb
                            0x014162cb
                            0x00000000
                            0x0141662d
                            0x0141662d
                            0x0141662d
                            0x01416631
                            0x00000000
                            0x00000000
                            0x01416647
                            0x0141664d
                            0x00000000
                            0x00000000
                            0x0141664f
                            0x01416653
                            0x01416657
                            0x01416659
                            0x01416668
                            0x0141666c
                            0x01416685
                            0x00000000
                            0x00000000
                            0x0141668b
                            0x01416691
                            0x014166bf
                            0x014166c0
                            0x014166c2
                            0x014166c6
                            0x014166c6
                            0x014166cc
                            0x014166d1
                            0x014166db
                            0x014166e0
                            0x014166e0
                            0x00000000
                            0x014166d1
                            0x01416693
                            0x01416693
                            0x00000000
                            0x01416693
                            0x01416672
                            0x01416678
                            0x00000000
                            0x00000000
                            0x00000000
                            0x01416697
                            0x01416697
                            0x01416698
                            0x0141669f
                            0x014166b2
                            0x014162c6
                            0x014162c6
                            0x00000000
                            0x014162c6
                            0x00000000
                            0x0141662d
                            0x01416616
                            0x014163e1
                            0x014163e4
                            0x014163e7
                            0x014163ed
                            0x01416400
                            0x01416400
                            0x01416404
                            0x01416408
                            0x0141640b
                            0x0141640b
                            0x0141640f
                            0x014164e9
                            0x014164f1
                            0x014164f5
                            0x014164f8
                            0x014164fc
                            0x0141650d
                            0x01416511
                            0x01416524
                            0x01416527
                            0x0141652a
                            0x01416535
                            0x0141653a
                            0x0141653b
                            0x01416540
                            0x01416545
                            0x01416546
                            0x01416548
                            0x01416548
                            0x01416555
                            0x0141655b
                            0x01416560
                            0x01416566
                            0x0141656c
                            0x0141656c
                            0x0141656f
                            0x01416573
                            0x01416577
                            0x01416577
                            0x01416579
                            0x0141657e
                            0x0141658c
                            0x01416596
                            0x01416596
                            0x014165a2
                            0x014165ac
                            0x014165af
                            0x014165b5
                            0x014165bb
                            0x014165bc
                            0x014165be
                            0x014165c2
                            0x014165c2
                            0x014165cd
                            0x00000000
                            0x00000000
                            0x014165d5
                            0x014165d8
                            0x014165da
                            0x00000000
                            0x014165da
                            0x01416417
                            0x01416417
                            0x0141641a
                            0x0141641b
                            0x0141641d
                            0x01416421
                            0x01416421
                            0x0141642a
                            0x01416439
                            0x01416446
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x0141644c
                            0x0141644c
                            0x0141644c
                            0x01416450
                            0x00000000
                            0x00000000
                            0x01416463
                            0x01416466
                            0x0141646c
                            0x00000000
                            0x00000000
                            0x0141646e
                            0x01416472
                            0x01416476
                            0x01416478
                            0x01416484
                            0x01416487
                            0x01416489
                            0x0141648f
                            0x014164a8
                            0x00000000
                            0x00000000
                            0x014164b2
                            0x014164b6
                            0x014164bc
                            0x014165e6
                            0x014165e7
                            0x014165e9
                            0x014165eb
                            0x014165ed
                            0x014165ed
                            0x014165f6
                            0x00000000
                            0x00000000
                            0x014165fe
                            0x01416602
                            0x01416604
                            0x014164e4
                            0x014164e4
                            0x00000000
                            0x014164e4
                            0x014164c2
                            0x014164c2
                            0x00000000
                            0x014164c2
                            0x01416495
                            0x01416499
                            0x0141649f
                            0x00000000
                            0x00000000
                            0x00000000
                            0x014164c6
                            0x014164c6
                            0x014164c7
                            0x014164de
                            0x014164e1
                            0x014164e1
                            0x014164e1
                            0x00000000
                            0x014164e1
                            0x00000000
                            0x0141644c
                            0x0141642e
                            0x01416432
                            0x00000000
                            0x014163f3
                            0x014163f3
                            0x014163fa
                            0x00000000
                            0x00000000
                            0x00000000
                            0x014163fa
                            0x014163ed
                            0x01416391
                            0x01416395
                            0x00000000
                            0x00000000
                            0x0141639b
                            0x0141639b
                            0x014163a1
                            0x014163a9
                            0x014163ac
                            0x014163b0
                            0x014163b4
                            0x014163b8
                            0x014163bc
                            0x014163c0
                            0x00000000
                            0x014163c0
                            0x014162c0
                            0x014162c0
                            0x014162c3
                            0x00000000
                            0x014162c3
                            0x014162a5
                            0x014162a5
                            0x014162aa
                            0x01416276
                            0x01416276
                            0x01416279
                            0x01416280
                            0x01416289
                            0x00000000
                            0x00000000
                            0x00000000
                            0x01416289
                            0x014162ac
                            0x014162af
                            0x00000000
                            0x014162af
                            0x01416279
                            0x014161ff
                            0x00000000
                            0x014161ff
                            0x014162d9
                            0x014162d9
                            0x014162da
                            0x014162de
                            0x014162ea
                            0x00000000
                            0x014162ea
                            0x01416123
                            0x01416123
                            0x00000000
                            0x014162eb
                            0x014162eb
                            0x014162ec
                            0x014162f0
                            0x014162fc
                            0x014162fc
                            0x014162ff
                            0x01416307
                            0x0141630b
                            0x0141630d
                            0x01416314
                            0x01416318
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x0141631e
                            0x0141631e
                            0x0141631e
                            0x01416322
                            0x01416328
                            0x01416331
                            0x01416333
                            0x01416333
                            0x0141633b
                            0x0141633d
                            0x01416341
                            0x0141634d
                            0x01416352
                            0x0141635a
                            0x014166ea
                            0x01416360
                            0x01416369
                            0x01416369
                            0x014166f2
                            0x01416731
                            0x01416705
                            0x01416715
                            0x0141671e
                            0x0141672a
                            0x0141672a
                            0x01416735
                            0x0141673f
                            0x0141674a
                            0x0141674a
                            0x0141674e
                            0x01416752
                            0x01416755
                            0x01416755
                            0x0141675c
                            0x01416760
                            0x01416760
                            0x0141676d
                            0x01416771
                            0x01416771
                            0x01416774
                            0x01416774
                            0x0141677e

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 80f7390d7cbbd99eadee258156e4d2d98a349bda6f8ff887bfd77933986e94cb
                            • Instruction ID: f3d550314face422f32b2a72eb16d6acadb8ccf5f06f94204d4aa5ff910f556e
                            • Opcode Fuzzy Hash: 80f7390d7cbbd99eadee258156e4d2d98a349bda6f8ff887bfd77933986e94cb
                            • Instruction Fuzzy Hash: D122B2356043118FD719CF18C490A6BB7E2FF88314F158A6EE996CB3A9D774E846CB81
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 01374120 Relevance: .4, Instructions: 444COMMONCrypto
                            Download Yara Rule
                            C-Code - Quality: 92%
                            			E01374120(signed char __ecx, signed short* __edx, signed short* _a4, signed int _a8, signed short* _a12, signed short* _a16, signed short _a20) {
				signed int _v8;
				void* _v20;
				signed int _v24;
				char _v532;
				char _v540;
				signed short _v544;
				signed int _v548;
				signed short* _v552;
				signed short _v556;
				signed short* _v560;
				signed short* _v564;
				signed short* _v568;
				void* _v570;
				signed short* _v572;
				signed short _v576;
				signed int _v580;
				char _v581;
				void* _v584;
				unsigned int _v588;
				signed short* _v592;
				void* _v597;
				void* _v600;
				void* _v604;
				void* _v609;
				void* _v616;
				void* __ebx;
				void* __edi;
				void* __esi;
				char _t161;
				signed int _t162;
				unsigned int _t163;
				void* _t169;
				signed short _t173;
				signed short _t177;
				signed short _t181;
				unsigned int _t182;
				signed int _t185;
				signed int _t213;
				signed int _t225;
				short _t233;
				signed char _t234;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				signed int _t245;
				signed int _t250;
				void* _t251;
				signed short* _t254;
				void* _t255;
				signed int _t256;
				void* _t257;
				signed short* _t260;
				signed short _t265;
				signed short* _t269;
				signed short _t271;
				signed short** _t272;
				signed short* _t275;
				signed short _t282;
				signed short _t283;
				signed short _t290;
				signed short _t299;
				signed short _t307;
				signed int _t308;
				signed short _t311;
				signed short* _t315;
				signed short _t316;
				void* _t317;
				void* _t319;
				signed short* _t321;
				void* _t322;
				void* _t323;
				unsigned int _t324;
				signed int _t325;
				void* _t326;
				signed int _t327;
				signed int _t329;

				_t329 = (_t327 & 0xfffffff8) - 0x24c;
				_v8 =  *0x144d360 ^ _t329;
				_t157 = _a8;
				_t321 = _a4;
				_t315 = __edx;
				_v548 = __ecx;
				_t305 = _a20;
				_v560 = _a12;
				_t260 = _a16;
				_v564 = __edx;
				_v580 = _a8;
				_v572 = _t260;
				_v544 = _a20;
				if( *__edx <= 8) {
					L3:
					if(_t260 != 0) {
						 *_t260 = 0;
					}
					_t254 =  &_v532;
					_v588 = 0x208;
					if((_v548 & 0x00000001) != 0) {
						_v556 =  *_t315;
						_v552 = _t315[2];
						_t161 = E0138F232( &_v556);
						_t316 = _v556;
						_v540 = _t161;
						goto L17;
					} else {
						_t306 = 0x208;
						_t298 = _t315;
						_t316 = E01376E30(_t315, 0x208, _t254, _t260,  &_v581,  &_v540);
						if(_t316 == 0) {
							L68:
							_t322 = 0xc0000033;
							goto L39;
						} else {
							while(_v581 == 0) {
								_t233 = _v588;
								if(_t316 > _t233) {
									_t234 = _v548;
									if((_t234 & 0x00000004) != 0 || (_t234 & 0x00000008) == 0 &&  *((char*)( *[fs:0x30] + 3)) < 0) {
										_t254 = E01374620(_t298,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t316);
										if(_t254 == 0) {
											_t169 = 0xc0000017;
										} else {
											_t298 = _v564;
											_v588 = _t316;
											_t306 = _t316;
											_t316 = E01376E30(_v564, _t316, _t254, _v572,  &_v581,  &_v540);
											if(_t316 != 0) {
												continue;
											} else {
												goto L68;
											}
										}
									} else {
										goto L90;
									}
								} else {
									_v556 = _t316;
									 *((short*)(_t329 + 0x32)) = _t233;
									_v552 = _t254;
									if(_t316 < 2) {
										L11:
										if(_t316 < 4 ||  *_t254 == 0 || _t254[1] != 0x3a) {
											_t161 = 5;
										} else {
											if(_t316 < 6) {
												L87:
												_t161 = 3;
											} else {
												_t242 = _t254[2] & 0x0000ffff;
												if(_t242 != 0x5c) {
													if(_t242 == 0x2f) {
														goto L16;
													} else {
														goto L87;
													}
													goto L101;
												} else {
													L16:
													_t161 = 2;
												}
											}
										}
									} else {
										_t243 =  *_t254 & 0x0000ffff;
										if(_t243 == 0x5c || _t243 == 0x2f) {
											if(_t316 < 4) {
												L81:
												_t161 = 4;
												goto L17;
											} else {
												_t244 = _t254[1] & 0x0000ffff;
												if(_t244 != 0x5c) {
													if(_t244 == 0x2f) {
														goto L60;
													} else {
														goto L81;
													}
												} else {
													L60:
													if(_t316 < 6) {
														L83:
														_t161 = 1;
														goto L17;
													} else {
														_t245 = _t254[2] & 0x0000ffff;
														if(_t245 != 0x2e) {
															if(_t245 == 0x3f) {
																goto L62;
															} else {
																goto L83;
															}
														} else {
															L62:
															if(_t316 < 8) {
																L85:
																_t161 = ((0 | _t316 != 0x00000006) - 0x00000001 & 0x00000006) + 1;
																goto L17;
															} else {
																_t250 = _t254[3] & 0x0000ffff;
																if(_t250 != 0x5c) {
																	if(_t250 == 0x2f) {
																		goto L64;
																	} else {
																		goto L85;
																	}
																} else {
																	L64:
																	_t161 = 6;
																	goto L17;
																}
															}
														}
													}
												}
											}
											goto L101;
										} else {
											goto L11;
										}
									}
									L17:
									if(_t161 != 2) {
										_t162 = _t161 - 1;
										if(_t162 > 5) {
											goto L18;
										} else {
											switch( *((intOrPtr*)(_t162 * 4 +  &M013745F8))) {
												case 0:
													_v568 = 0x1331078;
													__eax = 2;
													goto L20;
												case 1:
													goto L18;
												case 2:
													_t163 = 4;
													goto L19;
											}
										}
										goto L41;
									} else {
										L18:
										_t163 = 0;
										L19:
										_v568 = 0x13311c4;
									}
									L20:
									_v588 = _t163;
									_v564 = _t163 + _t163;
									_t306 =  *_v568 & 0x0000ffff;
									_t265 = _t306 - _v564 + 2 + (_t316 & 0x0000ffff);
									_v576 = _t265;
									if(_t265 > 0xfffe) {
										L90:
										_t322 = 0xc0000106;
									} else {
										if(_t321 != 0) {
											if(_t265 > (_t321[1] & 0x0000ffff)) {
												if(_v580 != 0) {
													goto L23;
												} else {
													_t322 = 0xc0000106;
													goto L39;
												}
											} else {
												_t177 = _t306;
												goto L25;
											}
											goto L101;
										} else {
											if(_v580 == _t321) {
												_t322 = 0xc000000d;
											} else {
												L23:
												_t173 = E01374620(_t265,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t265);
												_t269 = _v592;
												_t269[2] = _t173;
												if(_t173 == 0) {
													_t322 = 0xc0000017;
												} else {
													_t316 = _v556;
													 *_t269 = 0;
													_t321 = _t269;
													_t269[1] = _v576;
													_t177 =  *_v568 & 0x0000ffff;
													L25:
													_v580 = _t177;
													if(_t177 == 0) {
														L29:
														_t307 =  *_t321 & 0x0000ffff;
													} else {
														_t290 =  *_t321 & 0x0000ffff;
														_v576 = _t290;
														_t310 = _t177 & 0x0000ffff;
														if((_t290 & 0x0000ffff) + (_t177 & 0x0000ffff) > (_t321[1] & 0x0000ffff)) {
															_t307 =  *_t321 & 0xffff;
														} else {
															_v576 = _t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2;
															E0139F720(_t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2, _v568[2], _t310);
															_t329 = _t329 + 0xc;
															_t311 = _v580;
															_t225 =  *_t321 + _t311 & 0x0000ffff;
															 *_t321 = _t225;
															if(_t225 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v576 + ((_t311 & 0x0000ffff) >> 1) * 2)) = 0;
															}
															goto L29;
														}
													}
													_t271 = _v556 - _v588 + _v588;
													_v580 = _t307;
													_v576 = _t271;
													if(_t271 != 0) {
														_t308 = _t271 & 0x0000ffff;
														_v588 = _t308;
														if(_t308 + (_t307 & 0x0000ffff) <= (_t321[1] & 0x0000ffff)) {
															_v580 = _t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2;
															E0139F720(_t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2, _v552 + _v564, _t308);
															_t329 = _t329 + 0xc;
															_t213 =  *_t321 + _v576 & 0x0000ffff;
															 *_t321 = _t213;
															if(_t213 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v580 + (_v588 >> 1) * 2)) = 0;
															}
														}
													}
													_t272 = _v560;
													if(_t272 != 0) {
														 *_t272 = _t321;
													}
													_t306 = 0;
													 *((short*)(_t321[2] + (( *_t321 & 0x0000ffff) >> 1) * 2)) = 0;
													_t275 = _v572;
													if(_t275 != 0) {
														_t306 =  *_t275;
														if(_t306 != 0) {
															 *_t275 = ( *_v568 & 0x0000ffff) - _v564 - _t254 + _t306 + _t321[2];
														}
													}
													_t181 = _v544;
													if(_t181 != 0) {
														 *_t181 = 0;
														 *((intOrPtr*)(_t181 + 4)) = 0;
														 *((intOrPtr*)(_t181 + 8)) = 0;
														 *((intOrPtr*)(_t181 + 0xc)) = 0;
														if(_v540 == 5) {
															_t182 = E013552A5(1);
															_v588 = _t182;
															if(_t182 == 0) {
																E0136EB70(1, 0x14479a0);
																goto L38;
															} else {
																_v560 = _t182 + 0xc;
																_t185 = E0136AA20( &_v556, _t182 + 0xc,  &_v556, 1);
																if(_t185 == 0) {
																	_t324 = _v588;
																	goto L97;
																} else {
																	_t306 = _v544;
																	_t282 = ( *_v560 & 0x0000ffff) - _v564 + ( *_v568 & 0x0000ffff) + _t321[2];
																	 *(_t306 + 4) = _t282;
																	_v576 = _t282;
																	_t325 = _t316 -  *_v560 & 0x0000ffff;
																	 *_t306 = _t325;
																	if( *_t282 == 0x5c) {
																		_t149 = _t325 - 2; // -2
																		_t283 = _t149;
																		 *_t306 = _t283;
																		 *(_t306 + 4) = _v576 + 2;
																		_t185 = _t283 & 0x0000ffff;
																	}
																	_t324 = _v588;
																	 *(_t306 + 2) = _t185;
																	if((_v548 & 0x00000002) == 0) {
																		L97:
																		asm("lock xadd [esi], eax");
																		if((_t185 | 0xffffffff) == 0) {
																			_push( *((intOrPtr*)(_t324 + 4)));
																			E013995D0();
																			L013777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t324);
																		}
																	} else {
																		 *(_t306 + 0xc) = _t324;
																		 *((intOrPtr*)(_t306 + 8)) =  *((intOrPtr*)(_t324 + 4));
																	}
																	goto L38;
																}
															}
															goto L41;
														}
													}
													L38:
													_t322 = 0;
												}
											}
										}
									}
									L39:
									if(_t254 !=  &_v532) {
										L013777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t254);
									}
									_t169 = _t322;
								}
								goto L41;
							}
							goto L68;
						}
					}
					L41:
					_pop(_t317);
					_pop(_t323);
					_pop(_t255);
					return E0139B640(_t169, _t255, _v8 ^ _t329, _t306, _t317, _t323);
				} else {
					_t299 = __edx[2];
					if( *_t299 == 0x5c) {
						_t256 =  *(_t299 + 2) & 0x0000ffff;
						if(_t256 != 0x5c) {
							if(_t256 != 0x3f) {
								goto L2;
							} else {
								goto L50;
							}
						} else {
							L50:
							if( *((short*)(_t299 + 4)) != 0x3f ||  *((short*)(_t299 + 6)) != 0x5c) {
								goto L2;
							} else {
								_t251 = E01393D43(_t315, _t321, _t157, _v560, _v572, _t305);
								_pop(_t319);
								_pop(_t326);
								_pop(_t257);
								return E0139B640(_t251, _t257, _v24 ^ _t329, _t321, _t319, _t326);
							}
						}
					} else {
						L2:
						_t260 = _v572;
						goto L3;
					}
				}
				L101:
			}















































































                            0x01374128
                            0x01374135
                            0x0137413c
                            0x01374141
                            0x01374145
                            0x01374147
                            0x0137414e
                            0x01374151
                            0x01374159
                            0x0137415c
                            0x01374160
                            0x01374164
                            0x01374168
                            0x0137416c
                            0x0137417f
                            0x01374181
                            0x0137446a
                            0x0137446a
                            0x0137418c
                            0x01374195
                            0x01374199
                            0x01374432
                            0x01374439
                            0x0137443d
                            0x01374442
                            0x01374447
                            0x00000000
                            0x0137419f
                            0x013741a3
                            0x013741b1
                            0x013741b9
                            0x013741bd
                            0x013745db
                            0x013745db
                            0x00000000
                            0x013741c3
                            0x013741c3
                            0x013741ce
                            0x013741d4
                            0x013be138
                            0x013be13e
                            0x013be169
                            0x013be16d
                            0x013be19e
                            0x013be16f
                            0x013be16f
                            0x013be175
                            0x013be179
                            0x013be18f
                            0x013be193
                            0x00000000
                            0x013be199
                            0x00000000
                            0x013be199
                            0x013be193
                            0x00000000
                            0x00000000
                            0x00000000
                            0x013741da
                            0x013741da
                            0x013741df
                            0x013741e4
                            0x013741ec
                            0x01374203
                            0x01374207
                            0x013be1fd
                            0x01374222
                            0x01374226
                            0x013be1f3
                            0x013be1f3
                            0x0137422c
                            0x0137422c
                            0x01374233
                            0x013be1ed
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x01374239
                            0x01374239
                            0x01374239
                            0x01374239
                            0x01374233
                            0x01374226
                            0x013741ee
                            0x013741ee
                            0x013741f4
                            0x01374575
                            0x013be1b1
                            0x013be1b1
                            0x00000000
                            0x0137457b
                            0x0137457b
                            0x01374582
                            0x013be1ab
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x01374588
                            0x01374588
                            0x0137458c
                            0x013be1c4
                            0x013be1c4
                            0x00000000
                            0x01374592
                            0x01374592
                            0x01374599
                            0x013be1be
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x0137459f
                            0x0137459f
                            0x013745a3
                            0x013be1d7
                            0x013be1e4
                            0x00000000
                            0x013745a9
                            0x013745a9
                            0x013745b0
                            0x013be1d1
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x013745b6
                            0x013745b6
                            0x013745b6
                            0x00000000
                            0x013745b6
                            0x013745b0
                            0x013745a3
                            0x01374599
                            0x0137458c
                            0x01374582
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x013741f4
                            0x0137423e
                            0x01374241
                            0x013745c0
                            0x013745c4
                            0x00000000
                            0x013745ca
                            0x013745ca
                            0x00000000
                            0x013be207
                            0x013be20f
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x013745d1
                            0x00000000
                            0x00000000
                            0x013745ca
                            0x00000000
                            0x01374247
                            0x01374247
                            0x01374247
                            0x01374249
                            0x01374249
                            0x01374249
                            0x01374251
                            0x01374251
                            0x01374257
                            0x0137425f
                            0x0137426e
                            0x01374270
                            0x0137427a
                            0x013be219
                            0x013be219
                            0x01374280
                            0x01374282
                            0x01374456
                            0x013745ea
                            0x00000000
                            0x013745f0
                            0x013be223
                            0x00000000
                            0x013be223
                            0x0137445c
                            0x0137445c
                            0x00000000
                            0x0137445c
                            0x00000000
                            0x01374288
                            0x0137428c
                            0x013be298
                            0x01374292
                            0x01374292
                            0x0137429e
                            0x013742a3
                            0x013742a7
                            0x013742ac
                            0x013be22d
                            0x013742b2
                            0x013742b2
                            0x013742b9
                            0x013742bc
                            0x013742c2
                            0x013742ca
                            0x013742cd
                            0x013742cd
                            0x013742d4
                            0x0137433f
                            0x0137433f
                            0x013742d6
                            0x013742d6
                            0x013742d9
                            0x013742dd
                            0x013742eb
                            0x013be23a
                            0x013742f1
                            0x01374305
                            0x0137430d
                            0x01374315
                            0x01374318
                            0x0137431f
                            0x01374322
                            0x0137432e
                            0x0137433b
                            0x0137433b
                            0x00000000
                            0x0137432e
                            0x013742eb
                            0x0137434c
                            0x0137434e
                            0x01374352
                            0x01374359
                            0x0137435e
                            0x01374361
                            0x0137436e
                            0x0137438a
                            0x0137438e
                            0x01374396
                            0x0137439e
                            0x013743a1
                            0x013743ad
                            0x013743bb
                            0x013743bb
                            0x013743ad
                            0x0137436e
                            0x013743bf
                            0x013743c5
                            0x01374463
                            0x01374463
                            0x013743ce
                            0x013743d5
                            0x013743d9
                            0x013743df
                            0x01374475
                            0x01374479
                            0x01374491
                            0x01374491
                            0x01374479
                            0x013743e5
                            0x013743eb
                            0x013743f4
                            0x013743f6
                            0x013743f9
                            0x013743fc
                            0x013743ff
                            0x013744e8
                            0x013744ed
                            0x013744f3
                            0x013be247
                            0x00000000
                            0x013744f9
                            0x01374504
                            0x01374508
                            0x0137450f
                            0x013be269
                            0x00000000
                            0x01374515
                            0x01374519
                            0x01374531
                            0x01374534
                            0x01374537
                            0x0137453e
                            0x01374541
                            0x0137454a
                            0x013be255
                            0x013be255
                            0x013be25b
                            0x013be25e
                            0x013be261
                            0x013be261
                            0x01374555
                            0x01374559
                            0x0137455d
                            0x013be26d
                            0x013be270
                            0x013be274
                            0x013be27a
                            0x013be27d
                            0x013be28e
                            0x013be28e
                            0x01374563
                            0x01374563
                            0x01374569
                            0x01374569
                            0x00000000
                            0x0137455d
                            0x0137450f
                            0x00000000
                            0x013744f3
                            0x013743ff
                            0x01374405
                            0x01374405
                            0x01374405
                            0x013742ac
                            0x0137428c
                            0x01374282
                            0x01374407
                            0x0137440d
                            0x013be2af
                            0x013be2af
                            0x01374413
                            0x01374413
                            0x00000000
                            0x013741d4
                            0x00000000
                            0x013741c3
                            0x013741bd
                            0x01374415
                            0x01374415
                            0x01374416
                            0x01374417
                            0x01374429
                            0x0137416e
                            0x0137416e
                            0x01374175
                            0x01374498
                            0x0137449f
                            0x013be12d
                            0x00000000
                            0x013be133
                            0x00000000
                            0x013be133
                            0x013744a5
                            0x013744a5
                            0x013744aa
                            0x00000000
                            0x013744bb
                            0x013744ca
                            0x013744d6
                            0x013744d7
                            0x013744d8
                            0x013744e3
                            0x013744e3
                            0x013744aa
                            0x0137417b
                            0x0137417b
                            0x0137417b
                            0x00000000
                            0x0137417b
                            0x01374175
                            0x00000000

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: ca55a8b8dca380661078d691ba40094a0ac77c01487b48b4d7c124537ff52f4c
                            • Instruction ID: fbc70db135c1418daed1ad097eed2ad6b88ffb1141c0706cddfe154f27dbf62b
                            • Opcode Fuzzy Hash: ca55a8b8dca380661078d691ba40094a0ac77c01487b48b4d7c124537ff52f4c
                            • Instruction Fuzzy Hash: E7F17D706082118FD724DF1DC480ABAB7E5FF88718F15492EF986CB650E738E891CB52
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 013634B1 Relevance: .4, Instructions: 424COMMON
                            Download Yara Rule
                            C-Code - Quality: 96%
                            			E013634B1(signed int __eax, signed int __ecx, intOrPtr __edx, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12, unsigned int _a16, unsigned int _a20, intOrPtr _a24, char _a28) {
				char _v9;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				char* _v32;
				unsigned int _v36;
				unsigned int _v40;
				signed char _v44;
				unsigned int _v48;
				signed int _v52;
				signed int _v56;
				unsigned int _v60;
				char _v64;
				unsigned int _v68;
				unsigned int _v72;
				intOrPtr _v76;
				char _v80;
				unsigned int _v84;
				char _v88;
				signed int _t159;
				void* _t160;
				intOrPtr _t161;
				intOrPtr _t163;
				unsigned int _t164;
				intOrPtr _t166;
				signed int _t168;
				unsigned int _t204;
				intOrPtr _t214;
				intOrPtr _t216;
				signed char _t217;
				signed int _t241;
				signed char _t242;
				signed short _t243;
				intOrPtr _t244;
				intOrPtr _t245;
				unsigned int _t247;
				intOrPtr _t249;
				intOrPtr* _t250;
				intOrPtr _t251;
				signed int _t253;
				signed int _t256;
				intOrPtr _t259;
				signed int _t261;
				signed int _t263;
				intOrPtr _t264;
				signed int _t266;
				intOrPtr _t268;
				void* _t272;
				signed int _t273;
				intOrPtr _t285;
				signed int _t293;
				signed int _t294;
				intOrPtr _t300;
				void* _t302;
				signed int _t304;
				signed int _t305;
				intOrPtr _t306;

				_v44 = __ecx;
				_t159 = __eax | 0xffffffff;
				_v88 = 0;
				_t300 = __edx;
				_v84 = 0;
				_t272 = _a4;
				_v68 = 0;
				_v60 = 0;
				_v16 = _t159;
				_v24 = _t159;
				_v20 = _t159;
				_v64 = 0;
				_v9 = 0;
				_v40 = 0;
				_v48 = 0;
				if(_t272 == 0) {
					L99:
					_t160 = 0xc000000d;
					L55:
					return _t160;
				}
				_t161 =  *_t272;
				if(_t161 == 0 || __edx == 0 ||  *((intOrPtr*)(_t161 + 4)) > 0) {
					goto L99;
				} else {
					_t247 = 0;
					_t241 = __ecx & 0x00010000;
					if( *((intOrPtr*)( *[fs:0x18] + 0xfbc)) == 0) {
						_t163 = 0;
					} else {
						_t163 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0xfbc))));
					}
					if(_t163 == 0) {
						_t164 = _t247;
					} else {
						_t164 =  *(_t163 + 0x20);
					}
					_v72 = _t164;
					_v32 = _t272;
					if(_t241 != 0 || (_t164 & 0x00000006) == 0) {
						L12:
						_v36 = _t247;
						_t166 = E01374620(_t247,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x154);
						_v40 = _t166;
						if(_t166 == 0) {
							_t160 = 0xc0000017;
							goto L55;
						}
						if(_t241 != 0) {
							L15:
							_t273 = 0;
							if(_a12 != 0) {
								if(_t241 != 0) {
									goto L16;
								}
								_t245 = _a12;
								_t263 = 0;
								_v56 = 0;
								if(0 >=  *(_t245 + 4)) {
									goto L16;
								}
								_t305 = 0;
								_v52 = 0;
								do {
									_t290 =  *((intOrPtr*)(_t245 + 0x10)) + _t305;
									if(0 ==  *((intOrPtr*)( *((intOrPtr*)(_t245 + 0x10)) + _t305))) {
										goto L82;
									}
									_t264 =  *((intOrPtr*)(_t245 + 0xc));
									_v76 = _v40;
									_v80 = 0xaa0000;
									if(_t264 == 0) {
										_t264 = _t300;
									}
									if(E01363133(_t264, _t290,  &_v80) < 0) {
										L81:
										_t263 = _v56;
										goto L82;
									}
									_push(_t264);
									_t302 = E013640BE(_v32, _t300, 0,  &_v16, _v76);
									if(_t302 < 0) {
										goto L50;
									}
									_t305 = _v52;
									goto L81;
									L82:
									_t263 = _t263 + 1;
									_t305 = _t305 + 6;
									_v56 = _t263;
									_v52 = _t305;
								} while (_t263 < ( *(_t245 + 4) & 0x0000ffff));
								_t273 = 0;
							}
							L16:
							_t242 = _v44;
							_t168 = _t242 & 0x00000020;
							_v52 = _t168;
							if(_t168 == 0) {
								L36:
								_v88 = 0xaa0000;
								_v84 = _v40 + 0xaa;
								_t302 = E013649B0( &_v28, _t300);
								if(_t302 < 0) {
									goto L50;
								}
								_t303 = _v28;
								if(L01363B30(_v28 & 0x0000ffff,  &_v88) == 0) {
									_t302 = 0xc0000001;
									goto L50;
								}
								_t249 = _t300;
								_t302 = L01363BF4(_t249, _t303, 1,  &_v20);
								if(_t302 < 0) {
									goto L50;
								}
								_t243 = _v20;
								if((_t242 & 0x00000040) != 0) {
									L44:
									if(_v9 == 0) {
										goto L50;
									}
									_t250 = _v32;
									if(_t250 == 0) {
										goto L50;
									}
									_t251 =  *_t250;
									_t302 = E01361F8A(_t251, _t300, _v72 >> 0x00000002 & 1, _v68, _a4);
									if(_t302 >= 0 && (_v44 & 0x00000030) == 0x30) {
										_push(_t251);
										_t302 = E013640BE(_a4, _t300, 0,  &_v24, _v84);
										if(_t302 < 0) {
											goto L50;
										}
										_t253 = _t243 * 0x1c;
										_t278 =  *((intOrPtr*)( *((intOrPtr*)(_t300 + 0x14)) + 0xc)) + _t253;
										if(( *( *((intOrPtr*)( *((intOrPtr*)(_t300 + 0x14)) + 0xc)) + _t253) & 0x00000006) != 0) {
											if(_v36 == 0) {
												L96:
												_t195 =  *((intOrPtr*)(_t300 + 0x1c));
												L97:
												_push(_t253);
												_t302 = E013F6BEC(_a4, _t278, _t300, _t195);
												goto L50;
											}
											_t195 = _v48;
											if(_v48 != 0) {
												goto L97;
											}
											goto L96;
										}
									}
									goto L50;
								}
								if(_a28 != 0) {
									if(_v60 > 0) {
										goto L44;
									}
								}
								_push(_t249);
								_t302 = E013640BE(_v32, _t300, 0,  &_v24, _v84);
								if(_t302 >= 0 && _v52 != 0) {
									_t256 = _t243 * 0x1c;
									_t281 =  *((intOrPtr*)( *((intOrPtr*)(_t300 + 0x14)) + 0xc)) + _t256;
									if(( *( *((intOrPtr*)( *((intOrPtr*)(_t300 + 0x14)) + 0xc)) + _t256) & 0x00000006) != 0) {
										if(_v36 == 0) {
											L91:
											_t202 =  *((intOrPtr*)(_t300 + 0x1c));
											L92:
											_push(_t256);
											_t302 = E013F6BEC(_v32, _t281, _t300, _t202);
											if(_t302 < 0) {
												goto L50;
											}
											goto L44;
										}
										_t202 = _v48;
										if(_v48 != 0) {
											goto L92;
										}
										goto L91;
									}
								}
								goto L44;
							}
							_t204 = _a16;
							if(_t204 == 0 ||  *((intOrPtr*)(_t204 + 4)) <= _t273) {
								_t204 = _a20;
								if(_t204 == 0 ||  *((intOrPtr*)(_t204 + 4)) <= _t273) {
									goto L36;
								} else {
									goto L21;
								}
							} else {
								L21:
								_v36 = _t204;
								if( *((char*)(_t204 + 8)) == 0) {
									_t244 = _a24;
									_v48 = _t244;
									if(_t244 != 0) {
										L24:
										_v56 = _t273;
										if(0 >=  *((intOrPtr*)(_t204 + 4))) {
											L35:
											_t242 = _v44;
											goto L36;
										}
										_t304 = _t273;
										while(1) {
											_t283 =  *((intOrPtr*)(_t204 + 0x10)) + _t304;
											if(0 ==  *((intOrPtr*)( *((intOrPtr*)(_t204 + 0x10)) + _t304))) {
												goto L34;
											}
											_t259 = _t300;
											_v76 = _v40;
											_v80 = 0xaa0000;
											if(E01363133(_t259, _t283,  &_v80) < 0) {
												goto L34;
											}
											_push(_t259);
											if(E013640BE(_v32, _t300, 1,  &_v16, _v76) >= 0 && (_v44 & 0x00000010) != 0) {
												_t214 =  *((intOrPtr*)(_v36 + 0x10));
												if( *((short*)(_t304 + _t214)) != 2) {
													goto L34;
												}
												_t261 =  *(_t304 + _t214 + 4) * 0x1c;
												_t216 =  *((intOrPtr*)(_t300 + 0x14));
												_t288 =  *((intOrPtr*)(_t216 + 0xc)) + _t261;
												_t217 =  *( *((intOrPtr*)(_t216 + 0xc)) + _t261) & 0x0000ffff;
												if((_t217 & 0x00000007) == 0) {
													goto L34;
												}
												if((_t217 & 0x00000006) != 0) {
													_push(_t261);
													if(E013F6BEC(_v32, _t288, _t300, _t244) < 0) {
														goto L34;
													}
												}
												_v60 = _v60 + 1;
											}
											L34:
											_t304 = _t304 + 6;
											_t285 = _v56 + 1;
											_v56 = _t285;
											if(_t285 < ( *(_v36 + 4) & 0x0000ffff)) {
												_t204 = _v36;
												continue;
											}
											goto L35;
										}
									}
									_t244 =  *((intOrPtr*)(_t300 + 0x20));
									L23:
									_v48 = _t244;
									goto L24;
								}
								_t244 =  *((intOrPtr*)(_t300 + 0x1c));
								goto L23;
							}
						}
						_t306 = _a8;
						if(_t306 != 0) {
							_t266 = 0;
							_v52 = 0;
							if(0 >=  *(_t306 + 4)) {
								goto L15;
							}
							_v56 = 0;
							do {
								_t229 =  *((intOrPtr*)(_t306 + 0x10)) + _t266;
								_t293 = _v52;
								if(0 ==  *((intOrPtr*)( *((intOrPtr*)(_t306 + 0x10)) + _t266))) {
									goto L70;
								}
								_v76 = _v40;
								_t268 =  *((intOrPtr*)(_t306 + 0xc));
								_v80 = 0xaa0000;
								if(_t268 == 0) {
									_t268 = _t300;
								}
								if(E01363133(_t268, _t229,  &_v80) < 0) {
									L69:
									_t293 = _v52;
									_t266 = _v56;
								} else {
									_push(_t268);
									_t302 = E013640BE(_v32, _t300, 0,  &_v16, _v76);
									if(_t302 < 0) {
										goto L50;
									}
									_t306 = _a8;
									goto L69;
								}
								L70:
								_t294 = _t293 + 1;
								_t266 = _t266 + 6;
								_v52 = _t294;
								_v56 = _t266;
							} while (_t294 < ( *(_t306 + 4) & 0x0000ffff));
						}
						goto L15;
					} else {
						_v68 = _t164 >> 0x10;
						_v9 = 1;
						_v32 =  &_v64;
						_t302 = E013675CE(_t300, 0x19, _t247);
						if(_t302 < 0) {
							L50:
							_t248 = _v64;
							if(_v64 != 0) {
								E013676E2(_t248);
							}
							_t173 = _v40;
							if(_v40 != 0) {
								L013777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t173);
							}
							_t160 = _t302;
							goto L55;
						}
						_t247 = 0;
						goto L12;
					}
				}
			}





























































                            0x013634bc
                            0x013634c0
                            0x013634c3
                            0x013634c7
                            0x013634c9
                            0x013634cc
                            0x013634cf
                            0x013634d2
                            0x013634d5
                            0x013634d9
                            0x013634dd
                            0x013634e1
                            0x013634e4
                            0x013634e7
                            0x013634ea
                            0x013634ef
                            0x013b7f3e
                            0x013b7f3e
                            0x013637d6
                            0x013637dc
                            0x013637dc
                            0x013634f5
                            0x013634f9
                            0x00000000
                            0x01363511
                            0x01363519
                            0x0136351b
                            0x01363527
                            0x013b7d87
                            0x0136352d
                            0x01363539
                            0x01363539
                            0x0136353d
                            0x013b7d8e
                            0x01363543
                            0x01363543
                            0x01363543
                            0x01363546
                            0x01363549
                            0x0136354e
                            0x0136357c
                            0x01363589
                            0x0136358f
                            0x01363594
                            0x01363599
                            0x013b7d95
                            0x00000000
                            0x013b7d95
                            0x013635a1
                            0x013635ae
                            0x013635ae
                            0x013635b3
                            0x013b7e27
                            0x00000000
                            0x00000000
                            0x013b7e2d
                            0x013b7e32
                            0x013b7e34
                            0x013b7e3b
                            0x00000000
                            0x00000000
                            0x013b7e41
                            0x013b7e43
                            0x013b7e46
                            0x013b7e4b
                            0x013b7e50
                            0x00000000
                            0x00000000
                            0x013b7e52
                            0x013b7e58
                            0x013b7e5b
                            0x013b7e64
                            0x013b7e66
                            0x013b7e66
                            0x013b7e73
                            0x013b7e96
                            0x013b7e96
                            0x00000000
                            0x013b7e96
                            0x013b7e75
                            0x013b7e89
                            0x013b7e8d
                            0x00000000
                            0x00000000
                            0x013b7e93
                            0x00000000
                            0x013b7e99
                            0x013b7e9d
                            0x013b7e9e
                            0x013b7ea1
                            0x013b7ea4
                            0x013b7ea7
                            0x013b7eab
                            0x013b7eab
                            0x013635b9
                            0x013635b9
                            0x013635be
                            0x013635c1
                            0x013635c4
                            0x013636a1
                            0x013636a9
                            0x013636b0
                            0x013636bd
                            0x013636c1
                            0x00000000
                            0x00000000
                            0x013636c7
                            0x013636da
                            0x013b7f34
                            0x00000000
                            0x013b7f34
                            0x013636e9
                            0x013636f0
                            0x013636f4
                            0x00000000
                            0x00000000
                            0x013636fd
                            0x01363701
                            0x01363745
                            0x01363749
                            0x00000000
                            0x00000000
                            0x0136374b
                            0x01363750
                            0x00000000
                            0x00000000
                            0x0136375d
                            0x0136376d
                            0x01363771
                            0x0136377d
                            0x01363792
                            0x01363796
                            0x00000000
                            0x00000000
                            0x0136379b
                            0x013637a4
                            0x013637a9
                            0x013b7f16
                            0x013b7f1f
                            0x013b7f1f
                            0x013b7f22
                            0x013b7f22
                            0x013b7f2d
                            0x00000000
                            0x013b7f2d
                            0x013b7f18
                            0x013b7f1d
                            0x00000000
                            0x00000000
                            0x00000000
                            0x013b7f1d
                            0x013637a9
                            0x00000000
                            0x01363771
                            0x01363707
                            0x013637e3
                            0x00000000
                            0x00000000
                            0x013637e9
                            0x0136370d
                            0x01363722
                            0x01363726
                            0x01363731
                            0x0136373a
                            0x0136373f
                            0x013b7eec
                            0x013b7ef5
                            0x013b7ef5
                            0x013b7ef8
                            0x013b7ef8
                            0x013b7f03
                            0x013b7f07
                            0x00000000
                            0x00000000
                            0x00000000
                            0x013b7f0d
                            0x013b7eee
                            0x013b7ef3
                            0x00000000
                            0x00000000
                            0x00000000
                            0x013b7ef3
                            0x0136373f
                            0x00000000
                            0x01363726
                            0x013635ca
                            0x013635cf
                            0x013635d7
                            0x013635dc
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x013635ec
                            0x013635ec
                            0x013635f0
                            0x013635f3
                            0x013b7eb2
                            0x013b7eb5
                            0x013b7eba
                            0x013635ff
                            0x01363601
                            0x01363608
                            0x0136369e
                            0x0136369e
                            0x00000000
                            0x0136369e
                            0x0136360e
                            0x01363610
                            0x01363615
                            0x0136361a
                            0x00000000
                            0x00000000
                            0x0136361f
                            0x01363621
                            0x01363628
                            0x01363636
                            0x00000000
                            0x00000000
                            0x01363638
                            0x0136364e
                            0x01363659
                            0x01363661
                            0x00000000
                            0x00000000
                            0x01363668
                            0x0136366b
                            0x01363671
                            0x01363673
                            0x01363678
                            0x00000000
                            0x00000000
                            0x0136367c
                            0x013b7ed0
                            0x013b7edd
                            0x00000000
                            0x00000000
                            0x013b7ee3
                            0x01363682
                            0x01363682
                            0x01363685
                            0x01363688
                            0x0136368e
                            0x0136368f
                            0x01363698
                            0x013b7ec8
                            0x00000000
                            0x013b7ec8
                            0x00000000
                            0x01363698
                            0x01363610
                            0x013b7ec0
                            0x013635fc
                            0x013635fc
                            0x00000000
                            0x013635fc
                            0x013635f9
                            0x00000000
                            0x013635f9
                            0x013635cf
                            0x013635a3
                            0x013635a8
                            0x013b7d9f
                            0x013b7da3
                            0x013b7daa
                            0x00000000
                            0x00000000
                            0x013b7db0
                            0x013b7db3
                            0x013b7db8
                            0x013b7dbd
                            0x013b7dc0
                            0x00000000
                            0x00000000
                            0x013b7dc5
                            0x013b7dc8
                            0x013b7dcb
                            0x013b7dd4
                            0x013b7dd6
                            0x013b7dd6
                            0x013b7de5
                            0x013b7e08
                            0x013b7e08
                            0x013b7e0b
                            0x013b7de7
                            0x013b7de7
                            0x013b7dfb
                            0x013b7dff
                            0x00000000
                            0x00000000
                            0x013b7e05
                            0x00000000
                            0x013b7e05
                            0x013b7e0e
                            0x013b7e12
                            0x013b7e13
                            0x013b7e16
                            0x013b7e19
                            0x013b7e1c
                            0x013b7e20
                            0x00000000
                            0x01363554
                            0x01363559
                            0x01363564
                            0x01363568
                            0x01363570
                            0x01363574
                            0x013637af
                            0x013637af
                            0x013637b4
                            0x013637b6
                            0x013637b6
                            0x013637bb
                            0x013637c0
                            0x013637cf
                            0x013637cf
                            0x013637d4
                            0x00000000
                            0x013637d4
                            0x0136357a
                            0x00000000
                            0x0136357a
                            0x0136354e

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 96c2f874d3dc5b4d9421a7b36a81a3dd36c3f429a932a27a4c5ea318a08f9dc6
                            • Instruction ID: 2c6e9100ab326bbcbdc5614650b95d8863ec225b1b617ca26c29f069e07c3e4b
                            • Opcode Fuzzy Hash: 96c2f874d3dc5b4d9421a7b36a81a3dd36c3f429a932a27a4c5ea318a08f9dc6
                            • Instruction Fuzzy Hash: 38F16271E002199BDB15CF99C880AEEBBF9FF48718F058129EA09AB745E774DC41CB60
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 013820A0 Relevance: .4, Instructions: 420COMMONCrypto
                            Download Yara Rule
                            C-Code - Quality: 92%
                            			E013820A0(void* __ebx, unsigned int __ecx, signed int __edx, void* __eflags, intOrPtr* _a4, signed int _a8, intOrPtr* _a12, void* _a16, intOrPtr* _a20) {
				signed int _v16;
				signed int _v20;
				signed char _v24;
				intOrPtr _v28;
				signed int _v32;
				void* _v36;
				char _v48;
				signed int _v52;
				signed int _v56;
				unsigned int _v60;
				char _v64;
				unsigned int _v68;
				signed int _v72;
				char _v73;
				signed int _v74;
				char _v75;
				signed int _v76;
				void* _v81;
				void* _v82;
				void* _v89;
				void* _v92;
				void* _v97;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char _t128;
				void* _t129;
				signed int _t130;
				void* _t132;
				signed char _t133;
				intOrPtr _t135;
				signed int _t137;
				signed int _t140;
				signed int* _t144;
				signed int* _t145;
				intOrPtr _t146;
				signed int _t147;
				signed char* _t148;
				signed int _t149;
				signed int _t153;
				signed int _t169;
				signed int _t174;
				signed int _t180;
				void* _t197;
				void* _t198;
				signed int _t201;
				intOrPtr* _t202;
				intOrPtr* _t205;
				signed int _t210;
				signed int _t215;
				signed int _t218;
				signed char _t221;
				signed int _t226;
				char _t227;
				signed int _t228;
				void* _t229;
				unsigned int _t231;
				void* _t235;
				signed int _t240;
				signed int _t241;
				void* _t242;
				signed int _t246;
				signed int _t248;
				signed int _t252;
				signed int _t253;
				void* _t254;
				intOrPtr* _t256;
				intOrPtr _t257;
				unsigned int _t262;
				signed int _t265;
				void* _t267;
				signed int _t275;

				_t198 = __ebx;
				_t267 = (_t265 & 0xfffffff0) - 0x48;
				_v68 = __ecx;
				_v73 = 0;
				_t201 = __edx & 0x00002000;
				_t128 = __edx & 0xffffdfff;
				_v74 = __edx & 0xffffff00 | __eflags != 0x00000000;
				_v72 = _t128;
				if((_t128 & 0x00000008) != 0) {
					__eflags = _t128 - 8;
					if(_t128 != 8) {
						L69:
						_t129 = 0xc000000d;
						goto L23;
					} else {
						_t130 = 0;
						_v72 = 0;
						_v75 = 1;
						L2:
						_v74 = 1;
						_t226 =  *0x1448714; // 0x0
						if(_t226 != 0) {
							__eflags = _t201;
							if(_t201 != 0) {
								L62:
								_v74 = 1;
								L63:
								_t130 = _t226 & 0xffffdfff;
								_v72 = _t130;
								goto L3;
							}
							_v74 = _t201;
							__eflags = _t226 & 0x00002000;
							if((_t226 & 0x00002000) == 0) {
								goto L63;
							}
							goto L62;
						}
						L3:
						_t227 = _v75;
						L4:
						_t240 = 0;
						_v56 = 0;
						_t252 = _t130 & 0x00000100;
						if(_t252 != 0 || _t227 != 0) {
							_t240 = _v68;
							_t132 = E01382EB0(_t240);
							__eflags = _t132 - 2;
							if(_t132 != 2) {
								__eflags = _t132 - 1;
								if(_t132 == 1) {
									goto L25;
								}
								__eflags = _t132 - 6;
								if(_t132 == 6) {
									__eflags =  *((short*)(_t240 + 4)) - 0x3f;
									if( *((short*)(_t240 + 4)) != 0x3f) {
										goto L40;
									}
									_t197 = E01382EB0(_t240 + 8);
									__eflags = _t197 - 2;
									if(_t197 == 2) {
										goto L25;
									}
								}
								L40:
								_t133 = 1;
								L26:
								_t228 = _v75;
								_v56 = _t240;
								__eflags = _t133;
								if(_t133 != 0) {
									__eflags = _t228;
									if(_t228 == 0) {
										L43:
										__eflags = _v72;
										if(_v72 == 0) {
											goto L8;
										}
										goto L69;
									}
									_t133 = E013558EC(_t240);
									_t221 =  *0x1445cac; // 0x16
									__eflags = _t221 & 0x00000040;
									if((_t221 & 0x00000040) != 0) {
										_t228 = 0;
										__eflags = _t252;
										if(_t252 != 0) {
											goto L43;
										}
										_t133 = _v72;
										goto L7;
									}
									goto L43;
								} else {
									_t133 = _v72;
									goto L6;
								}
							}
							L25:
							_t133 = _v73;
							goto L26;
						} else {
							L6:
							_t221 =  *0x1445cac; // 0x16
							L7:
							if(_t133 != 0) {
								__eflags = _t133 & 0x00001000;
								if((_t133 & 0x00001000) != 0) {
									_t133 = _t133 | 0x00000a00;
									__eflags = _t221 & 0x00000004;
									if((_t221 & 0x00000004) != 0) {
										_t133 = _t133 | 0x00000400;
									}
								}
								__eflags = _t228;
								if(_t228 != 0) {
									_t133 = _t133 | 0x00000100;
								}
								_t229 = E01394A2C(0x1446e40, 0x1394b30, _t133, _t240);
								__eflags = _t229;
								if(_t229 == 0) {
									_t202 = _a20;
									goto L100;
								} else {
									_t135 =  *((intOrPtr*)(_t229 + 0x38));
									L15:
									_t202 = _a20;
									 *_t202 = _t135;
									if(_t229 == 0) {
										L100:
										 *_a4 = 0;
										_t137 = _a8;
										__eflags = _t137;
										if(_t137 != 0) {
											 *_t137 = 0;
										}
										 *_t202 = 0;
										_t129 = 0xc0000017;
										goto L23;
									} else {
										_t242 = _a16;
										if(_t242 != 0) {
											_t254 = _t229;
											memcpy(_t242, _t254, 0xd << 2);
											_t267 = _t267 + 0xc;
											_t242 = _t254 + 0x1a;
										}
										_t205 = _a4;
										_t25 = _t229 + 0x48; // 0x48
										 *_t205 = _t25;
										_t140 = _a8;
										if(_t140 != 0) {
											__eflags =  *((char*)(_t267 + 0xa));
											if( *((char*)(_t267 + 0xa)) != 0) {
												 *_t140 =  *((intOrPtr*)(_t229 + 0x44));
											} else {
												 *_t140 = 0;
											}
										}
										_t256 = _a12;
										if(_t256 != 0) {
											 *_t256 =  *((intOrPtr*)(_t229 + 0x3c));
										}
										_t257 =  *_t205;
										_v48 = 0;
										 *((intOrPtr*)(_t267 + 0x2c)) = 0;
										_v56 = 0;
										_v52 = 0;
										_t144 =  *( *[fs:0x30] + 0x50);
										if(_t144 != 0) {
											__eflags =  *_t144;
											if( *_t144 == 0) {
												goto L20;
											}
											_t145 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
											goto L21;
										} else {
											L20:
											_t145 = 0x7ffe0384;
											L21:
											if( *_t145 != 0) {
												_t146 =  *[fs:0x30];
												__eflags =  *(_t146 + 0x240) & 0x00000004;
												if(( *(_t146 + 0x240) & 0x00000004) != 0) {
													_t147 = E01377D50();
													__eflags = _t147;
													if(_t147 == 0) {
														_t148 = 0x7ffe0385;
													} else {
														_t148 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
													}
													__eflags =  *_t148 & 0x00000020;
													if(( *_t148 & 0x00000020) != 0) {
														_t149 = _v72;
														__eflags = _t149;
														if(__eflags == 0) {
															_t149 = 0x1335c80;
														}
														_push(_t149);
														_push( &_v48);
														 *((char*)(_t267 + 0xb)) = E0138F6E0(_t198, _t242, _t257, __eflags);
														_push(_t257);
														_push( &_v64);
														_t153 = E0138F6E0(_t198, _t242, _t257, __eflags);
														__eflags =  *((char*)(_t267 + 0xb));
														if( *((char*)(_t267 + 0xb)) != 0) {
															__eflags = _t153;
															if(_t153 != 0) {
																__eflags = 0;
																E013D7016(0x14c1, 0, 0, 0,  &_v72,  &_v64);
																L01372400(_t267 + 0x20);
															}
															L01372400( &_v64);
														}
													}
												}
											}
											_t129 = 0;
											L23:
											return _t129;
										}
									}
								}
							}
							L8:
							_t275 = _t240;
							if(_t275 != 0) {
								_v73 = 0;
								_t253 = 0;
								__eflags = 0;
								L29:
								_push(0);
								_t241 = E01382397(_t240);
								__eflags = _t241;
								if(_t241 == 0) {
									_t229 = 0;
									L14:
									_t135 = 0;
									goto L15;
								}
								__eflags =  *((char*)(_t267 + 0xb));
								 *(_t241 + 0x34) = 1;
								if( *((char*)(_t267 + 0xb)) != 0) {
									E01372280(_t134, 0x1448608);
									__eflags =  *0x1446e48 - _t253; // 0x0
									if(__eflags != 0) {
										L48:
										_t253 = 0;
										__eflags = 0;
										L49:
										E0136FFB0(_t198, _t241, 0x1448608);
										__eflags = _t253;
										if(_t253 != 0) {
											L013777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t253);
										}
										goto L31;
									}
									 *0x1446e48 = _t241;
									 *(_t241 + 0x34) =  *(_t241 + 0x34) + 1;
									__eflags = _t253;
									if(_t253 != 0) {
										_t57 = _t253 + 0x34;
										 *_t57 =  *(_t253 + 0x34) + 0xffffffff;
										__eflags =  *_t57;
										if( *_t57 == 0) {
											goto L49;
										}
									}
									goto L48;
								}
								L31:
								_t229 = _t241;
								goto L14;
							}
							_v73 = 1;
							_v64 = _t240;
							asm("lock bts dword [esi], 0x0");
							if(_t275 < 0) {
								_t231 =  *0x1448608; // 0x0
								while(1) {
									_v60 = _t231;
									__eflags = _t231 & 0x00000001;
									if((_t231 & 0x00000001) != 0) {
										goto L76;
									}
									_t73 = _t231 + 1; // 0x1
									_t210 = _t73;
									asm("lock cmpxchg [edi], ecx");
									__eflags = _t231 - _t231;
									if(_t231 != _t231) {
										L92:
										_t133 = E01386B90(_t210,  &_v64);
										_t262 =  *0x1448608; // 0x0
										L93:
										_t231 = _t262;
										continue;
									}
									_t240 = _v56;
									goto L10;
									L76:
									_t169 = E0138E180(_t133);
									__eflags = _t169;
									if(_t169 != 0) {
										_push(0xc000004b);
										_push(0xffffffff);
										E013997C0();
										_t231 = _v68;
									}
									_v72 = 0;
									_v24 =  *( *[fs:0x18] + 0x24);
									_v16 = 3;
									_v28 = 0;
									__eflags = _t231 & 0x00000002;
									if((_t231 & 0x00000002) == 0) {
										_v32 =  &_v36;
										_t174 = _t231 >> 4;
										__eflags = 1 - _t174;
										_v20 = _t174;
										asm("sbb ecx, ecx");
										_t210 = 3 |  &_v36;
										__eflags = _t174;
										if(_t174 == 0) {
											_v20 = 0xfffffffe;
										}
									} else {
										_v32 = 0;
										_v20 = 0xffffffff;
										_v36 = _t231 & 0xfffffff0;
										_t210 = _t231 & 0x00000008 |  &_v36 | 0x00000007;
										_v72 =  !(_t231 >> 2) & 0xffffff01;
									}
									asm("lock cmpxchg [edi], esi");
									_t262 = _t231;
									__eflags = _t262 - _t231;
									if(_t262 != _t231) {
										goto L92;
									} else {
										__eflags = _v72;
										if(_v72 != 0) {
											E0139006A(0x1448608, _t210);
										}
										__eflags =  *0x7ffe036a - 1;
										if(__eflags <= 0) {
											L89:
											_t133 =  &_v16;
											asm("lock btr dword [eax], 0x1");
											if(__eflags >= 0) {
												goto L93;
											} else {
												goto L90;
											}
											do {
												L90:
												_push(0);
												_push(0x1448608);
												E0139B180();
												_t133 = _v24;
												__eflags = _t133 & 0x00000004;
											} while ((_t133 & 0x00000004) == 0);
											goto L93;
										} else {
											_t218 =  *0x1446904; // 0x400
											__eflags = _t218;
											if(__eflags == 0) {
												goto L89;
											} else {
												goto L87;
											}
											while(1) {
												L87:
												__eflags = _v16 & 0x00000002;
												if(__eflags == 0) {
													goto L89;
												}
												asm("pause");
												_t218 = _t218 - 1;
												__eflags = _t218;
												if(__eflags != 0) {
													continue;
												}
												goto L89;
											}
											goto L89;
										}
									}
								}
							}
							L10:
							_t229 =  *0x1446e48; // 0x0
							_v72 = _t229;
							if(_t229 == 0 ||  *((char*)(_t229 + 0x40)) == 0 &&  *((intOrPtr*)(_t229 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
								E0136FFB0(_t198, _t240, 0x1448608);
								_t253 = _v76;
								goto L29;
							} else {
								 *((intOrPtr*)(_t229 + 0x34)) =  *((intOrPtr*)(_t229 + 0x34)) + 1;
								asm("lock cmpxchg [esi], ecx");
								_t215 = 1;
								if(1 != 1) {
									while(1) {
										_t246 = _t215 & 0x00000006;
										_t180 = _t215;
										__eflags = _t246 - 2;
										_v56 = _t246;
										_t235 = (0 | _t246 == 0x00000002) * 4 - 1 + _t215;
										asm("lock cmpxchg [edi], esi");
										_t248 = _v56;
										__eflags = _t180 - _t215;
										if(_t180 == _t215) {
											break;
										}
										_t215 = _t180;
									}
									__eflags = _t248 - 2;
									if(_t248 == 2) {
										__eflags = 0;
										E013900C2(0x1448608, 0, _t235);
									}
									_t229 = _v72;
								}
								goto L14;
							}
						}
					}
				}
				_t227 = 0;
				_v75 = 0;
				if(_t128 != 0) {
					goto L4;
				}
				goto L2;
			}











































































                            0x013820a0
                            0x013820a8
                            0x013820ad
                            0x013820b3
                            0x013820b8
                            0x013820c2
                            0x013820c7
                            0x013820cb
                            0x013820d2
                            0x01382263
                            0x01382266
                            0x013c5836
                            0x013c5836
                            0x00000000
                            0x0138226c
                            0x0138226c
                            0x01382270
                            0x01382274
                            0x013820e2
                            0x013820e2
                            0x013820e6
                            0x013820ee
                            0x013c57dc
                            0x013c57de
                            0x013c57ec
                            0x013c57ec
                            0x013c57f1
                            0x013c57f3
                            0x013c57f8
                            0x00000000
                            0x013c57f8
                            0x013c57e0
                            0x013c57e4
                            0x013c57ea
                            0x00000000
                            0x00000000
                            0x00000000
                            0x013c57ea
                            0x013820f4
                            0x013820f4
                            0x013820f8
                            0x013820f8
                            0x013820fc
                            0x01382100
                            0x01382106
                            0x01382201
                            0x01382206
                            0x0138220b
                            0x0138220e
                            0x013822a9
                            0x013822ac
                            0x00000000
                            0x00000000
                            0x013822b2
                            0x013822b5
                            0x013c5801
                            0x013c5806
                            0x00000000
                            0x00000000
                            0x013c5810
                            0x013c5815
                            0x013c5818
                            0x00000000
                            0x00000000
                            0x013c581e
                            0x013822bb
                            0x013822bb
                            0x01382218
                            0x01382218
                            0x0138221c
                            0x01382220
                            0x01382222
                            0x013822c2
                            0x013822c4
                            0x013822dc
                            0x013822dc
                            0x013822e1
                            0x00000000
                            0x00000000
                            0x00000000
                            0x013822e7
                            0x013822c8
                            0x013822cd
                            0x013822d3
                            0x013822d6
                            0x013c5823
                            0x013c5825
                            0x013c5827
                            0x00000000
                            0x00000000
                            0x013c582d
                            0x00000000
                            0x013c582d
                            0x00000000
                            0x01382228
                            0x01382228
                            0x00000000
                            0x01382228
                            0x01382222
                            0x01382214
                            0x01382214
                            0x00000000
                            0x01382114
                            0x01382114
                            0x01382114
                            0x0138211a
                            0x0138211c
                            0x01382348
                            0x0138234d
                            0x013c5840
                            0x013c5845
                            0x013c5848
                            0x013c584e
                            0x013c584e
                            0x013c5848
                            0x01382353
                            0x01382355
                            0x01382388
                            0x01382388
                            0x01382368
                            0x0138236a
                            0x0138236c
                            0x0138238f
                            0x00000000
                            0x0138236e
                            0x0138236e
                            0x0138218e
                            0x0138218e
                            0x01382191
                            0x01382195
                            0x013c5a03
                            0x013c5a06
                            0x013c5a0c
                            0x013c5a0f
                            0x013c5a11
                            0x013c5a13
                            0x013c5a13
                            0x013c5a19
                            0x013c5a1f
                            0x00000000
                            0x0138219b
                            0x0138219b
                            0x013821a0
                            0x01382282
                            0x01382284
                            0x01382284
                            0x01382284
                            0x01382284
                            0x013821a6
                            0x013821a9
                            0x013821ac
                            0x013821ae
                            0x013821b3
                            0x0138228b
                            0x01382290
                            0x01382379
                            0x01382296
                            0x01382298
                            0x01382298
                            0x01382290
                            0x013821b9
                            0x013821be
                            0x013822a2
                            0x013822a2
                            0x013821c4
                            0x013821c8
                            0x013821cc
                            0x013821d0
                            0x013821d4
                            0x013821de
                            0x013821e3
                            0x013c5a29
                            0x013c5a2c
                            0x00000000
                            0x00000000
                            0x013c5a3b
                            0x00000000
                            0x013821e9
                            0x013821e9
                            0x013821e9
                            0x013821ee
                            0x013821f1
                            0x013c5a45
                            0x013c5a4b
                            0x013c5a52
                            0x013c5a58
                            0x013c5a5d
                            0x013c5a5f
                            0x013c5a71
                            0x013c5a61
                            0x013c5a6a
                            0x013c5a6a
                            0x013c5a76
                            0x013c5a79
                            0x013c5a7f
                            0x013c5a83
                            0x013c5a85
                            0x013c5a87
                            0x013c5a87
                            0x013c5a8c
                            0x013c5a91
                            0x013c5a97
                            0x013c5a9f
                            0x013c5aa0
                            0x013c5aa1
                            0x013c5aa6
                            0x013c5aab
                            0x013c5ab1
                            0x013c5ab3
                            0x013c5ab9
                            0x013c5aca
                            0x013c5ad4
                            0x013c5ad4
                            0x013c5ade
                            0x013c5ade
                            0x013c5aab
                            0x013c5a79
                            0x013c5a52
                            0x013821f7
                            0x013821f9
                            0x013821fe
                            0x013821fe
                            0x013821e3
                            0x01382195
                            0x0138236c
                            0x01382122
                            0x01382122
                            0x01382124
                            0x01382231
                            0x01382236
                            0x01382236
                            0x01382238
                            0x01382238
                            0x01382240
                            0x01382242
                            0x01382244
                            0x013c59fc
                            0x0138218c
                            0x0138218c
                            0x00000000
                            0x0138218c
                            0x0138224a
                            0x0138224f
                            0x01382256
                            0x01382304
                            0x01382309
                            0x0138230f
                            0x0138231e
                            0x0138231e
                            0x0138231e
                            0x01382320
                            0x01382325
                            0x0138232a
                            0x0138232c
                            0x0138233e
                            0x0138233e
                            0x00000000
                            0x0138232c
                            0x01382311
                            0x01382317
                            0x0138231a
                            0x0138231c
                            0x01382380
                            0x01382380
                            0x01382380
                            0x01382384
                            0x00000000
                            0x00000000
                            0x01382386
                            0x00000000
                            0x0138231c
                            0x0138225c
                            0x0138225c
                            0x00000000
                            0x0138225c
                            0x0138212a
                            0x01382134
                            0x01382138
                            0x0138213d
                            0x013c5858
                            0x013c5863
                            0x013c5863
                            0x013c5867
                            0x013c586a
                            0x00000000
                            0x00000000
                            0x013c586c
                            0x013c586c
                            0x013c5871
                            0x013c5875
                            0x013c5877
                            0x013c5997
                            0x013c599c
                            0x013c59a1
                            0x013c59a7
                            0x013c59a7
                            0x00000000
                            0x013c59a7
                            0x013c587d
                            0x00000000
                            0x013c588b
                            0x013c588b
                            0x013c5890
                            0x013c5892
                            0x013c5894
                            0x013c5899
                            0x013c589b
                            0x013c58a0
                            0x013c58a0
                            0x013c58aa
                            0x013c58b2
                            0x013c58b6
                            0x013c58be
                            0x013c58c6
                            0x013c58c9
                            0x013c590d
                            0x013c5917
                            0x013c591a
                            0x013c591c
                            0x013c5920
                            0x013c5928
                            0x013c592a
                            0x013c592c
                            0x013c592e
                            0x013c592e
                            0x013c58cb
                            0x013c58cd
                            0x013c58d8
                            0x013c58e0
                            0x013c58f4
                            0x013c58fe
                            0x013c58fe
                            0x013c593a
                            0x013c593e
                            0x013c5940
                            0x013c5942
                            0x00000000
                            0x013c5944
                            0x013c5944
                            0x013c5949
                            0x013c594e
                            0x013c594e
                            0x013c5953
                            0x013c595b
                            0x013c5976
                            0x013c5976
                            0x013c597a
                            0x013c597f
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x013c5981
                            0x013c5981
                            0x013c5981
                            0x013c5983
                            0x013c5988
                            0x013c598d
                            0x013c5991
                            0x013c5991
                            0x00000000
                            0x013c595d
                            0x013c595d
                            0x013c5963
                            0x013c5965
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x013c5967
                            0x013c5967
                            0x013c596b
                            0x013c596d
                            0x00000000
                            0x00000000
                            0x013c596f
                            0x013c5971
                            0x013c5971
                            0x013c5974
                            0x00000000
                            0x00000000
                            0x00000000
                            0x013c5974
                            0x00000000
                            0x013c5967
                            0x013c595b
                            0x013c5942
                            0x013c5863
                            0x01382143
                            0x01382143
                            0x01382149
                            0x0138214f
                            0x013822f1
                            0x013822f6
                            0x00000000
                            0x01382173
                            0x01382173
                            0x0138217d
                            0x01382181
                            0x01382186
                            0x013c59ae
                            0x013c59b2
                            0x013c59b5
                            0x013c59b7
                            0x013c59ba
                            0x013c59cd
                            0x013c59d1
                            0x013c59d5
                            0x013c59d9
                            0x013c59db
                            0x00000000
                            0x00000000
                            0x013c59dd
                            0x013c59dd
                            0x013c59e1
                            0x013c59e4
                            0x013c59e7
                            0x013c59ee
                            0x013c59ee
                            0x013c59f3
                            0x013c59f3
                            0x00000000
                            0x01382186
                            0x0138214f
                            0x01382106
                            0x01382266
                            0x013820d8
                            0x013820da
                            0x013820e0
                            0x00000000
                            0x00000000
                            0x00000000

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: ea9cebdc376d55005005afa0eac5b05dc0d10276797c2dd5999a778c52a62e2f
                            • Instruction ID: e6cb7be50827d115b99571499fbe07576e269c931d1d06b57bd178df3a62cf3b
                            • Opcode Fuzzy Hash: ea9cebdc376d55005005afa0eac5b05dc0d10276797c2dd5999a778c52a62e2f
                            • Instruction Fuzzy Hash: 0FF135357083029FEB26EF2CC84076B7BE5AF8572CF14851DE9999B291D774E841CB82
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 01356800 Relevance: .4, Instructions: 373COMMONCrypto
                            Download Yara Rule
                            C-Code - Quality: 98%
                            			E01356800(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4, signed short* _a8, intOrPtr _a12, signed short* _a16, signed short* _a20, intOrPtr _a24, intOrPtr* _a28, intOrPtr* _a32, intOrPtr* _a36, intOrPtr* _a40, signed char _a44) {
				char _v5;
				char _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				signed int _t124;
				void* _t125;
				void* _t126;
				void* _t127;
				void* _t129;
				void* _t130;
				void* _t131;
				intOrPtr* _t132;
				intOrPtr _t153;
				intOrPtr _t162;
				void* _t194;
				intOrPtr _t196;
				void* _t205;
				void* _t206;
				signed short* _t207;
				void* _t209;
				signed int _t211;
				intOrPtr* _t212;
				signed short* _t213;
				signed int _t215;
				signed short* _t217;
				void* _t219;
				intOrPtr _t228;
				intOrPtr _t229;
				signed int _t238;
				intOrPtr _t256;
				void* _t262;
				short _t268;
				signed int _t271;
				void* _t272;
				intOrPtr* _t273;
				void* _t275;
				intOrPtr* _t276;
				void* _t278;
				intOrPtr* _t279;

				_t275 = __esi;
				_t272 = __edi;
				_t205 = __ebx;
				if((_a44 & 0xfffffffe) != 0) {
					L61:
					return 0xc000000d;
				}
				_v24 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
				if(E01356BF3(_a8) < 0) {
					goto L61;
				}
				_t256 = _a12;
				_t215 = 0;
				if(_t256 != 0) {
					_t124 = E01356BF3(_t256);
					_t215 = 0;
				} else {
					_t124 = 0;
				}
				if(_t124 < 0) {
					goto L61;
				} else {
					_push(_t205);
					_v5 = _t215;
					_v32 = _t215;
					_t217 = _a16;
					_t206 = 0x5c;
					if(_t217 == 0) {
						L12:
						_t207 = _a20;
						if(_t207 == 0) {
							_t125 = 0;
						} else {
							_t125 = E01356BF3(_t207);
						}
						if(_t125 < 0) {
							L65:
							_t126 = 0xc000000d;
							goto L53;
						} else {
							_t218 = _a28;
							if(_a28 == 0) {
								_t219 = 0;
								_t127 = 0;
							} else {
								_t127 = E01356BF3(_t218);
								_t219 = 0;
							}
							if(_t127 < 0) {
								goto L65;
							} else {
								_t128 = _a32;
								if(_a32 == 0) {
									_t129 = _t219;
								} else {
									_t129 = E01356BF3(_t128);
									_t219 = 0;
								}
								if(_t129 < 0) {
									goto L65;
								} else {
									_push(_t275);
									_t276 = _a36;
									if(_t276 == 0) {
										_t130 = _t219;
									} else {
										_t130 = E01356BF3(_t276);
										_t219 = 0;
									}
									if(_t130 < 0) {
										_t126 = 0xc000000d;
										goto L52;
									} else {
										_push(_t272);
										_t273 = _a40;
										if(_t273 == 0) {
											_t131 = _t219;
										} else {
											_t131 = E01356BF3(_t273);
										}
										if(_t131 < 0) {
											_t126 = 0xc000000d;
											goto L51;
										} else {
											if(_t207 == 0) {
												_t207 = _a8;
												_a20 = _t207;
											}
											_t132 = _a28;
											if(_t132 == 0) {
												_t132 = 0x1331ab0;
												_a28 = 0x1331ab0;
											}
											if(_a32 == 0) {
												_a32 = 0x1331ab0;
											}
											if(_t276 == 0) {
												_t276 = 0x1331ab0;
												_a36 = 0x1331ab0;
											}
											if(_t273 == 0) {
												_t273 = 0x1331ab0;
											}
											_t209 = 3;
											_t278 = 0;
											_t228 = (( *_t207 & 0x0000ffff) + 0x00000005 & 0xfffffffc) + (( *(_t132 + 2) & 0x0000ffff) + _t209 & 0xfffffffc) + (( *_a8 & 0x0000ffff) + 0x00000005 & 0xfffffffc) + (( *(_a32 + 2) & 0x0000ffff) + _t209 & 0xfffffffc) + 0x4ac + (( *(_t276 + 2) & 0x0000ffff) + _t209 & 0xfffffffc);
											_v16 = _t228;
											if( *_t273 != 0) {
												_t228 = _t228 + (( *(_t273 + 2) & 0x0000ffff) + _t209 & 0xfffffffc);
												_v16 = _t228;
											}
											if(_t256 != 0) {
												_t229 = _t228 + (( *(_t256 + 2) & 0x0000ffff) + _t209 & 0xfffffffc);
												_v16 = _t229;
											}
											if(_a24 != _t278) {
												_t153 = E0138585B(_a24, 1);
												_t229 = _v16;
											} else {
												_t153 =  *((intOrPtr*)(_v24 + 0x290));
											}
											_v20 = _t153;
											_t211 = _t153 + 0x00000003 & 0xfffffffc;
											if(_t211 < _t153) {
												L77:
												_t126 = 0xc0000095;
												goto L51;
											} else {
												while(1) {
													_t154 = _t211 + _t229;
													if(_t211 + _t229 < _t229) {
														goto L77;
													}
													_t279 = E01374620(_t229,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t278, _t154);
													if(_t279 == 0) {
														_t126 = 0xc000009a;
														L51:
														L52:
														L53:
														return _t126;
													}
													_t158 = _v16 + _t279;
													_v12 = _v16 + _t279;
													if(_a24 != 0) {
														E0139F3E0(_t158, _a24, _v20);
														L42:
														E0139FA60(_t279, 0, 0x2a4);
														_t162 = _v16;
														 *_t279 = _t162;
														 *((intOrPtr*)(_t279 + 4)) = _t162;
														 *(_t279 + 0x290) = _t211;
														 *((intOrPtr*)(_t279 + 0xc)) = 0;
														_t53 = _t279 + 0x24; // 0x24
														_t212 = _t53;
														 *((intOrPtr*)(_t279 + 0x2c)) = 0;
														 *((intOrPtr*)(_t279 + 0x48)) = _v12;
														_t57 = _t279 + 0x2a4; // 0x2a4
														_v12 = _t57;
														 *((intOrPtr*)(_t279 + 8)) = 1;
														 *(_t279 + 0x14) =  *(_v24 + 0x14) & 1;
														_t169 = _a16;
														if(_a16 == 0) {
															E0136EEF0(0x14479a0);
															E01356C14( &_v12, _t212, _v24 + 0x24, 0x208);
															E0136EB70( &_v12, 0x14479a0);
														} else {
															E01356C14( &_v12, _t212, _t169, 0x208);
															if(_v5 != 0) {
																_t268 = 0x5c;
																 *((short*)( *((intOrPtr*)(_t279 + 0x28)) + _v32 * 2)) = _t268;
																_t194 = 2;
																 *_t212 =  *_t212 + _t194;
															}
														}
														_t234 = _a12;
														if(_a12 != 0) {
															_t104 = _t279 + 0x30; // 0x30
															E01356C14( &_v12, _t104, _t234,  *(_t234 + 2) & 0x0000ffff);
														}
														_t72 = _t279 + 0x38; // 0x38
														E01356C14( &_v12, _t72, _a8, ( *_a8 & 0x0000ffff) + 2);
														_t213 = _a20;
														_t75 = _t279 + 0x40; // 0x40
														_t262 = _t75;
														_t238 =  *_t213 & 0x0000ffff;
														_t180 = _t213[1] & 0x0000ffff;
														if(_t238 != (_t213[1] & 0x0000ffff)) {
															_t180 = _t238 + 2;
														}
														E01356C14( &_v12, _t262, _t213, _t180);
														_t80 = _t279 + 0x70; // 0x70
														E01356C14( &_v12, _t80, _a28,  *(_a28 + 2) & 0x0000ffff);
														_t84 = _t279 + 0x78; // 0x78
														E01356C14( &_v12, _t84, _a32,  *(_a32 + 2) & 0x0000ffff);
														_t88 = _t279 + 0x80; // 0x80
														E01356C14( &_v12, _t88, _a36,  *(_a36 + 2) & 0x0000ffff);
														if( *_t273 != 0) {
															_t118 = _t279 + 0x88; // 0x88
															E01356C14( &_v12, _t118, _t273,  *(_t273 + 2) & 0x0000ffff);
														}
														if((_a44 & 0x00000001) == 0) {
															_t279 = E013DBCB0(_t279);
														}
														_t126 = 0;
														 *_a4 = _t279;
														goto L51;
													}
													E0136EEF0(0x14479a0);
													_t269 = _v24;
													_t196 =  *((intOrPtr*)(_v24 + 0x290));
													_v20 = _t196;
													_t251 = _t196 + 0x00000003 & 0xfffffffc;
													_v28 = _t196 + 0x00000003 & 0xfffffffc;
													if(_t196 > _t211) {
														E0136EB70(_t251, 0x14479a0);
														_t278 = 0;
														L013777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t279);
														_t211 = _v28;
														_t229 = _v16;
														if(_t211 >= _v20) {
															continue;
														}
														goto L77;
													}
													E0139F3E0(_v12,  *((intOrPtr*)(_t269 + 0x48)), _t196);
													E0136EB70(_t251, 0x14479a0);
													_t211 = _v28;
													goto L42;
												}
												goto L77;
											}
										}
									}
								}
							}
						}
					}
					_t271 = ( *_t217 & 0x0000ffff) >> 1;
					_v32 = _t271;
					if(E01356BF3(_t217) < 0 || _t271 == 0) {
						goto L65;
					} else {
						if( *((intOrPtr*)(_t217[2] + _t271 * 2 - 2)) == _t206) {
							L11:
							_t256 = _a12;
							goto L12;
						}
						if(_t271 > 0x103) {
							goto L65;
						}
						_v5 = 1;
						goto L11;
					}
				}
			}













































                            0x01356800
                            0x01356800
                            0x01356800
                            0x0135680f
                            0x013b1b26
                            0x00000000
                            0x013b1b26
                            0x01356821
                            0x0135682b
                            0x00000000
                            0x00000000
                            0x01356831
                            0x01356834
                            0x01356838
                            0x01356b68
                            0x01356b6d
                            0x0135683e
                            0x0135683e
                            0x0135683e
                            0x01356842
                            0x00000000
                            0x01356848
                            0x01356848
                            0x01356849
                            0x0135684c
                            0x0135684f
                            0x01356854
                            0x01356857
                            0x01356893
                            0x01356893
                            0x01356898
                            0x013b1b30
                            0x0135689e
                            0x013568a0
                            0x013568a0
                            0x013568a7
                            0x013b1b47
                            0x013b1b47
                            0x00000000
                            0x013568ad
                            0x013568ad
                            0x013568b2
                            0x013b1b37
                            0x013b1b39
                            0x013568b8
                            0x013568b8
                            0x013568bd
                            0x013568bd
                            0x013568c1
                            0x00000000
                            0x013568c7
                            0x013568c7
                            0x013568cc
                            0x013b1b40
                            0x013568d2
                            0x013568d4
                            0x013568d9
                            0x013568d9
                            0x013568dd
                            0x00000000
                            0x013568e3
                            0x013568e3
                            0x013568e4
                            0x013568e9
                            0x013b1b51
                            0x013568ef
                            0x013568f1
                            0x013568f6
                            0x013568f6
                            0x013568fa
                            0x013b1b58
                            0x00000000
                            0x01356900
                            0x01356900
                            0x01356901
                            0x01356906
                            0x013b1b62
                            0x0135690c
                            0x0135690e
                            0x0135690e
                            0x01356915
                            0x013b1b69
                            0x00000000
                            0x0135691b
                            0x0135691d
                            0x013b1b73
                            0x013b1b76
                            0x013b1b76
                            0x01356923
                            0x0135692d
                            0x013b1b7e
                            0x013b1b80
                            0x013b1b80
                            0x01356937
                            0x013b1b88
                            0x013b1b88
                            0x0135693f
                            0x013b1b90
                            0x013b1b92
                            0x013b1b92
                            0x01356947
                            0x013b1b9a
                            0x013b1b9a
                            0x01356959
                            0x0135698f
                            0x01356991
                            0x01356993
                            0x01356999
                            0x013b1baa
                            0x013b1bac
                            0x013b1bac
                            0x013569a1
                            0x01356b7d
                            0x01356b7f
                            0x01356b7f
                            0x013569aa
                            0x01356b8d
                            0x01356b92
                            0x013569b0
                            0x013569b3
                            0x013569b3
                            0x013569bc
                            0x013569bf
                            0x013569c4
                            0x013b1bdf
                            0x013b1bdf
                            0x00000000
                            0x013569ca
                            0x013569ca
                            0x013569ca
                            0x013569cf
                            0x00000000
                            0x00000000
                            0x013569e5
                            0x013569e9
                            0x013b1c0f
                            0x01356b5d
                            0x01356b5e
                            0x01356b5f
                            0x00000000
                            0x01356b5f
                            0x013569f2
                            0x013569f8
                            0x013569fb
                            0x01356ba1
                            0x01356a44
                            0x01356a4d
                            0x01356a52
                            0x01356a57
                            0x01356a5a
                            0x01356a62
                            0x01356a68
                            0x01356a6b
                            0x01356a6b
                            0x01356a6e
                            0x01356a74
                            0x01356a77
                            0x01356a7d
                            0x01356a83
                            0x01356a8b
                            0x01356a8e
                            0x01356a93
                            0x01356bb3
                            0x01356bc9
                            0x01356bd3
                            0x01356a99
                            0x01356aa4
                            0x01356aad
                            0x01356ab7
                            0x01356aba
                            0x01356abe
                            0x01356abf
                            0x01356abf
                            0x01356aad
                            0x01356ac2
                            0x01356ac7
                            0x01356be1
                            0x01356be9
                            0x01356be9
                            0x01356ad0
                            0x01356ade
                            0x01356ae3
                            0x01356ae6
                            0x01356ae6
                            0x01356ae9
                            0x01356aec
                            0x01356af3
                            0x01356af5
                            0x01356af5
                            0x01356afd
                            0x01356b05
                            0x01356b11
                            0x01356b19
                            0x01356b25
                            0x01356b2d
                            0x01356b3c
                            0x01356b46
                            0x013b1bed
                            0x013b1bf8
                            0x013b1bf8
                            0x01356b50
                            0x013b1c08
                            0x013b1c08
                            0x01356b59
                            0x01356b5b
                            0x00000000
                            0x01356b5b
                            0x01356a06
                            0x01356a0b
                            0x01356a0e
                            0x01356a14
                            0x01356a1a
                            0x01356a1d
                            0x01356a22
                            0x013b1bb9
                            0x013b1bc5
                            0x013b1bcb
                            0x013b1bd0
                            0x013b1bd3
                            0x013b1bd9
                            0x00000000
                            0x00000000
                            0x00000000
                            0x013b1bd9
                            0x01356a2f
                            0x01356a3c
                            0x01356a41
                            0x00000000
                            0x01356a41
                            0x00000000
                            0x013569ca
                            0x013569c4
                            0x01356915
                            0x013568fa
                            0x013568dd
                            0x013568c1
                            0x013568a7
                            0x0135685c
                            0x0135685e
                            0x01356868
                            0x00000000
                            0x01356876
                            0x0135687e
                            0x01356890
                            0x01356890
                            0x00000000
                            0x01356890
                            0x01356886
                            0x00000000
                            0x00000000
                            0x0135688c
                            0x00000000
                            0x0135688c
                            0x01356868

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 96c54a933ac8831ebaadc7be45bb018b9bce447c64d2529f80820a24308aece2
                            • Instruction ID: 6d8e80fb72ed2174224771eae5f7befb36ea3cfa5800729b90903a7a7709be78
                            • Opcode Fuzzy Hash: 96c54a933ac8831ebaadc7be45bb018b9bce447c64d2529f80820a24308aece2
                            • Instruction Fuzzy Hash: D9D1E4B1A0020A9BDB54DF69C892EFABBB4EF04B18F44462DED16D7680F734D945CB90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 013865A0 Relevance: .4, Instructions: 368COMMONCrypto
                            Download Yara Rule
                            C-Code - Quality: 91%
                            			E013865A0(signed int __ecx, unsigned int __edx, signed int _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				signed int _v8;
				intOrPtr* _v12;
				unsigned int _v16;
				intOrPtr _v20;
				signed int _v24;
				short _v26;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				void* __ebx;
				signed int _t189;
				signed int _t197;
				signed int _t202;
				signed int _t203;
				unsigned int _t205;
				signed int _t206;
				signed int _t223;
				signed int _t224;
				signed int _t226;
				intOrPtr _t227;
				signed int _t229;
				signed int* _t240;
				signed int _t251;
				signed int _t253;
				signed int _t256;
				signed int _t259;
				signed int _t264;
				signed int _t267;
				signed int _t271;
				intOrPtr _t278;
				intOrPtr _t279;
				signed int _t280;
				signed short _t283;
				signed int _t285;
				signed int _t290;
				signed char _t294;
				signed int _t295;
				intOrPtr _t296;
				intOrPtr* _t299;
				signed int _t300;
				signed int _t302;
				signed int _t309;
				signed int _t311;
				signed int _t319;
				void* _t323;
				unsigned int _t325;
				signed int _t330;
				signed int _t333;
				intOrPtr* _t334;
				intOrPtr* _t335;
				intOrPtr _t336;
				intOrPtr _t337;
				signed int _t343;
				signed int _t344;
				unsigned int _t345;
				signed int _t346;
				signed int _t347;
				unsigned int _t348;
				signed int _t358;
				intOrPtr _t359;
				signed int _t361;
				signed int _t363;
				signed int _t367;
				intOrPtr* _t369;
				unsigned int _t371;
				signed int _t372;
				signed int _t376;

				_t325 = __edx;
				_t278 = _a16;
				_t189 =  *(_t278 + 2) & 0x000000ff;
				_t358 = __ecx;
				_t285 =  *(__edx + 0x1b) & 0x000000ff;
				_v16 = __edx;
				_v24 = __ecx;
				_v20 =  *((intOrPtr*)(__edx + 0x10));
				if(_t285 != 0) {
					_v12 =  *((intOrPtr*)(__ecx + 0x5c4 + _t189 * 4)) + 0xffffff98 + _t285 * 0x68;
				} else {
					_v12 =  *((intOrPtr*)(__ecx + 0x3c0 + _t189 * 4));
				}
				_t195 =  *(_t278 + 3) >> 0x00000001 & 0x00000003;
				if(( *(_t278 + 3) >> 0x00000001 & 0x00000003) != 0) {
					_t279 = _a12;
					_t197 = E014156B6(_t358, _t325, _a4, _t195 & 0x000000ff, _a8, _t279, _t278);
					__eflags = _t197;
					if(_t197 == 0) {
						_t325 = _v16;
						goto L4;
					}
				} else {
					_t279 = _a12;
					L4:
					_t290 = _a8 + 8;
					_v40 = _t290;
					_v28 = _t290 >> 0x00000003 & 0x0000ffff;
					 *_a4 = _t325;
					_t202 = _t279 - 0x20;
					if(_t290 == 0x20) {
						_t203 = _t202 >> 5;
					} else {
						_t203 = _t202 / _t290;
					}
					_t280 = 0;
					_v8 = 0;
					_t330 = (_t203 + 0x0000001f >> 0x00000003 & 0x1ffffffc) + 0x00000020 & 0xfffffff8;
					_t205 = _a4 + _t330;
					_v44 = _t330;
					_t333 =  *0x144874c; // 0xb79398c5
					_v32 = _t333;
					if(_t290 + _t205 <= _a12 + _a4) {
						_t376 = _a8 + 8;
						_v36 = _t376 << 0xd;
						_t367 = _t205 - _a4 << 0xd;
						do {
							_t283 = _v8;
							_t319 = _t205 >> 0x00000003 ^  *(_v24 + 0xc) ^ _t367;
							_t367 = _t367 + _v36;
							 *_t205 = _t319 ^ _t333;
							_t280 = _t283 + 1;
							_v8 = _t280;
							 *(_t205 + 4) = (_t283 & 0x0000ffff) << 0x00000008 |  *(_t205 + 4) & 0xff0000ff;
							 *((char*)(_t205 + 7)) = 0x80;
							_t205 = _t205 + _t376;
							_t323 = _t376 + _t205;
							_t376 = _v40;
							_t333 = _v32;
						} while (_t323 <= _a4 + _a12);
						_t358 = _v24;
					}
					_t206 = _a4;
					 *(_t206 + 0x14) = _t280;
					 *((intOrPtr*)(_t206 + 0x18)) = _t206 + 0x1c;
					_t51 = _t280 + 7; // 0x7
					E0139FA60(_t206 + 0x1c, 0, _t51 >> 3);
					_t294 = _t280 & 0x0000001f;
					if(_t294 != 0) {
						 *(_a4 + (_t280 >> 5) * 4 + 0x1c) =  *(_a4 + (_t280 >> 5) * 4 + 0x1c) |  !((1 << _t294) - 1);
					}
					_t334 = _v16;
					_t295 = _a4;
					 *((short*)(_t334 + 0x14)) = _v28;
					 *_t334 = _v12;
					 *(_t334 + 0x18) = _t280;
					 *((char*)(_t334 + 0x1a)) =  *((intOrPtr*)(_a16 + 2));
					 *((short*)(_t334 + 0x16)) = 0;
					 *(_t334 + 4) = _t295;
					 *((intOrPtr*)(_t334 + 8)) = 0;
					 *((intOrPtr*)(_t334 + 0xc)) = 0;
					_t335 = _v12;
					_v26 = _v28 << 3;
					_v28 = _v44;
					 *(_t295 + 0x10) = _v32 ^ _v28 ^ _t358 ^ _t295;
					if( *((intOrPtr*)(_t335 + 0x54)) == 0) {
						_t296 =  *_t335;
						_t223 =  *(_t296 + 0x14);
						__eflags = _t223 - 0x20;
						if(__eflags < 0) {
							_t224 = _t223 + 4;
							__eflags = _t224;
							goto L32;
						}
						goto L29;
					} else {
						 *((short*)(_t335 + 0x60)) =  *((short*)(_t335 + 0x60)) + 1;
						if( *((short*)(_t335 + 0x60)) > 0x1c) {
							_t296 =  *_t335;
							_t271 =  *(_t296 + 0x14);
							__eflags = _t271;
							if(__eflags != 0) {
								_t224 = _t271 + 0xfffffffc;
								L32:
								 *(_t296 + 0x14) = _t224;
							}
							L29:
							 *((short*)(_t335 + 0x60)) = 0;
						}
					}
					_t369 = _t335 + 0x50;
					do {
						_t226 =  *_t369;
						_t359 =  *((intOrPtr*)(_t369 + 4));
						_v40 = _t226;
						_v44 = _t226 + _t280;
						if(_t280 <= 0) {
						}
						_t336 = _t359;
						asm("lock cmpxchg8b [esi]");
						_t280 = _v8;
					} while (_t226 != _v40 || _t336 != _t359);
					_t299 = _v12;
					_t337 =  *[fs:0x18];
					_t227 =  *_t299;
					 *((intOrPtr*)(_t227 + 0x10)) =  *((intOrPtr*)(_t227 + 0x10)) + 1;
					 *((intOrPtr*)(_t299 + 0x58)) =  *((intOrPtr*)(_t227 + 0x10));
					_t229 =  *(_t337 + 0xfaa) & 0x0000ffff;
					_t300 = _t229 + 0x00000001 & 0x000000ff;
					 *(_t337 + 0xfaa) = _t300 + 0x00000001 & 0x000000ff;
					_t302 = _t280;
					_v32 = ( *(_t229 + 0x1446120) & 0x000000ff | ( *(_t300 + 0x1446120) & 0x000000ff) << 0x00000007 & 0x0000ffff) % _t302 << 0x10;
					_t341 = _v16;
					_v32 = _t302;
					_t303 = _v32;
					 *((intOrPtr*)(_v16 + 0x1c)) = 1;
					asm("lock cmpxchg [esi], ecx");
					if(( *0x14484b4 & 0x00000002) == 0) {
						_t394 =  *0x14484b8;
						_t371 =  *( *[fs:0x18] + 0xfaa) & 0xff;
						_v32 = _t371;
						if( *0x14484b8 == 0) {
							_push(0);
							_push(4);
							_push(0x14484b8);
							_push(0x24);
							_push(0xffffffff);
							__eflags = E01399670();
							if(__eflags < 0) {
								_t363 =  *0x7ffe0004;
								_v44 = _t363;
								__eflags = _t363 - 0x1000000;
								if(__eflags < 0) {
									_t280 = 0x7ffe0324;
									while(1) {
										_t311 =  *_t280;
										_t346 =  *0x7ffe0320;
										__eflags = _t311 -  *0x7ffe0328;
										if(_t311 ==  *0x7ffe0328) {
											break;
										}
										asm("pause");
									}
									_t371 = _v32;
									_t264 = _t346;
									_t347 = _t264 * _v44 >> 0x20;
									_t303 = (_t311 << 8) * _v44;
									_t341 = _t347 >> 0x18;
									_t267 = ((_t347 << 0x00000020 | _t264 * _v44) >> 0x18) + (_t311 << 8) * _v44;
									__eflags = _t267;
								} else {
									_t348 =  *0x7ffe0320 * _t363 >> 0x20;
									_t267 = (_t348 << 0x00000020 | 0x7ffe0320 * _t363) >> 0x18;
									_t341 = _t348 >> 0x18;
								}
								 *0x14484b8 = _t267;
							}
						}
						_t251 = E01385720(_t303, _t341, _t394, 0x14484b8);
						_t395 =  *0x14484b8;
						_t361 = _t251;
						_v40 = _t361;
						if( *0x14484b8 == 0) {
							_push(0);
							_push(4);
							_push(0x14484b8);
							_push(0x24);
							_push(0xffffffff);
							__eflags = E01399670();
							if(__eflags < 0) {
								_t280 =  *0x7ffe0004;
								_v44 = _t280;
								__eflags = _t280 - 0x1000000;
								if(__eflags < 0) {
									_t280 = 0x7ffe0320;
									while(1) {
										_t309 =  *0x7ffe0324;
										_t343 =  *_t280;
										__eflags = _t309 -  *0x7ffe0328;
										if(_t309 ==  *0x7ffe0328) {
											break;
										}
										asm("pause");
									}
									_t371 = _v32;
									_t256 = _t343;
									_t344 = _t256 * _v44 >> 0x20;
									_t361 = _v40;
									_t303 = (_t309 << 8) * _v44;
									_t341 = _t344 >> 0x18;
									_t259 = ((_t344 << 0x00000020 | _t256 * _v44) >> 0x18) + (_t309 << 8) * _v44;
									__eflags = _t259;
								} else {
									_t345 =  *0x7ffe0320 * _t280 >> 0x20;
									_t259 = (_t345 << 0x00000020 | 0x7ffe0320 * _t280) >> 0x18;
									_t341 = _t345 >> 0x18;
								}
								 *0x14484b8 = _t259;
							}
							L58:
						}
						_t253 = E01385720(_t303, _t341, _t395, 0x14484b8);
						_t341 = _v16;
						_t372 = _t371 >> 3;
						 *(0x1446120 + _t372 * 8) = _t253 & 0x7f7f7f7f;
						 *(0x1446124 + _t372 * 8) = _t361 & 0x7f7f7f7f;
					}
					_t240 =  *( *[fs:0x30] + 0x50);
					if(_t240 != 0) {
						__eflags =  *_t240;
						if( *_t240 == 0) {
							goto L24;
						} else {
							_t197 =  &(( *( *[fs:0x30] + 0x50))[0x89]);
							goto L25;
						}
						goto L58;
					} else {
						L24:
						_t197 = 0x7ffe0380;
					}
					L25:
					if( *_t197 != 0) {
						_t197 =  *[fs:0x30];
						__eflags =  *(_t197 + 0x240) & 0x00000001;
						if(( *(_t197 + 0x240) & 0x00000001) != 0) {
							return E01411A5F(_t280,  *(_v24 + 0xc),  *((intOrPtr*)(_t341 + 4)),  *(_t341 + 0x14) & 0x0000ffff,  *(_t341 + 0x18) & 0x0000ffff,  *(_t341 + 0x1b) & 0x000000ff);
						}
					}
				}
				return _t197;
				goto L58;
			}








































































                            0x013865a0
                            0x013865a9
                            0x013865b1
                            0x013865b5
                            0x013865b7
                            0x013865bb
                            0x013865be
                            0x013865c1
                            0x013865c6
                            0x013868b5
                            0x013865cc
                            0x013865d3
                            0x013865d3
                            0x013865db
                            0x013865dd
                            0x013c7d05
                            0x013c7d13
                            0x013c7d18
                            0x013c7d1a
                            0x013c7d20
                            0x00000000
                            0x013c7d20
                            0x013865e3
                            0x013865e3
                            0x013865e6
                            0x013865e9
                            0x013865ee
                            0x013865f7
                            0x013865fd
                            0x013865ff
                            0x01386605
                            0x01386889
                            0x0138660b
                            0x0138660d
                            0x0138660d
                            0x01386612
                            0x01386620
                            0x01386626
                            0x01386629
                            0x0138662b
                            0x01386638
                            0x0138663e
                            0x01386641
                            0x0138664b
                            0x01386653
                            0x01386656
                            0x01386660
                            0x0138666b
                            0x0138666e
                            0x01386670
                            0x01386675
                            0x01386686
                            0x01386689
                            0x0138668c
                            0x01386695
                            0x01386699
                            0x0138669b
                            0x0138669e
                            0x013866a3
                            0x013866a3
                            0x013866a8
                            0x013866a8
                            0x013866ab
                            0x013866b1
                            0x013866b4
                            0x013866b7
                            0x013866c1
                            0x013866cb
                            0x013866ce
                            0x013866e5
                            0x013866e5
                            0x013866e8
                            0x013866ee
                            0x013866f1
                            0x013866f8
                            0x013866fd
                            0x01386704
                            0x01386709
                            0x0138670d
                            0x01386710
                            0x01386713
                            0x01386719
                            0x0138671f
                            0x01386726
                            0x01386734
                            0x0138673c
                            0x01386891
                            0x01386893
                            0x01386896
                            0x01386899
                            0x013868bd
                            0x013868bd
                            0x00000000
                            0x013868bd
                            0x00000000
                            0x01386742
                            0x01386742
                            0x0138674b
                            0x013868c5
                            0x013868c7
                            0x013868ca
                            0x013868cc
                            0x013868ce
                            0x013868c0
                            0x013868c0
                            0x013868c0
                            0x0138689b
                            0x0138689d
                            0x0138689d
                            0x0138674b
                            0x01386751
                            0x01386754
                            0x01386754
                            0x01386756
                            0x01386759
                            0x0138675f
                            0x01386764
                            0x01386764
                            0x0138676d
                            0x01386772
                            0x01386776
                            0x01386779
                            0x01386782
                            0x01386785
                            0x0138678c
                            0x0138678e
                            0x01386794
                            0x01386797
                            0x013867a1
                            0x013867aa
                            0x013867ca
                            0x013867d4
                            0x013867d7
                            0x013867da
                            0x013867de
                            0x013867e1
                            0x013867eb
                            0x013867f6
                            0x013867fe
                            0x0138680c
                            0x0138680f
                            0x01386812
                            0x013c7d30
                            0x013c7d32
                            0x013c7d34
                            0x013c7d39
                            0x013c7d3b
                            0x013c7d42
                            0x013c7d44
                            0x013c7d4a
                            0x013c7d50
                            0x013c7d53
                            0x013c7d59
                            0x013c7d6d
                            0x013c7d7c
                            0x013c7d7c
                            0x013c7d7e
                            0x013c7d82
                            0x013c7d84
                            0x00000000
                            0x00000000
                            0x013c7d86
                            0x013c7d86
                            0x013c7d8a
                            0x013c7d8d
                            0x013c7d8f
                            0x013c7d95
                            0x013c7d9d
                            0x013c7da0
                            0x013c7da0
                            0x013c7d5b
                            0x013c7d62
                            0x013c7d64
                            0x013c7d68
                            0x013c7d68
                            0x013c7da2
                            0x013c7da2
                            0x013c7d44
                            0x0138681d
                            0x01386822
                            0x01386829
                            0x0138682b
                            0x0138682e
                            0x013c7dac
                            0x013c7dae
                            0x013c7db0
                            0x013c7db5
                            0x013c7db7
                            0x013c7dbe
                            0x013c7dc0
                            0x013c7dc6
                            0x013c7dcc
                            0x013c7dcf
                            0x013c7dd5
                            0x013c7dee
                            0x013c7df8
                            0x013c7df8
                            0x013c7dfa
                            0x013c7dfe
                            0x013c7e00
                            0x00000000
                            0x00000000
                            0x013c7e02
                            0x013c7e02
                            0x013c7e06
                            0x013c7e09
                            0x013c7e0b
                            0x013c7e0e
                            0x013c7e14
                            0x013c7e1c
                            0x013c7e1f
                            0x013c7e1f
                            0x013c7dd7
                            0x013c7dde
                            0x013c7de0
                            0x013c7de4
                            0x013c7de4
                            0x013c7e21
                            0x013c7e21
                            0x00000000
                            0x013c7dc0
                            0x01386839
                            0x0138683e
                            0x01386850
                            0x01386853
                            0x0138685a
                            0x0138685a
                            0x01386867
                            0x0138686c
                            0x013c7e2b
                            0x013c7e2e
                            0x00000000
                            0x013c7e34
                            0x013c7e3d
                            0x00000000
                            0x013c7e3d
                            0x00000000
                            0x01386872
                            0x01386872
                            0x01386872
                            0x01386872
                            0x01386877
                            0x0138687a
                            0x013c7e47
                            0x013c7e4d
                            0x013c7e54
                            0x00000000
                            0x013c7e75
                            0x013c7e54
                            0x0138687a
                            0x01386886
                            0x00000000

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 61d9140293870c2b95d194a0a5681c3bd8c80ab19908ed951eca50071699cd31
                            • Instruction ID: 955e81b13e7519f04b0d63ccee4ccf7d07144b62ba8bfa8336be131d49e3f866
                            • Opcode Fuzzy Hash: 61d9140293870c2b95d194a0a5681c3bd8c80ab19908ed951eca50071699cd31
                            • Instruction Fuzzy Hash: 99E1A3B5A00209CFDB18CF59C881AA9BBF5FF88314F14816DE959EB395D734E941CBA0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 01374670 Relevance: .4, Instructions: 367COMMON
                            Download Yara Rule
                            C-Code - Quality: 98%
                            			E01374670(signed int __ecx, signed int __edx) {
				intOrPtr _v8;
				char _v13;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				char _v40;
				signed int _v44;
				unsigned int _v48;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t170;
				signed int _t173;
				void* _t174;
				signed int _t175;
				intOrPtr _t176;
				signed int _t179;
				intOrPtr _t182;
				signed int* _t184;
				signed int* _t185;
				signed int _t186;
				signed int _t187;
				signed char _t188;
				signed int _t189;
				intOrPtr* _t190;
				signed char _t192;
				signed int _t193;
				signed int _t204;
				signed int _t206;
				signed char _t207;
				intOrPtr* _t208;
				signed int _t211;
				signed int _t212;
				signed int* _t214;
				signed int _t216;
				signed int* _t217;
				signed char _t222;
				signed int _t224;
				signed int _t226;
				void* _t228;
				signed int _t229;
				signed int _t236;
				intOrPtr _t237;
				signed int _t238;
				signed char _t240;
				unsigned int _t242;
				signed char _t246;
				signed int _t247;
				signed char _t248;
				signed int _t249;
				unsigned int _t251;
				signed int _t252;
				signed int _t258;
				signed int _t263;
				signed int _t265;
				signed int _t268;
				signed int _t270;
				signed int _t271;
				char _t274;
				signed int _t276;
				signed char _t281;
				signed int _t287;
				unsigned int _t290;
				signed int _t293;
				signed int _t296;
				void* _t302;
				void* _t314;

				_t229 = __ecx;
				_t228 = _t302;
				_v8 =  *((intOrPtr*)(_t228 + 4));
				_t296 = __ecx;
				_t285 = __edx;
				_v28 = __edx;
				if( *((intOrPtr*)(__ecx + 8)) == 0xddeeddee) {
					_t265 = E01402E4E( *(_t228 + 8));
					_t170 =  *(__ecx + 0x28);
					_v48 = _t265;
					__eflags = _t170;
					if(_t170 != 0) {
						_t237 =  *[fs:0x18];
						__eflags = _t170 -  *((intOrPtr*)(_t237 + 0x24));
						if(_t170 ==  *((intOrPtr*)(_t237 + 0x24))) {
							_t265 = _t265 | 0x00000001;
							__eflags = _t265;
							_v48 = _t265;
						}
					}
					__eflags =  *0x1445cb8 & 0x00000002;
					if(( *0x1445cb8 & 0x00000002) != 0) {
						__eflags = 0x7eff8 - _t285;
						asm("sbb eax, eax");
						_t173 = 0x20;
						__eflags = 0x7eff8;
					} else {
						_t173 = 0;
					}
					_v44 = _t173;
					_t174 = _t173 + _t285;
					__eflags = _t174 - _t285;
					if(_t174 >= _t285) {
						_t175 = E0141AA16(_t296, _t174, _t265,  *((intOrPtr*)(_t228 + 0xc)));
						_v20 = _t175;
						__eflags = _t175;
						if(_t175 == 0) {
							goto L42;
						}
						__eflags =  *0x1445cb8 & 0x00000002;
						if(( *0x1445cb8 & 0x00000002) != 0) {
							_t236 = _v44;
							 *((intOrPtr*)(_t175 + _t236 - 8)) = _t236;
							_t268 = _t175 + _t236;
							__eflags = _t236 - 8;
							if(_t236 > 8) {
								 *_t175 = _t236;
							}
							_v20 = _t268;
						}
						_t179 = L01377D30(_t296);
						_t287 = _v20;
						__eflags = _t179;
						if(_t179 != 0) {
							E014102F7(_t296, _t287);
						}
						goto L16;
					} else {
						_v20 = 0;
						L42:
						_t286 =  *[fs:0x18];
						 *((intOrPtr*)( *[fs:0x18] + 0xbf4)) = 0xc0000017;
						_t176 = E0135CCC0(0xc0000017);
						__eflags = _v48;
						 *((intOrPtr*)( *[fs:0x18] + 0x34)) = _t176;
						if(__eflags < 0) {
							L44:
							E0140239A(_t228, _v28, _t286, _t296, __eflags);
							L15:
							_t287 = _v20;
							L16:
							return _t287;
						}
						__eflags =  *(_t296 + 0xc);
						if(__eflags >= 0) {
							goto L15;
						}
						goto L44;
					}
				}
				_t270 =  *(_t228 + 8) |  *(__ecx + 0x44);
				_v48 = 0;
				_v24 = _t270;
				_v36 = 0;
				_v40 = 0;
				if(__edx > 0x7fffffff) {
					_v36 = 5;
					L61:
					_v20 = 0;
					L23:
					 *((intOrPtr*)( *[fs:0x18] + 0xbf4)) = 0xc0000017;
					_t182 = E0135CCC0(0xc0000017);
					_t271 = _v24;
					 *((intOrPtr*)( *[fs:0x18] + 0x34)) = _t182;
					_t285 = _v28;
					__eflags = _t271 & 0x00000004;
					if((_t271 & 0x00000004) == 0) {
						L11:
						_t184 =  *( *[fs:0x30] + 0x50);
						if(_t184 != 0) {
							__eflags =  *_t184;
							if( *_t184 == 0) {
								goto L12;
							}
							_t185 =  &(( *( *[fs:0x30] + 0x50))[0x89]);
							L13:
							if( *_t185 != 0) {
								_t186 =  *[fs:0x30];
								__eflags =  *(_t186 + 0x240) & 0x00000001;
								_t238 = _t229 & 0xffffff00 | ( *(_t186 + 0x240) & 0x00000001) != 0x00000000;
								__eflags =  *(_t296 + 0x44) & 0x01000000;
								_t187 = _t186 & 0xffffff00 | ( *(_t296 + 0x44) & 0x01000000) == 0x00000000;
								__eflags = _t187 & _t238;
								if((_t187 & _t238) == 0) {
									goto L14;
								}
								__eflags = _t271 & 0x61000000;
								_t240 = _t238 & 0xffffff00 | __eflags != 0x00000000;
								asm("bt edx, 0x1c");
								_t192 = _t187 & 0xffffff00 | __eflags >= 0x00000000;
								__eflags = _t192 & _t240;
								if((_t192 & _t240) != 0) {
									goto L14;
								}
								__eflags = _v36 - 5;
								if(_v36 == 5) {
									goto L14;
								}
								_t193 = _v20;
								__eflags = _t193;
								if(_t193 == 0) {
									L80:
									E0141131B(_t296, _t193, _t285, _v36);
									_t271 = _v24;
									goto L14;
								}
								_t274 =  *((intOrPtr*)(_t193 - 1));
								_t242 = _t193 - 8;
								_v13 = _t274;
								__eflags = _t274 - 5;
								_t271 = _v24;
								_v44 = _t242;
								if(_t274 == 5) {
									_t276 = _t242 - (( *(_t242 + 6) & 0x000000ff) << 3);
									__eflags = _t276;
									_t193 = _v20;
									_v48 = _t276;
									_t271 = _v24;
								} else {
									_v48 = _t242;
								}
								_t290 = _v48;
								__eflags =  *((char*)(_t290 + 7));
								_t285 = _v28;
								if( *((char*)(_t290 + 7)) < 0) {
									goto L80;
								} else {
									__eflags = _v13 - 5;
									if(_v13 == 5) {
										_t247 = _t242 - (( *(_t242 + 6) & 0x000000ff) << 3);
										__eflags = _t247;
										_v44 = _t247;
									}
									_t246 =  *(_t296 + 0x4c) >> 0x00000011 &  *(_t296 + 0x52) & 0x000000ff ^  *(_v44 + 2) & 0x000000ff;
									__eflags = _t246 & 0x00000008;
									if((_t246 & 0x00000008) != 0) {
										goto L14;
									} else {
										_t193 = _v20;
										goto L80;
									}
								}
							}
							L14:
							_t188 =  *0x1448664; // 0x0
							if((_t188 & 0x00000001) != 0) {
								__eflags = _t188 & 0x00000002;
								if((_t188 & 0x00000002) == 0) {
									goto L15;
								}
								_t189 =  *[fs:0x30];
								__eflags =  *(_t189 + 0x18);
								if( *(_t189 + 0x18) == 0) {
									goto L15;
								}
								_push( *0x144634c);
								_t190 = E0141BD32( *0x1446348);
								__eflags = _t296 -  *_t190;
								if(_t296 ==  *_t190) {
									goto L15;
								}
								_t287 = _v20;
								__eflags = _t287;
								if(_t287 != 0) {
									__eflags = _t271 & 0x10000000;
									if((_t271 & 0x10000000) == 0) {
										E014102F7(_t296, _t287);
									}
								}
								goto L16;
							}
							goto L15;
						}
						L12:
						_t185 = 0x7ffe0380;
						goto L13;
					}
					_t204 = _v48;
					__eflags = _t204;
					if(__eflags == 0) {
						_t204 = _t285;
					}
					_t229 = _t204;
					E0140239A(_t228, _t229, _t285, _t296, __eflags);
					L10:
					_t271 = _v24;
					goto L11;
				}
				_t206 =  *(__ecx + 0x58);
				_v32 = _t206;
				if(_t206 != 0) {
					__eflags = _t270 & 0x3c000102;
					_t248 = __ecx & 0xffffff00 | __eflags == 0x00000000;
					asm("bt dword [esi+0x44], 0x18");
					_t207 = _t206 & 0xffffff00 | __eflags >= 0x00000000;
					__eflags = _t207 & _t248;
					if((_t207 & _t248) == 0) {
						_v32 = 0;
						goto L3;
					}
					_t229 = _v32;
					_t226 = E013FCB1E(_t229, __ecx, 0, 1,  &_v40);
					__eflags = _t226;
					if(_t226 < 0) {
						goto L61;
					}
					_t270 = _v24;
					_t263 = _v40 + 0x00000007 & 0xfffffff8;
					_t285 = __edx + 8 + _t263;
					_v28 = _t285;
					_t101 = _t263 + 8; // 0x1
					_v40 = _t101;
				}
				L3:
				if(_t285 == 0) {
					_t249 = 1;
				} else {
					_t249 = _t285;
				}
				_t251 = _t249 + 0x0000000f & 0xfffffff8;
				_v48 = _t251;
				_t252 = _t251 >> 3;
				_v44 = _t252;
				if((_t270 & 0x7d810f61) != 0) {
					L29:
					_t208 = 0;
					goto L22;
				} else {
					_t314 = _t285 -  *0x1445cb4; // 0x4000
					if(_t314 > 0) {
						L18:
						_t214 =  *(_t296 + 0xb4);
						_v44 = _t214;
						__eflags = _t252 - _t214[1];
						if(_t252 >= _t214[1]) {
							while(1) {
								_t293 =  *_t214;
								__eflags = _t293;
								_v20 = _t293;
								_t285 = _v28;
								if(_t293 == 0) {
									_t252 = _t214[1] - 1;
									goto L19;
								}
								_t214 = _v20;
								_v44 = _t214;
								__eflags = _t252 - _t214[1];
								if(_t252 < _t214[1]) {
									goto L19;
								} else {
									continue;
								}
							}
						}
						L19:
						_t216 = _t214[1] - 1;
						_v20 = _t216;
						__eflags = _t252 - _t216;
						_t217 = _v44;
						if(_t252 >= _t216) {
							__eflags =  *_t217;
							if( *_t217 != 0) {
								__eflags = _t252 - _v20;
								if(_t252 == _v20) {
									goto L20;
								}
							}
							goto L29;
						}
						L20:
						_t258 = _t252 - _t217[5];
						__eflags = _t217[2];
						if(_t217[2] != 0) {
							_t258 = _t258 + _t258;
						}
						_t208 = _t217[8] + _t258 * 4;
						L22:
						_t229 = _t296;
						_t278 = E01375600(_t229, _t270 | 0x00000002, _t285, _v48, _t208,  &_v36);
						_v20 = _t278;
						__eflags = _t278;
						if(_t278 != 0) {
							L9:
							if(_v32 != 0) {
								_v28 = _v28 - _v40;
								_t211 = E01401EB6(_t296, _v24, _t278, _v28 - _v40, _v40, _v32);
								_t229 = _v32;
								_v20 = _t211;
								_t212 = E013FCB1E(_t229, _t296, _t211, 2, _t278);
								__eflags = _t212;
								if(_t212 >= 0) {
									_t285 = _v28;
									goto L10;
								}
								L013777F0(_t296, 0, _v20);
								goto L61;
							}
							goto L10;
						}
						goto L23;
					}
					_t281 =  *((intOrPtr*)((_t252 >> 3) + _t296 + 0xe2));
					_t222 = 1 << (_t252 & 7);
					_t252 = _v44;
					if((_t281 & _t222) == 0) {
						L17:
						_t270 = _v24;
						goto L18;
					}
					_v36 = 2;
					_t229 =  *(_t296 + 0xd4);
					_t224 = E01374880(_t229,  *((intOrPtr*)( *((intOrPtr*)(_t296 + 0xdc)) + _t252 * 2)), _t285, _v24);
					_t278 = _t224;
					_v20 = _t224;
					if(_t224 == 0) {
						_t252 = _v44;
						goto L17;
					}
					goto L9;
				}
			}








































































                            0x01374670
                            0x01374673
                            0x01374682
                            0x0137468c
                            0x0137468f
                            0x01374691
                            0x0137469b
                            0x013be2f1
                            0x013be2f3
                            0x013be2f6
                            0x013be2f9
                            0x013be2fb
                            0x013be2fd
                            0x013be304
                            0x013be307
                            0x013be309
                            0x013be309
                            0x013be30c
                            0x013be30c
                            0x013be307
                            0x013be30f
                            0x013be316
                            0x013be321
                            0x013be323
                            0x013be328
                            0x013be328
                            0x013be318
                            0x013be318
                            0x013be318
                            0x013be32b
                            0x013be32e
                            0x013be330
                            0x013be332
                            0x013be385
                            0x013be38a
                            0x013be38d
                            0x013be38f
                            0x00000000
                            0x00000000
                            0x013be391
                            0x013be398
                            0x013be39a
                            0x013be39d
                            0x013be3a1
                            0x013be3a4
                            0x013be3a7
                            0x013be3a9
                            0x013be3a9
                            0x013be3ab
                            0x013be3ab
                            0x013be3b0
                            0x013be3b5
                            0x013be3b8
                            0x013be3ba
                            0x013be3c4
                            0x013be3c4
                            0x00000000
                            0x013be334
                            0x013be334
                            0x013be33b
                            0x013be342
                            0x013be34e
                            0x013be358
                            0x013be35d
                            0x013be361
                            0x013be364
                            0x013be370
                            0x013be373
                            0x01374790
                            0x01374790
                            0x01374793
                            0x0137479d
                            0x0137479d
                            0x013be366
                            0x013be36a
                            0x00000000
                            0x00000000
                            0x00000000
                            0x013be36a
                            0x013be332
                            0x013746a4
                            0x013746a7
                            0x013746ae
                            0x013746b1
                            0x013746b8
                            0x013746c5
                            0x013be3ce
                            0x013be47d
                            0x013be47d
                            0x013747f6
                            0x01374808
                            0x01374812
                            0x01374817
                            0x0137481a
                            0x0137481d
                            0x01374820
                            0x01374823
                            0x01374764
                            0x0137476a
                            0x0137476f
                            0x013be4a6
                            0x013be4a9
                            0x00000000
                            0x00000000
                            0x013be4b8
                            0x0137477a
                            0x0137477d
                            0x013be4c2
                            0x013be4c8
                            0x013be4cf
                            0x013be4d2
                            0x013be4d9
                            0x013be4dc
                            0x013be4de
                            0x00000000
                            0x00000000
                            0x013be4e4
                            0x013be4ea
                            0x013be4ed
                            0x013be4f1
                            0x013be4f4
                            0x013be4f6
                            0x00000000
                            0x00000000
                            0x013be4fc
                            0x013be500
                            0x00000000
                            0x00000000
                            0x013be506
                            0x013be509
                            0x013be50b
                            0x013be579
                            0x013be581
                            0x013be586
                            0x00000000
                            0x013be586
                            0x013be50d
                            0x013be510
                            0x013be513
                            0x013be516
                            0x013be519
                            0x013be51c
                            0x013be51f
                            0x013be52f
                            0x013be52f
                            0x013be531
                            0x013be534
                            0x013be537
                            0x013be521
                            0x013be521
                            0x013be521
                            0x013be53a
                            0x013be53d
                            0x013be541
                            0x013be544
                            0x00000000
                            0x013be546
                            0x013be546
                            0x013be54a
                            0x013be553
                            0x013be553
                            0x013be555
                            0x013be555
                            0x013be56b
                            0x013be56d
                            0x013be570
                            0x00000000
                            0x013be576
                            0x013be576
                            0x00000000
                            0x013be576
                            0x013be570
                            0x013be544
                            0x01374783
                            0x01374783
                            0x0137478a
                            0x013be58e
                            0x013be590
                            0x00000000
                            0x00000000
                            0x013be596
                            0x013be59c
                            0x013be5a0
                            0x00000000
                            0x00000000
                            0x013be5a6
                            0x013be5b2
                            0x013be5b7
                            0x013be5b9
                            0x00000000
                            0x00000000
                            0x013be5bf
                            0x013be5c2
                            0x013be5c4
                            0x013be5ca
                            0x013be5d0
                            0x013be5da
                            0x013be5da
                            0x013be5d0
                            0x00000000
                            0x013be5c4
                            0x00000000
                            0x0137478a
                            0x01374775
                            0x01374775
                            0x00000000
                            0x01374775
                            0x013be489
                            0x013be48c
                            0x013be48e
                            0x013be490
                            0x013be490
                            0x013be492
                            0x013be494
                            0x01374761
                            0x01374761
                            0x00000000
                            0x01374761
                            0x013746cb
                            0x013746ce
                            0x013746d3
                            0x013be3da
                            0x013be3e0
                            0x013be3e3
                            0x013be3e8
                            0x013be3eb
                            0x013be3ed
                            0x013be424
                            0x00000000
                            0x013be424
                            0x013be3ef
                            0x013be3fc
                            0x013be401
                            0x013be403
                            0x00000000
                            0x00000000
                            0x013be40b
                            0x013be411
                            0x013be414
                            0x013be416
                            0x013be419
                            0x013be41c
                            0x013be41c
                            0x013746d9
                            0x013746db
                            0x01374862
                            0x013746e1
                            0x013746e1
                            0x013746e1
                            0x013746e6
                            0x013746e9
                            0x013746ec
                            0x013746ef
                            0x013746f8
                            0x01374852
                            0x01374852
                            0x00000000
                            0x013746fe
                            0x013746fe
                            0x01374704
                            0x013747a3
                            0x013747a3
                            0x013747a9
                            0x013747ac
                            0x013747af
                            0x01374830
                            0x01374830
                            0x01374832
                            0x01374834
                            0x01374837
                            0x0137483a
                            0x0137485c
                            0x0137485d
                            0x0137485d
                            0x0137483c
                            0x0137483f
                            0x01374842
                            0x01374845
                            0x00000000
                            0x0137484b
                            0x00000000
                            0x0137484b
                            0x01374845
                            0x01374830
                            0x013747b1
                            0x013747b4
                            0x013747b5
                            0x013747b8
                            0x013747ba
                            0x013747bd
                            0x0137484d
                            0x01374850
                            0x0137486c
                            0x0137486f
                            0x00000000
                            0x00000000
                            0x01374875
                            0x00000000
                            0x01374850
                            0x013747c3
                            0x013747c3
                            0x013747c6
                            0x013747ca
                            0x013be438
                            0x013be438
                            0x013747d3
                            0x013747d6
                            0x013747e1
                            0x013747e9
                            0x013747eb
                            0x013747ee
                            0x013747f0
                            0x01374757
                            0x0137475b
                            0x013be44e
                            0x013be457
                            0x013be45c
                            0x013be465
                            0x013be468
                            0x013be46d
                            0x013be46f
                            0x013be49e
                            0x00000000
                            0x013be49e
                            0x013be478
                            0x00000000
                            0x013be478
                            0x00000000
                            0x0137475b
                            0x00000000
                            0x013747f0
                            0x01374715
                            0x01374721
                            0x01374723
                            0x01374728
                            0x013747a0
                            0x013747a0
                            0x00000000
                            0x013747a0
                            0x01374733
                            0x0137473f
                            0x01374745
                            0x0137474a
                            0x0137474c
                            0x01374751
                            0x013be430
                            0x00000000
                            0x013be430
                            0x00000000
                            0x01374751

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 363d2c11d0582d55400cee5f08109170372bb169dac994a2bf16d6ea1f82b885
                            • Instruction ID: a9348bf929ee78cb1fd9d6bd2865020d6352d9ebfb7cbaa4809f437fe9ad2863
                            • Opcode Fuzzy Hash: 363d2c11d0582d55400cee5f08109170372bb169dac994a2bf16d6ea1f82b885
                            • Instruction Fuzzy Hash: 49E1CC74A00289DFDB25CF5CC884BEEBBF6EF85308F148069D515AB651E739E941CB50
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0137B236 Relevance: .3, Instructions: 305COMMONCrypto
                            Download Yara Rule
                            C-Code - Quality: 86%
                            			E0137B236(signed int __ecx, intOrPtr __edx) {
				unsigned int _v8;
				signed int _v12;
				unsigned int _v16;
				char _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				unsigned int _t94;
				signed int _t96;
				intOrPtr _t97;
				unsigned int _t101;
				char _t103;
				signed int _t114;
				signed int _t115;
				signed char* _t118;
				intOrPtr _t119;
				signed int _t120;
				signed char* _t123;
				signed int _t129;
				char* _t132;
				unsigned int _t147;
				signed int _t157;
				unsigned int _t158;
				signed int _t159;
				signed int _t165;
				signed int _t168;
				signed char _t175;
				signed char _t185;
				unsigned int _t197;
				unsigned int _t206;
				unsigned int* _t214;
				signed int _t218;

				_t156 = __edx;
				_v24 = __edx;
				_t218 = __ecx;
				_t3 = _t156 + 0xfff; // 0xfff
				_t210 = 0;
				_v16 = _t3 & 0xfffff000;
				if(E0137B477(__ecx,  &_v16) == 0) {
					__eflags =  *(__ecx + 0x40) & 0x00000002;
					if(( *(__ecx + 0x40) & 0x00000002) == 0) {
						L32:
						__eflags =  *(_t218 + 0x40) & 0x00000080;
						if(( *(_t218 + 0x40) & 0x00000080) != 0) {
							_t210 = E013FCB4F(_t218);
							__eflags = _t210;
							if(_t210 == 0) {
								goto L33;
							}
							__eflags = ( *_t210 & 0x0000ffff) - _t156;
							if(( *_t210 & 0x0000ffff) < _t156) {
								goto L33;
							}
							_t157 = _t210;
							goto L3;
						}
						L33:
						_t157 = 0;
						__eflags = _t210;
						if(_t210 != 0) {
							__eflags =  *(_t218 + 0x4c);
							if( *(_t218 + 0x4c) != 0) {
								 *(_t210 + 3) =  *(_t210 + 2) ^  *(_t210 + 1) ^  *_t210;
								 *_t210 =  *_t210 ^  *(_t218 + 0x50);
							}
						}
						goto L3;
					}
					_v12 = _v12 & 0;
					_t158 = __edx + 0x2000;
					_t94 =  *((intOrPtr*)(__ecx + 0x64));
					__eflags = _t158 - _t94;
					if(_t158 > _t94) {
						_t94 = _t158;
					}
					__eflags =  *((char*)(_t218 + 0xda)) - 2;
					if( *((char*)(_t218 + 0xda)) != 2) {
						_t165 = 0;
					} else {
						_t165 =  *(_t218 + 0xd4);
					}
					__eflags = _t165;
					if(_t165 == 0) {
						__eflags = _t94 - 0x3f4000;
						if(_t94 >= 0x3f4000) {
							 *(_t218 + 0x48) =  *(_t218 + 0x48) | 0x20000000;
						}
					}
					_t96 = _t94 + 0x0000ffff & 0xffff0000;
					_v8 = _t96;
					__eflags = _t96 - 0xfd0000;
					if(_t96 >= 0xfd0000) {
						_v8 = 0xfd0000;
					}
					_t97 = E01380678(_t218, 1);
					_push(_t97);
					_push(0x2000);
					_v28 = _t97;
					_push( &_v8);
					_push(0);
					_push( &_v12);
					_push(0xffffffff);
					_t168 = E01399660();
					__eflags = _t168;
					if(_t168 < 0) {
						while(1) {
							_t101 = _v8;
							__eflags = _t101 - _t158;
							if(_t101 == _t158) {
								break;
							}
							_t147 = _t101 >> 1;
							_v8 = _t147;
							__eflags = _t147 - _t158;
							if(_t147 < _t158) {
								_v8 = _t158;
							}
							_push(_v28);
							_push(0x2000);
							_push( &_v8);
							_push(0);
							_push( &_v12);
							_push(0xffffffff);
							_t168 = E01399660();
							__eflags = _t168;
							if(_t168 < 0) {
								continue;
							} else {
								_t101 = _v8;
								break;
							}
						}
						__eflags = _t168;
						if(_t168 >= 0) {
							goto L12;
						}
						 *((intOrPtr*)(_t218 + 0x214)) =  *((intOrPtr*)(_t218 + 0x214)) + 1;
						goto L60;
					} else {
						_t101 = _v8;
						L12:
						 *((intOrPtr*)(_t218 + 0x64)) =  *((intOrPtr*)(_t218 + 0x64)) + _t101;
						_t103 = _v24 + 0x1000;
						__eflags = _t103 -  *((intOrPtr*)(_t218 + 0x68));
						if(_t103 <=  *((intOrPtr*)(_t218 + 0x68))) {
							_t103 =  *((intOrPtr*)(_t218 + 0x68));
						}
						_push(_v28);
						_v20 = _t103;
						_push(0x1000);
						_push( &_v20);
						_push(0);
						_push( &_v12);
						_push(0xffffffff);
						_t159 = E01399660();
						__eflags = _t159;
						if(_t159 < 0) {
							L59:
							E0138174B( &_v12,  &_v8, 0x8000);
							L60:
							_t156 = _v24;
							goto L32;
						} else {
							_t114 = E0138138B(_t218, _v12, 0x40, _t168, 2, _v12, _v20 + _v12, _v8 + 0xfffff000 + _t192);
							__eflags = _t114;
							if(_t114 == 0) {
								_t159 = 0xc0000017;
							}
							__eflags = _t159;
							if(_t159 < 0) {
								goto L59;
							} else {
								_t115 = E01377D50();
								_t212 = 0x7ffe0380;
								__eflags = _t115;
								if(_t115 != 0) {
									_t118 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
								} else {
									_t118 = 0x7ffe0380;
								}
								__eflags =  *_t118;
								if( *_t118 != 0) {
									_t119 =  *[fs:0x30];
									__eflags =  *(_t119 + 0x240) & 0x00000001;
									if(( *(_t119 + 0x240) & 0x00000001) != 0) {
										E0141138A(0x226, _t218, _v12, _v20, 4);
										__eflags = E01377D50();
										if(__eflags != 0) {
											_t212 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
											__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
										}
										E01411582(0x226, _t218,  *(_v12 + 0x24), __eflags, _v20,  *(_t218 + 0x74) << 3,  *_t212 & 0x000000ff);
									}
								}
								_t120 = E01377D50();
								_t213 = 0x7ffe038a;
								__eflags = _t120;
								if(_t120 != 0) {
									_t123 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
								} else {
									_t123 = 0x7ffe038a;
								}
								__eflags =  *_t123;
								if( *_t123 != 0) {
									__eflags = E01377D50();
									if(__eflags != 0) {
										_t213 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
										__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
									}
									E01411582(0x230, _t218,  *(_v12 + 0x24), __eflags, _v20,  *(_t218 + 0x74) << 3,  *_t213 & 0x000000ff);
								}
								_t129 = E01377D50();
								__eflags = _t129;
								if(_t129 != 0) {
									_t132 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
								} else {
									_t132 = 0x7ffe0388;
								}
								__eflags =  *_t132;
								if( *_t132 != 0) {
									E0140FEC0(0x230, _t218, _v12, _v8);
								}
								__eflags =  *(_t218 + 0x4c);
								_t214 =  *(_v12 + 0x24);
								if( *(_t218 + 0x4c) != 0) {
									_t197 =  *(_t218 + 0x50) ^  *_t214;
									 *_t214 = _t197;
									_t175 = _t197 >> 0x00000010 ^ _t197 >> 0x00000008 ^ _t197;
									__eflags = _t197 >> 0x18 - _t175;
									if(__eflags != 0) {
										_push(_t175);
										E0140FA2B(0x230, _t218, _t214, _t214, _t218, __eflags);
									}
								}
								_t157 =  *(_v12 + 0x24);
								goto L3;
							}
						}
					}
				} else {
					_v16 = _v16 >> 3;
					_t157 = E013799BF(__ecx, _t87,  &_v16, 0);
					E0137A830(__ecx, _t157, _v16);
					if( *(_t218 + 0x4c) != 0) {
						_t206 =  *(_t218 + 0x50) ^  *_t157;
						 *_t157 = _t206;
						_t185 = _t206 >> 0x00000010 ^ _t206 >> 0x00000008 ^ _t206;
						if(_t206 >> 0x18 != _t185) {
							_push(_t185);
							E0140FA2B(_t157, _t218, _t157, 0, _t218, __eflags);
						}
					}
					L3:
					return _t157;
				}
			}






































                            0x0137b23f
                            0x0137b246
                            0x0137b249
                            0x0137b24b
                            0x0137b251
                            0x0137b258
                            0x0137b262
                            0x0137b2b2
                            0x0137b2b6
                            0x0137b456
                            0x0137b456
                            0x0137b45a
                            0x013c2912
                            0x013c2914
                            0x013c2916
                            0x00000000
                            0x00000000
                            0x013c291f
                            0x013c2921
                            0x00000000
                            0x00000000
                            0x013c2927
                            0x00000000
                            0x013c2927
                            0x0137b460
                            0x0137b460
                            0x0137b462
                            0x0137b464
                            0x013c292e
                            0x013c2931
                            0x013c293f
                            0x013c2945
                            0x013c2945
                            0x013c2931
                            0x00000000
                            0x0137b464
                            0x0137b2bc
                            0x0137b2bf
                            0x0137b2c5
                            0x0137b2c8
                            0x0137b2ca
                            0x013c27af
                            0x013c27af
                            0x0137b2d0
                            0x0137b2d7
                            0x0137b437
                            0x0137b2dd
                            0x0137b2dd
                            0x0137b2dd
                            0x0137b2e3
                            0x0137b2e5
                            0x0137b43e
                            0x0137b443
                            0x013c27b6
                            0x013c27b6
                            0x0137b443
                            0x0137b2f5
                            0x0137b2fa
                            0x0137b2fd
                            0x0137b2ff
                            0x0137b46f
                            0x0137b46f
                            0x0137b30a
                            0x0137b30f
                            0x0137b310
                            0x0137b315
                            0x0137b31b
                            0x0137b31c
                            0x0137b321
                            0x0137b322
                            0x0137b329
                            0x0137b32b
                            0x0137b32d
                            0x013c27c2
                            0x013c27c2
                            0x013c27c5
                            0x013c27c7
                            0x00000000
                            0x00000000
                            0x013c27c9
                            0x013c27cb
                            0x013c27ce
                            0x013c27d0
                            0x013c27d2
                            0x013c27d2
                            0x013c27d5
                            0x013c27db
                            0x013c27e0
                            0x013c27e1
                            0x013c27e6
                            0x013c27e7
                            0x013c27ee
                            0x013c27f0
                            0x013c27f2
                            0x00000000
                            0x013c27f4
                            0x013c27f4
                            0x00000000
                            0x013c27f4
                            0x013c27f2
                            0x013c27f7
                            0x013c27f9
                            0x00000000
                            0x00000000
                            0x013c27ff
                            0x00000000
                            0x0137b333
                            0x0137b333
                            0x0137b336
                            0x0137b336
                            0x0137b33c
                            0x0137b341
                            0x0137b344
                            0x0137b44e
                            0x0137b44e
                            0x0137b34a
                            0x0137b34d
                            0x0137b353
                            0x0137b358
                            0x0137b359
                            0x0137b35e
                            0x0137b35f
                            0x0137b366
                            0x0137b368
                            0x0137b36a
                            0x013c28f2
                            0x013c28fe
                            0x013c2903
                            0x013c2903
                            0x00000000
                            0x0137b370
                            0x0137b38c
                            0x0137b391
                            0x0137b393
                            0x013c280a
                            0x013c280a
                            0x0137b399
                            0x0137b39b
                            0x00000000
                            0x0137b3a1
                            0x0137b3a1
                            0x0137b3a6
                            0x0137b3b0
                            0x0137b3b2
                            0x013c281d
                            0x0137b3b8
                            0x0137b3b8
                            0x0137b3b8
                            0x0137b3ba
                            0x0137b3bd
                            0x013c2824
                            0x013c282a
                            0x013c2831
                            0x013c2841
                            0x013c284b
                            0x013c284d
                            0x013c2858
                            0x013c2858
                            0x013c2858
                            0x013c2870
                            0x013c2870
                            0x013c2831
                            0x0137b3c3
                            0x0137b3c8
                            0x0137b3d2
                            0x0137b3d4
                            0x013c2883
                            0x0137b3da
                            0x0137b3da
                            0x0137b3da
                            0x0137b3dc
                            0x0137b3df
                            0x013c288f
                            0x013c2891
                            0x013c289c
                            0x013c289c
                            0x013c289c
                            0x013c28b4
                            0x013c28b4
                            0x0137b3e5
                            0x0137b3ea
                            0x0137b3ec
                            0x013c28c7
                            0x0137b3f2
                            0x0137b3f2
                            0x0137b3f2
                            0x0137b3f7
                            0x0137b3fa
                            0x013c28d9
                            0x013c28d9
                            0x0137b400
                            0x0137b407
                            0x0137b40a
                            0x0137b40f
                            0x0137b413
                            0x0137b41f
                            0x0137b424
                            0x0137b426
                            0x013c28e3
                            0x013c28e8
                            0x013c28e8
                            0x0137b426
                            0x0137b42f
                            0x00000000
                            0x0137b42f
                            0x0137b39b
                            0x0137b36a
                            0x0137b264
                            0x0137b264
                            0x0137b279
                            0x0137b27f
                            0x0137b287
                            0x0137b28c
                            0x0137b290
                            0x0137b29c
                            0x0137b2a3
                            0x013c27a0
                            0x013c27a5
                            0x013c27a5
                            0x0137b2a3
                            0x0137b2a9
                            0x0137b2b1
                            0x0137b2b1

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: ea1f64df11345c03254a0bdf0ea8c13923360817a481ea98dccb31031b519ceb
                            • Instruction ID: 9d8ad5d06e5e4aff215f1ec40e4ef856efdea4164e7773d9bbe7a80c4d365962
                            • Opcode Fuzzy Hash: ea1f64df11345c03254a0bdf0ea8c13923360817a481ea98dccb31031b519ceb
                            • Instruction Fuzzy Hash: B5B1E331B0060A9FEB25DBA9C890B7FBBF9AF48608F140169E652D7785D738DD41CB90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0136849B Relevance: .3, Instructions: 290COMMON
                            Download Yara Rule
                            C-Code - Quality: 92%
                            			E0136849B(signed int __ebx, intOrPtr __ecx, signed int __edi, signed int __esi, void* __eflags) {
				void* _t136;
				signed int _t139;
				signed int _t141;
				signed int _t145;
				intOrPtr _t146;
				signed int _t149;
				signed int _t150;
				signed int _t161;
				signed int _t163;
				signed int _t165;
				signed int _t169;
				signed int _t171;
				signed int _t194;
				signed int _t200;
				void* _t201;
				signed int _t204;
				signed int _t206;
				signed int _t210;
				signed int _t214;
				signed int _t215;
				signed int _t218;
				void* _t221;
				signed int _t224;
				signed int _t226;
				intOrPtr _t228;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				void* _t237;
				void* _t238;

				_t236 = __esi;
				_t235 = __edi;
				_t193 = __ebx;
				_push(0x70);
				_push(0x142f9c0);
				E013AD0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t237 - 0x5c)) = __ecx;
				if( *0x1447b04 == 0) {
					L4:
					goto L5;
				} else {
					_t136 = E0136CEE4( *((intOrPtr*)(__ecx + 0x18)), 1, 9, _t237 - 0x58, _t237 - 0x54);
					_t236 = 0;
					if(_t136 < 0) {
						 *((intOrPtr*)(_t237 - 0x54)) = 0;
					}
					if( *((intOrPtr*)(_t237 - 0x54)) != 0) {
						_t193 =  *( *[fs:0x30] + 0x18);
						 *(_t237 - 0x48) =  *( *[fs:0x30] + 0x18);
						 *(_t237 - 0x68) = _t236;
						 *(_t237 - 0x6c) = _t236;
						_t235 = _t236;
						 *(_t237 - 0x60) = _t236;
						E01372280( *[fs:0x30], 0x1448550);
						_t139 =  *0x1447b04; // 0x1
						__eflags = _t139 - 1;
						if(__eflags != 0) {
							_t200 = 0xc;
							_t201 = _t237 - 0x40;
							_t141 = E0138F3D5(_t201, _t139 * _t200, _t139 * _t200 >> 0x20);
							 *(_t237 - 0x44) = _t141;
							__eflags = _t141;
							if(_t141 < 0) {
								L50:
								E0136FFB0(_t193, _t235, 0x1448550);
								L5:
								return E013AD130(_t193, _t235, _t236);
							}
							_push(_t201);
							_t221 = 0x10;
							_t202 =  *(_t237 - 0x40);
							_t145 = E01351C45( *(_t237 - 0x40), _t221);
							 *(_t237 - 0x44) = _t145;
							__eflags = _t145;
							if(_t145 < 0) {
								goto L50;
							}
							_t146 =  *0x1447b9c; // 0x0
							_t235 = E01374620(_t202, _t193, _t146 + 0xc0000,  *(_t237 - 0x40));
							 *(_t237 - 0x60) = _t235;
							__eflags = _t235;
							if(_t235 == 0) {
								_t149 = 0xc0000017;
								 *(_t237 - 0x44) = 0xc0000017;
							} else {
								_t149 =  *(_t237 - 0x44);
							}
							__eflags = _t149;
							if(__eflags >= 0) {
								L8:
								 *(_t237 - 0x64) = _t235;
								_t150 =  *0x1447b10; // 0x0
								 *(_t237 - 0x4c) = _t150;
								_push(_t237 - 0x74);
								_push(_t237 - 0x39);
								_push(_t237 - 0x58);
								_t193 = E0138A61C(_t193,  *((intOrPtr*)(_t237 - 0x54)),  *((intOrPtr*)(_t237 - 0x5c)), _t235, _t236, __eflags);
								 *(_t237 - 0x44) = _t193;
								__eflags = _t193;
								if(_t193 < 0) {
									L30:
									E0136FFB0(_t193, _t235, 0x1448550);
									__eflags = _t235 - _t237 - 0x38;
									if(_t235 != _t237 - 0x38) {
										_t235 =  *(_t237 - 0x48);
										L013777F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x48));
									} else {
										_t235 =  *(_t237 - 0x48);
									}
									__eflags =  *(_t237 - 0x6c);
									if( *(_t237 - 0x6c) != 0) {
										L013777F0(_t235, _t236,  *(_t237 - 0x6c));
									}
									__eflags = _t193;
									if(_t193 >= 0) {
										goto L4;
									} else {
										goto L5;
									}
								}
								_t204 =  *0x1447b04; // 0x1
								 *(_t235 + 8) = _t204;
								__eflags =  *((char*)(_t237 - 0x39));
								if( *((char*)(_t237 - 0x39)) != 0) {
									 *(_t235 + 4) = 1;
									 *(_t235 + 0xc) =  *(_t237 - 0x4c);
									_t161 =  *0x1447b10; // 0x0
									 *(_t237 - 0x4c) = _t161;
								} else {
									 *(_t235 + 4) = _t236;
									 *(_t235 + 0xc) =  *(_t237 - 0x58);
								}
								 *((intOrPtr*)(_t237 - 0x54)) = E013937C5( *((intOrPtr*)(_t237 - 0x74)), _t237 - 0x70);
								_t224 = _t236;
								 *(_t237 - 0x40) = _t236;
								 *(_t237 - 0x50) = _t236;
								while(1) {
									_t163 =  *(_t235 + 8);
									__eflags = _t224 - _t163;
									if(_t224 >= _t163) {
										break;
									}
									_t228 =  *0x1447b9c; // 0x0
									_t214 = E01374620( *((intOrPtr*)(_t237 - 0x54)) + 1,  *(_t237 - 0x48), _t228 + 0xc0000,  *(_t237 - 0x70) +  *((intOrPtr*)(_t237 - 0x54)) + 1);
									 *(_t237 - 0x78) = _t214;
									__eflags = _t214;
									if(_t214 == 0) {
										L52:
										_t193 = 0xc0000017;
										L19:
										 *(_t237 - 0x44) = _t193;
										L20:
										_t206 =  *(_t237 - 0x40);
										__eflags = _t206;
										if(_t206 == 0) {
											L26:
											__eflags = _t193;
											if(_t193 < 0) {
												E013937F5( *((intOrPtr*)(_t237 - 0x5c)), _t237 - 0x6c);
												__eflags =  *((char*)(_t237 - 0x39));
												if( *((char*)(_t237 - 0x39)) != 0) {
													 *0x1447b10 =  *0x1447b10 - 8;
												}
											} else {
												_t169 =  *(_t237 - 0x68);
												__eflags = _t169;
												if(_t169 != 0) {
													 *0x1447b04 =  *0x1447b04 - _t169;
												}
											}
											__eflags = _t193;
											if(_t193 >= 0) {
												 *((short*)( *((intOrPtr*)(_t237 - 0x5c)) + 0x3a)) = 0xffff;
											}
											goto L30;
										}
										_t226 = _t206 * 0xc;
										__eflags = _t226;
										_t194 =  *(_t237 - 0x48);
										do {
											 *(_t237 - 0x40) = _t206 - 1;
											_t226 = _t226 - 0xc;
											 *(_t237 - 0x4c) = _t226;
											__eflags =  *(_t235 + _t226 + 0x10) & 0x00000002;
											if(( *(_t235 + _t226 + 0x10) & 0x00000002) == 0) {
												__eflags =  *(_t235 + _t226 + 0x10) & 0x00000001;
												if(( *(_t235 + _t226 + 0x10) & 0x00000001) == 0) {
													 *(_t237 - 0x68) =  *(_t237 - 0x68) + 1;
													_t210 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
													__eflags =  *((char*)(_t237 - 0x39));
													if( *((char*)(_t237 - 0x39)) == 0) {
														_t171 = _t210;
													} else {
														 *(_t237 - 0x50) =  *(_t210 +  *(_t237 - 0x58) * 4);
														L013777F0(_t194, _t236, _t210 - 8);
														_t171 =  *(_t237 - 0x50);
													}
													L48:
													L013777F0(_t194, _t236,  *((intOrPtr*)(_t171 - 4)));
													L46:
													_t206 =  *(_t237 - 0x40);
													_t226 =  *(_t237 - 0x4c);
													goto L24;
												}
												 *0x1447b08 =  *0x1447b08 + 1;
												goto L24;
											}
											_t171 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
											__eflags = _t171;
											if(_t171 != 0) {
												__eflags =  *((char*)(_t237 - 0x39));
												if( *((char*)(_t237 - 0x39)) == 0) {
													goto L48;
												}
												E013957C2(_t171,  *((intOrPtr*)(_t235 + _t226 + 0x18)));
												goto L46;
											}
											L24:
											__eflags = _t206;
										} while (_t206 != 0);
										_t193 =  *(_t237 - 0x44);
										goto L26;
									}
									_t232 =  *(_t237 - 0x70) + 0x00000001 + _t214 &  !( *(_t237 - 0x70));
									 *(_t237 - 0x7c) = _t232;
									 *(_t232 - 4) = _t214;
									 *(_t237 - 4) = _t236;
									E0139F3E0(_t232,  *((intOrPtr*)( *((intOrPtr*)(_t237 - 0x74)) + 8)),  *((intOrPtr*)(_t237 - 0x54)));
									_t238 = _t238 + 0xc;
									 *(_t237 - 4) = 0xfffffffe;
									_t215 =  *(_t237 - 0x48);
									__eflags = _t193;
									if(_t193 < 0) {
										L013777F0(_t215, _t236,  *(_t237 - 0x78));
										goto L20;
									}
									__eflags =  *((char*)(_t237 - 0x39));
									if( *((char*)(_t237 - 0x39)) != 0) {
										_t233 = E0138A44B( *(_t237 - 0x4c));
										 *(_t237 - 0x50) = _t233;
										__eflags = _t233;
										if(_t233 == 0) {
											L013777F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x78));
											goto L52;
										}
										 *(_t233 +  *(_t237 - 0x58) * 4) =  *(_t237 - 0x7c);
										L17:
										_t234 =  *(_t237 - 0x40);
										_t218 = _t234 * 0xc;
										 *(_t218 +  *(_t237 - 0x64) + 0x14) =  *(_t237 - 0x50);
										 *(_t218 + _t235 + 0x10) = _t236;
										_t224 = _t234 + 1;
										 *(_t237 - 0x40) = _t224;
										 *(_t237 - 0x50) = _t224;
										_t193 =  *(_t237 - 0x44);
										continue;
									}
									 *(_t237 - 0x50) =  *(_t237 - 0x7c);
									goto L17;
								}
								 *_t235 = _t236;
								_t165 = 0x10 + _t163 * 0xc;
								__eflags = _t165;
								_push(_t165);
								_push(_t235);
								_push(0x23);
								_push(0xffffffff);
								_t193 = E013996C0();
								goto L19;
							} else {
								goto L50;
							}
						}
						_t235 = _t237 - 0x38;
						 *(_t237 - 0x60) = _t235;
						goto L8;
					}
					goto L4;
				}
			}

































                            0x0136849b
                            0x0136849b
                            0x0136849b
                            0x0136849b
                            0x0136849d
                            0x013684a2
                            0x013684a7
                            0x013684b1
                            0x013684d8
                            0x00000000
                            0x013684b3
                            0x013684c4
                            0x013684c9
                            0x013684cd
                            0x013684cf
                            0x013684cf
                            0x013684d6
                            0x013684e6
                            0x013684e9
                            0x013684ec
                            0x013684ef
                            0x013684f2
                            0x013684f4
                            0x013684fc
                            0x01368501
                            0x01368506
                            0x01368509
                            0x013686e0
                            0x013686e5
                            0x013686e8
                            0x013686ed
                            0x013686f0
                            0x013686f2
                            0x013b9afd
                            0x013b9b02
                            0x013684da
                            0x013684df
                            0x013684df
                            0x013686fa
                            0x013686fd
                            0x013686fe
                            0x01368701
                            0x01368706
                            0x01368709
                            0x0136870b
                            0x00000000
                            0x00000000
                            0x01368711
                            0x01368725
                            0x01368727
                            0x0136872a
                            0x0136872c
                            0x013b9af0
                            0x013b9af5
                            0x01368732
                            0x01368732
                            0x01368732
                            0x01368735
                            0x01368737
                            0x01368515
                            0x01368515
                            0x01368518
                            0x0136851d
                            0x01368523
                            0x01368527
                            0x0136852b
                            0x01368537
                            0x01368539
                            0x0136853c
                            0x0136853e
                            0x0136868c
                            0x01368691
                            0x01368699
                            0x0136869b
                            0x01368744
                            0x01368748
                            0x013686a1
                            0x013686a1
                            0x013686a1
                            0x013686a4
                            0x013686a8
                            0x013b9bdf
                            0x013b9bdf
                            0x013686ae
                            0x013686b0
                            0x00000000
                            0x013686b6
                            0x00000000
                            0x013b9be9
                            0x013686b0
                            0x01368544
                            0x0136854a
                            0x0136854d
                            0x01368551
                            0x0136876e
                            0x01368778
                            0x0136877b
                            0x01368780
                            0x01368557
                            0x01368557
                            0x0136855d
                            0x0136855d
                            0x0136856b
                            0x0136856e
                            0x01368570
                            0x01368573
                            0x01368576
                            0x01368576
                            0x01368579
                            0x0136857b
                            0x00000000
                            0x00000000
                            0x01368581
                            0x013685a0
                            0x013685a2
                            0x013685a5
                            0x013685a7
                            0x013b9b1b
                            0x013b9b1b
                            0x0136862e
                            0x0136862e
                            0x01368631
                            0x01368631
                            0x01368634
                            0x01368636
                            0x01368669
                            0x01368669
                            0x0136866b
                            0x013b9bbf
                            0x013b9bc4
                            0x013b9bc8
                            0x013b9bce
                            0x013b9bce
                            0x01368671
                            0x01368671
                            0x01368674
                            0x01368676
                            0x013b9bae
                            0x013b9bae
                            0x01368676
                            0x0136867c
                            0x0136867e
                            0x01368688
                            0x01368688
                            0x00000000
                            0x0136867e
                            0x01368638
                            0x01368638
                            0x0136863b
                            0x0136863e
                            0x0136863f
                            0x01368642
                            0x01368645
                            0x01368648
                            0x0136864d
                            0x013b9b69
                            0x013b9b6e
                            0x013b9b7b
                            0x013b9b81
                            0x013b9b85
                            0x013b9b89
                            0x013b9ba7
                            0x013b9b8b
                            0x013b9b91
                            0x013b9b9a
                            0x013b9b9f
                            0x013b9b9f
                            0x01368788
                            0x0136878d
                            0x01368763
                            0x01368763
                            0x01368766
                            0x00000000
                            0x01368766
                            0x013b9b70
                            0x00000000
                            0x013b9b70
                            0x01368656
                            0x0136865a
                            0x0136865c
                            0x01368752
                            0x01368756
                            0x00000000
                            0x00000000
                            0x0136875e
                            0x00000000
                            0x0136875e
                            0x01368662
                            0x01368662
                            0x01368662
                            0x01368666
                            0x00000000
                            0x01368666
                            0x013685b7
                            0x013685b9
                            0x013685bc
                            0x013685bf
                            0x013685cc
                            0x013685d1
                            0x013685d4
                            0x013685db
                            0x013685de
                            0x013685e0
                            0x013b9b5f
                            0x00000000
                            0x013b9b5f
                            0x013685e6
                            0x013685ea
                            0x013686c3
                            0x013686c5
                            0x013686c8
                            0x013686ca
                            0x013b9b16
                            0x00000000
                            0x013b9b16
                            0x013686d6
                            0x013685f6
                            0x013685f6
                            0x013685f9
                            0x01368602
                            0x01368606
                            0x0136860a
                            0x0136860b
                            0x0136860e
                            0x01368611
                            0x00000000
                            0x01368611
                            0x013685f3
                            0x00000000
                            0x013685f3
                            0x01368619
                            0x0136861e
                            0x0136861e
                            0x01368621
                            0x01368622
                            0x01368623
                            0x01368625
                            0x0136862c
                            0x00000000
                            0x0136873d
                            0x00000000
                            0x0136873d
                            0x01368737
                            0x0136850f
                            0x01368512
                            0x00000000
                            0x01368512
                            0x00000000
                            0x013684d6

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: a4fc7616464ecffeb240f40625879be7bcb6a9003d8ca5a17694adf3328c31cb
                            • Instruction ID: 281ae54a5d5a7b31a439e44e35658681b49d28a75155605015d1319d8b4d648c
                            • Opcode Fuzzy Hash: a4fc7616464ecffeb240f40625879be7bcb6a9003d8ca5a17694adf3328c31cb
                            • Instruction Fuzzy Hash: 0EB17EB4E00349DFDB25DF98C984AADBBB9FF4830CF10816AE605AB659D774AC41CB50
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 013837EB Relevance: .3, Instructions: 269COMMON
                            Download Yara Rule
                            C-Code - Quality: 87%
                            			E013837EB(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t99;
				intOrPtr _t103;
				intOrPtr _t104;
				char* _t114;
				signed short _t124;
				signed int _t125;
				signed int _t130;
				intOrPtr* _t134;
				intOrPtr* _t135;
				intOrPtr* _t136;
				intOrPtr* _t140;
				intOrPtr* _t142;
				intOrPtr _t152;
				intOrPtr _t154;
				signed int _t155;
				signed int _t156;
				intOrPtr _t157;
				intOrPtr _t160;
				signed short _t164;
				signed short _t165;
				signed int _t174;
				intOrPtr* _t177;
				short _t179;
				intOrPtr _t180;
				intOrPtr* _t182;
				intOrPtr _t183;
				void* _t184;

				_push(0x50);
				_push(0x142ff48);
				E013AD08C(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t184 - 0x44)) = __ecx;
				 *((intOrPtr*)(_t184 - 0x1c)) = 0xc0000001;
				 *((intOrPtr*)(_t184 - 0x24)) = 0;
				 *((intOrPtr*)(__ecx)) = 0;
				 *(_t184 - 0x2c) = __edx & 0x00000001;
				_t99 = E0136B060(__ecx,  *((intOrPtr*)( *[fs:0x30] + 8)));
				if(_t99 == 0) {
					_t179 = 0xc000007b;
					L28:
					return E013AD0D1(_t179);
				}
				_t150 =  *((intOrPtr*)(_t99 + 0x60));
				 *((intOrPtr*)(_t184 - 0x38)) =  *((intOrPtr*)(_t99 + 0x60));
				_t180 =  *((intOrPtr*)(_t99 + 0x64));
				 *((intOrPtr*)(_t184 - 0x30)) = _t180;
				_t103 =  *((intOrPtr*)( *[fs:0x30] + 0x208));
				if(_t103 != 0) {
					if(_t180 < _t103) {
						 *((intOrPtr*)(_t184 - 0x30)) = _t103;
					}
				}
				_t104 =  *0x14484c4; // 0x0
				_t182 = E01374620(_t150,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t104 + 0x000c0000 | 0x00000008, 0x120);
				 *((intOrPtr*)(_t184 - 0x20)) = _t182;
				 *((intOrPtr*)(_t184 - 4)) = 0;
				 *((intOrPtr*)(_t184 - 0x40)) = 1;
				if(_t182 == 0) {
					L36:
					_t179 = 0xc0000017;
					 *((intOrPtr*)(_t184 - 0x1c)) = 0xc0000017;
					goto L24;
				} else {
					_t152 =  *0x14484c4; // 0x0
					_t153 = _t152 + 0xc0000;
					 *((intOrPtr*)(_t184 - 0x48)) = _t152 + 0xc0000;
					_t154 = E01374620(_t152 + 0xc0000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t153,  *0x14484c0 * 0x24);
					 *((intOrPtr*)(_t184 - 0x24)) = _t154;
					if(_t154 == 0) {
						_t179 = 0xc0000017;
						 *((intOrPtr*)(_t184 - 0x1c)) = 0xc0000017;
						_t182 =  *((intOrPtr*)(_t184 - 0x20));
						L24:
						 *((intOrPtr*)(_t184 - 4)) = 0xfffffffe;
						 *((intOrPtr*)(_t184 - 0x40)) = 0;
						E01383B5A(_t108, 0, _t179, _t182);
						if(_t179 < 0) {
							goto L28;
						}
						 *((intOrPtr*)( *((intOrPtr*)(_t184 - 0x44)))) = _t182;
						if(E01377D50() != 0) {
							_t114 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
							_t179 =  *((intOrPtr*)(_t184 - 0x1c));
							_t182 =  *((intOrPtr*)(_t184 - 0x20));
						} else {
							_t114 = 0x7ffe0386;
						}
						if( *_t114 != 0) {
							L32:
							E01428BB6(_t182);
						}
						goto L28;
					}
					_t155 = 0;
					 *(_t184 - 0x28) = 0;
					_t183 =  *((intOrPtr*)(_t184 - 0x20));
					_t174 =  *0x14484c0; // 0x1
					while(_t155 < 3) {
						 *((intOrPtr*)(_t183 + 0x10 + _t155 * 4)) = _t174 * _t155 * 0xc +  *((intOrPtr*)(_t184 - 0x24));
						_t155 = _t155 + 1;
						 *(_t184 - 0x28) = _t155;
					}
					_t156 = 0;
					while(1) {
						 *(_t184 - 0x28) = _t156;
						if(_t156 >= _t174 * 3) {
							break;
						}
						_t142 = _t156 * 0xc +  *((intOrPtr*)(_t184 - 0x24));
						 *((intOrPtr*)(_t142 + 8)) = 0;
						 *((intOrPtr*)(_t142 + 4)) = _t142;
						 *_t142 = _t142;
						_t156 = _t156 + 1;
					}
					_t157 =  *0x14484c4; // 0x0
					_t158 = _t157 + 0xc0000;
					 *(_t184 - 0x4c) = _t157 + 0xc0000;
					_t108 = E01374620(_t158 | 0x00000008,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t158 | 0x00000008, _t174 << 2);
					_t182 =  *((intOrPtr*)(_t184 - 0x20));
					 *((intOrPtr*)(_t182 + 0x1c)) = _t108;
					if(_t108 == 0) {
						goto L36;
					}
					_t160 =  *0x14484c4; // 0x0
					_t161 = _t160 + 0xc0000;
					 *(_t184 - 0x50) = _t160 + 0xc0000;
					_t108 = E01374620(_t161 | 0x00000008,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t161 | 0x00000008,  *0x14484c0 * 0xc);
					_t182 =  *((intOrPtr*)(_t184 - 0x20));
					 *((intOrPtr*)(_t182 + 0x20)) = _t108;
					if(_t108 == 0) {
						goto L36;
					}
					_t124 =  *0x7ffe03c0;
					 *(_t184 - 0x34) = _t124;
					 *(_t184 - 0x54) = _t124;
					 *(_t182 + 0x100) = _t124;
					_t179 = E01383B7A(_t182);
					 *((intOrPtr*)(_t184 - 0x1c)) = _t179;
					if(_t179 < 0) {
						goto L24;
					}
					 *((intOrPtr*)(_t182 + 0x104)) = 0xfffffffe;
					 *(_t184 - 0x60) = 0;
					 *((intOrPtr*)(_t184 - 0x5c)) = 0;
					_t164 =  *(_t184 - 0x34);
					_t125 = _t164 & 0x0000ffff;
					 *(_t184 - 0x60) = _t125;
					 *(_t182 + 8) = _t125;
					 *((intOrPtr*)(_t182 + 0xc)) = 0;
					 *_t182 = 1;
					if(_t164 < 4) {
						_t165 = 4;
					} else {
						_t165 = _t164 + 1;
					}
					 *(_t184 - 0x34) = _t165;
					_t49 = _t182 + 0x28; // 0x28
					_push(_t165);
					_push(0);
					_push(0x1f0003);
					_t179 = E01399F70();
					 *((intOrPtr*)(_t184 - 0x1c)) = _t179;
					if(_t179 < 0) {
						goto L24;
					} else {
						 *((intOrPtr*)(_t184 - 4)) = 1;
						 *((intOrPtr*)(_t184 - 0x3c)) = 1;
						_t130 =  *0x7ffe03c0 << 2;
						if(_t130 < 0x200) {
							_t130 = 0x200;
						}
						_t53 = _t182 + 0x24; // 0x24
						_push( *((intOrPtr*)(_t184 - 0x30)));
						_push( *((intOrPtr*)(_t184 - 0x38)));
						_push(_t130);
						_push(_t182);
						_push(0x137c740);
						_push(0xffffffff);
						_push( *((intOrPtr*)(_t182 + 0x28)));
						_push(0);
						_push(0xf00ff);
						_t179 = E0139A160();
						 *((intOrPtr*)(_t184 - 0x1c)) = _t179;
						if(_t179 < 0) {
							L23:
							 *((intOrPtr*)(_t184 - 4)) = 0;
							 *((intOrPtr*)(_t184 - 0x3c)) = 0;
							_t108 = E01383B48(_t131, 0, _t179, _t182);
							goto L24;
						} else {
							if( *(_t184 - 0x2c) != 0) {
								_push(4);
								_push(_t184 - 0x2c);
								_push(0xd);
								_push( *((intOrPtr*)(_t182 + 0x24)));
								_t179 = E0139AE70();
								 *((intOrPtr*)(_t184 - 0x1c)) = _t179;
								if(_t179 < 0) {
									goto L23;
								}
								 *((short*)(_t182 + 0xe6)) =  *(_t184 - 0x2c);
							}
							 *((intOrPtr*)(_t182 + 0x2c)) = 0;
							 *((intOrPtr*)(_t182 + 0xe0)) = 0;
							 *((intOrPtr*)(_t182 + 0x110)) = 0;
							 *((short*)(_t182 + 0xe4)) = 0;
							_t63 = _t182 + 0x30; // 0x30
							_t134 = _t63;
							 *((intOrPtr*)(_t134 + 4)) = _t134;
							 *_t134 = _t134;
							_t65 = _t182 + 0x38; // 0x38
							_t135 = _t65;
							 *((intOrPtr*)(_t135 + 4)) = _t135;
							 *_t135 = _t135;
							_t67 = _t182 + 0x114; // 0x114
							_t136 = _t67;
							 *((intOrPtr*)(_t136 + 4)) = _t136;
							 *_t136 = _t136;
							E0137F194(_t182, _t184 - 0x58, 0);
							_t182 =  *((intOrPtr*)(_t184 - 0x20));
							 *((intOrPtr*)(_t182 + 0xf0)) =  *((intOrPtr*)(_t184 + 4));
							_t73 = _t182 + 0x40; // 0x40
							_t179 = E0138196E(_t73, _t182);
							 *((intOrPtr*)(_t184 - 0x1c)) = _t179;
							if(_t179 < 0) {
								goto L23;
							}
							_t179 = 0;
							 *((intOrPtr*)(_t184 - 0x1c)) = 0;
							E01372280(_t131, 0x14486b4);
							 *((intOrPtr*)(_t184 - 4)) = 2;
							_t77 = _t182 + 0xe8; // 0xe8
							_t140 = _t77;
							_t177 =  *0x14453dc; // 0xe231c0
							if( *_t177 != 0x14453d8) {
								_push(3);
								asm("int 0x29");
								goto L32;
							}
							 *_t140 = 0x14453d8;
							 *((intOrPtr*)(_t140 + 4)) = _t177;
							 *_t177 = _t140;
							 *0x14453dc = _t140;
							 *((intOrPtr*)(_t184 - 4)) = 1;
							_t131 = E01383B3D();
							goto L23;
						}
					}
				}
			}






























                            0x013837eb
                            0x013837ed
                            0x013837f2
                            0x013837f7
                            0x013837fa
                            0x01383803
                            0x01383806
                            0x0138380b
                            0x01383817
                            0x0138381e
                            0x013c615c
                            0x01383b0c
                            0x01383b13
                            0x01383b13
                            0x01383824
                            0x01383827
                            0x0138382a
                            0x0138382d
                            0x01383836
                            0x0138383e
                            0x013c6168
                            0x013c616e
                            0x013c616e
                            0x013c6168
                            0x01383844
                            0x01383865
                            0x01383867
                            0x0138386a
                            0x0138386d
                            0x01383876
                            0x013c6176
                            0x013c6176
                            0x013c617b
                            0x00000000
                            0x0138387c
                            0x0138387c
                            0x01383882
                            0x01383888
                            0x013838a2
                            0x013838a4
                            0x013838a9
                            0x013c6183
                            0x013c6188
                            0x013c618b
                            0x01383ad9
                            0x01383ad9
                            0x01383ae0
                            0x01383ae7
                            0x01383aee
                            0x00000000
                            0x00000000
                            0x01383af3
                            0x01383afc
                            0x013c6288
                            0x013c628d
                            0x013c6290
                            0x01383b02
                            0x01383b02
                            0x01383b02
                            0x01383b0a
                            0x01383b71
                            0x01383b73
                            0x01383b73
                            0x00000000
                            0x01383b0a
                            0x013838af
                            0x013838b1
                            0x013838b4
                            0x013838b7
                            0x013838bd
                            0x013838cd
                            0x013838d1
                            0x013838d2
                            0x013838d2
                            0x013838d7
                            0x013838d9
                            0x013838d9
                            0x013838e1
                            0x00000000
                            0x00000000
                            0x013838e6
                            0x013838e9
                            0x013838ec
                            0x013838ef
                            0x013838f1
                            0x013838f1
                            0x013838f4
                            0x013838fa
                            0x01383900
                            0x01383916
                            0x0138391b
                            0x0138391e
                            0x01383923
                            0x00000000
                            0x00000000
                            0x01383929
                            0x0138392f
                            0x01383935
                            0x0138394d
                            0x01383952
                            0x01383955
                            0x0138395a
                            0x00000000
                            0x00000000
                            0x01383960
                            0x01383965
                            0x01383968
                            0x0138396b
                            0x01383978
                            0x0138397a
                            0x0138397f
                            0x00000000
                            0x00000000
                            0x01383985
                            0x0138398f
                            0x01383992
                            0x01383995
                            0x01383998
                            0x0138399b
                            0x0138399e
                            0x013839a1
                            0x013839a4
                            0x013839ad
                            0x013c6195
                            0x013839b3
                            0x013839b3
                            0x013839b3
                            0x013839b4
                            0x013839b7
                            0x013839ba
                            0x013839bb
                            0x013839bc
                            0x013839c7
                            0x013839c9
                            0x013839ce
                            0x00000000
                            0x013839d4
                            0x013839d7
                            0x013839da
                            0x013839e2
                            0x013839ec
                            0x013839ee
                            0x013839ee
                            0x013839f0
                            0x013839f3
                            0x013839f6
                            0x013839f9
                            0x013839fa
                            0x013839fb
                            0x01383a00
                            0x01383a02
                            0x01383a05
                            0x01383a06
                            0x01383a11
                            0x01383a13
                            0x01383a18
                            0x01383aca
                            0x01383aca
                            0x01383acd
                            0x01383ad4
                            0x00000000
                            0x01383a1e
                            0x01383a22
                            0x01383b14
                            0x01383b19
                            0x01383b1a
                            0x01383b1c
                            0x01383b24
                            0x01383b26
                            0x01383b2b
                            0x00000000
                            0x00000000
                            0x01383b31
                            0x01383b31
                            0x01383a28
                            0x01383a2b
                            0x01383a31
                            0x01383a37
                            0x01383a3e
                            0x01383a3e
                            0x01383a41
                            0x01383a44
                            0x01383a46
                            0x01383a46
                            0x01383a49
                            0x01383a4c
                            0x01383a4e
                            0x01383a4e
                            0x01383a54
                            0x01383a57
                            0x01383a5f
                            0x01383a67
                            0x01383a6a
                            0x01383a70
                            0x01383a7a
                            0x01383a7c
                            0x01383a81
                            0x00000000
                            0x00000000
                            0x01383a83
                            0x01383a85
                            0x01383a8d
                            0x01383a92
                            0x01383a99
                            0x01383a99
                            0x01383a9f
                            0x01383aac
                            0x01383b6c
                            0x01383b6f
                            0x00000000
                            0x01383b6f
                            0x01383ab2
                            0x01383ab4
                            0x01383ab7
                            0x01383ab9
                            0x01383abe
                            0x01383ac5
                            0x00000000
                            0x01383ac5
                            0x01383a18
                            0x013839ce

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 5a073e6e0831715df56a28953d54ac1986e0cc1d4b3c198a5c7d8dbd7e1ab76d
                            • Instruction ID: 1a6fc1344b7433b000c5db30af71df9f194b4252fb50c256c0be9c28e27e3380
                            • Opcode Fuzzy Hash: 5a073e6e0831715df56a28953d54ac1986e0cc1d4b3c198a5c7d8dbd7e1ab76d
                            • Instruction Fuzzy Hash: 95B126B1900309DFCB15EF99C940AAEBBF5FB48B18F15412EE51AAB760E734E901CB50
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0135C600 Relevance: .2, Instructions: 225COMMON
                            Download Yara Rule
                            C-Code - Quality: 67%
                            			E0135C600(intOrPtr _a4, intOrPtr _a8, signed int _a12, signed char _a16, intOrPtr _a20, signed int _a24) {
				signed int _v8;
				char _v1036;
				signed int _v1040;
				char _v1048;
				signed int _v1052;
				signed char _v1056;
				void* _v1058;
				char _v1060;
				signed int _v1064;
				void* _v1068;
				intOrPtr _v1072;
				void* _v1084;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t70;
				intOrPtr _t72;
				signed int _t74;
				intOrPtr _t77;
				signed int _t78;
				signed int _t81;
				void* _t101;
				signed int _t102;
				signed int _t107;
				signed int _t109;
				signed int _t110;
				signed char _t111;
				signed int _t112;
				signed int _t113;
				signed int _t114;
				intOrPtr _t116;
				void* _t117;
				char _t118;
				void* _t120;
				char _t121;
				signed int _t122;
				signed int _t123;
				signed int _t125;

				_t125 = (_t123 & 0xfffffff8) - 0x424;
				_v8 =  *0x144d360 ^ _t125;
				_t116 = _a4;
				_v1056 = _a16;
				_v1040 = _a24;
				if(E01366D30( &_v1048, _a8) < 0) {
					L4:
					_pop(_t117);
					_pop(_t120);
					_pop(_t101);
					return E0139B640(_t68, _t101, _v8 ^ _t125, _t114, _t117, _t120);
				}
				_t70 = _a20;
				if(_t70 >= 0x3f4) {
					_t121 = _t70 + 0xc;
					L19:
					_t107 =  *( *[fs:0x30] + 0x18);
					__eflags = _t107;
					if(_t107 == 0) {
						L60:
						_t68 = 0xc0000017;
						goto L4;
					}
					_t72 =  *0x1447b9c; // 0x0
					_t74 = E01374620(_t107, _t107, _t72 + 0x180000, _t121);
					_v1064 = _t74;
					__eflags = _t74;
					if(_t74 == 0) {
						goto L60;
					}
					_t102 = _t74;
					_push( &_v1060);
					_push(_t121);
					_push(_t74);
					_push(2);
					_push( &_v1048);
					_push(_t116);
					_t122 = E01399650();
					__eflags = _t122;
					if(_t122 >= 0) {
						L7:
						_t114 = _a12;
						__eflags = _t114;
						if(_t114 != 0) {
							_t77 = _a20;
							L26:
							_t109 =  *(_t102 + 4);
							__eflags = _t109 - 3;
							if(_t109 == 3) {
								L55:
								__eflags = _t114 - _t109;
								if(_t114 != _t109) {
									L59:
									_t122 = 0xc0000024;
									L15:
									_t78 = _v1052;
									__eflags = _t78;
									if(_t78 != 0) {
										L013777F0( *( *[fs:0x30] + 0x18), 0, _t78);
									}
									_t68 = _t122;
									goto L4;
								}
								_t110 = _v1056;
								_t118 =  *((intOrPtr*)(_t102 + 8));
								_v1060 = _t118;
								__eflags = _t110;
								if(_t110 == 0) {
									L10:
									_t122 = 0x80000005;
									L11:
									_t81 = _v1040;
									__eflags = _t81;
									if(_t81 == 0) {
										goto L15;
									}
									__eflags = _t122;
									if(_t122 >= 0) {
										L14:
										 *_t81 = _t118;
										goto L15;
									}
									__eflags = _t122 - 0x80000005;
									if(_t122 != 0x80000005) {
										goto L15;
									}
									goto L14;
								}
								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t77;
								if( *((intOrPtr*)(_t102 + 8)) > _t77) {
									goto L10;
								}
								_push( *((intOrPtr*)(_t102 + 8)));
								_t59 = _t102 + 0xc; // 0xc
								_push(_t110);
								L54:
								E0139F3E0();
								_t125 = _t125 + 0xc;
								goto L11;
							}
							__eflags = _t109 - 7;
							if(_t109 == 7) {
								goto L55;
							}
							_t118 = 4;
							__eflags = _t109 - _t118;
							if(_t109 != _t118) {
								__eflags = _t109 - 0xb;
								if(_t109 != 0xb) {
									__eflags = _t109 - 1;
									if(_t109 == 1) {
										__eflags = _t114 - _t118;
										if(_t114 != _t118) {
											_t118 =  *((intOrPtr*)(_t102 + 8));
											_v1060 = _t118;
											__eflags = _t118 - _t77;
											if(_t118 > _t77) {
												goto L10;
											}
											_push(_t118);
											_t56 = _t102 + 0xc; // 0xc
											_push(_v1056);
											goto L54;
										}
										__eflags = _t77 - _t118;
										if(_t77 != _t118) {
											L34:
											_t122 = 0xc0000004;
											goto L15;
										}
										_t111 = _v1056;
										__eflags = _t111 & 0x00000003;
										if((_t111 & 0x00000003) == 0) {
											_v1060 = _t118;
											__eflags = _t111;
											if(__eflags == 0) {
												goto L10;
											}
											_t42 = _t102 + 0xc; // 0xc
											 *((intOrPtr*)(_t125 + 0x20)) = _t42;
											_v1048 =  *((intOrPtr*)(_t102 + 8));
											_push(_t111);
											 *((short*)(_t125 + 0x22)) =  *((intOrPtr*)(_t102 + 8));
											_push(0);
											_push( &_v1048);
											_t122 = E013913C0(_t102, _t118, _t122, __eflags);
											L44:
											_t118 = _v1072;
											goto L11;
										}
										_t122 = 0x80000002;
										goto L15;
									}
									_t122 = 0xc0000024;
									goto L44;
								}
								__eflags = _t114 - _t109;
								if(_t114 != _t109) {
									goto L59;
								}
								_t118 = 8;
								__eflags = _t77 - _t118;
								if(_t77 != _t118) {
									goto L34;
								}
								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
								if( *((intOrPtr*)(_t102 + 8)) != _t118) {
									goto L34;
								}
								_t112 = _v1056;
								_v1060 = _t118;
								__eflags = _t112;
								if(_t112 == 0) {
									goto L10;
								}
								 *_t112 =  *((intOrPtr*)(_t102 + 0xc));
								 *((intOrPtr*)(_t112 + 4)) =  *((intOrPtr*)(_t102 + 0x10));
								goto L11;
							}
							__eflags = _t114 - _t118;
							if(_t114 != _t118) {
								goto L59;
							}
							__eflags = _t77 - _t118;
							if(_t77 != _t118) {
								goto L34;
							}
							__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
							if( *((intOrPtr*)(_t102 + 8)) != _t118) {
								goto L34;
							}
							_t113 = _v1056;
							_v1060 = _t118;
							__eflags = _t113;
							if(_t113 == 0) {
								goto L10;
							}
							 *_t113 =  *((intOrPtr*)(_t102 + 0xc));
							goto L11;
						}
						_t118 =  *((intOrPtr*)(_t102 + 8));
						__eflags = _t118 - _a20;
						if(_t118 <= _a20) {
							_t114 =  *(_t102 + 4);
							_t77 = _t118;
							goto L26;
						}
						_v1060 = _t118;
						goto L10;
					}
					__eflags = _t122 - 0x80000005;
					if(_t122 != 0x80000005) {
						goto L15;
					}
					L013777F0( *( *[fs:0x30] + 0x18), 0, _t102);
					L18:
					_t121 = _v1060;
					goto L19;
				}
				_push( &_v1060);
				_push(0x400);
				_t102 =  &_v1036;
				_push(_t102);
				_push(2);
				_push( &_v1048);
				_push(_t116);
				_t122 = E01399650();
				if(_t122 >= 0) {
					__eflags = 0;
					_v1052 = 0;
					goto L7;
				}
				if(_t122 == 0x80000005) {
					goto L18;
				}
				goto L4;
			}










































                            0x0135c608
                            0x0135c615
                            0x0135c625
                            0x0135c62d
                            0x0135c635
                            0x0135c640
                            0x0135c680
                            0x0135c687
                            0x0135c688
                            0x0135c689
                            0x0135c694
                            0x0135c694
                            0x0135c642
                            0x0135c64a
                            0x0135c697
                            0x013c7a25
                            0x013c7a2b
                            0x013c7a2e
                            0x013c7a30
                            0x013c7bea
                            0x013c7bea
                            0x00000000
                            0x013c7bea
                            0x013c7a36
                            0x013c7a43
                            0x013c7a48
                            0x013c7a4c
                            0x013c7a4e
                            0x00000000
                            0x00000000
                            0x013c7a58
                            0x013c7a5a
                            0x013c7a5b
                            0x013c7a5c
                            0x013c7a5d
                            0x013c7a63
                            0x013c7a64
                            0x013c7a6a
                            0x013c7a6c
                            0x013c7a6e
                            0x013c79cb
                            0x013c79cb
                            0x013c79ce
                            0x013c79d0
                            0x013c7a98
                            0x013c7a9b
                            0x013c7a9b
                            0x013c7a9e
                            0x013c7aa1
                            0x013c7bbe
                            0x013c7bbe
                            0x013c7bc0
                            0x013c7be0
                            0x013c7be0
                            0x013c7a01
                            0x013c7a01
                            0x013c7a05
                            0x013c7a07
                            0x013c7a15
                            0x013c7a15
                            0x013c7a1a
                            0x00000000
                            0x013c7a1a
                            0x013c7bc2
                            0x013c7bc6
                            0x013c7bc9
                            0x013c7bcd
                            0x013c7bcf
                            0x013c79e6
                            0x013c79e6
                            0x013c79eb
                            0x013c79eb
                            0x013c79ef
                            0x013c79f1
                            0x00000000
                            0x00000000
                            0x013c79f3
                            0x013c79f5
                            0x013c79ff
                            0x013c79ff
                            0x00000000
                            0x013c79ff
                            0x013c79f7
                            0x013c79fd
                            0x00000000
                            0x00000000
                            0x00000000
                            0x013c79fd
                            0x013c7bd5
                            0x013c7bd8
                            0x00000000
                            0x00000000
                            0x013c7ba9
                            0x013c7bac
                            0x013c7bb0
                            0x013c7bb1
                            0x013c7bb1
                            0x013c7bb6
                            0x00000000
                            0x013c7bb6
                            0x013c7aa7
                            0x013c7aaa
                            0x00000000
                            0x00000000
                            0x013c7ab2
                            0x013c7ab3
                            0x013c7ab5
                            0x013c7aec
                            0x013c7aef
                            0x013c7b25
                            0x013c7b28
                            0x013c7b62
                            0x013c7b64
                            0x013c7b8f
                            0x013c7b92
                            0x013c7b96
                            0x013c7b98
                            0x00000000
                            0x00000000
                            0x013c7b9e
                            0x013c7b9f
                            0x013c7ba3
                            0x00000000
                            0x013c7ba3
                            0x013c7b66
                            0x013c7b68
                            0x013c7ae2
                            0x013c7ae2
                            0x00000000
                            0x013c7ae2
                            0x013c7b6e
                            0x013c7b72
                            0x013c7b75
                            0x013c7b81
                            0x013c7b85
                            0x013c7b87
                            0x00000000
                            0x00000000
                            0x013c7b31
                            0x013c7b34
                            0x013c7b3c
                            0x013c7b45
                            0x013c7b46
                            0x013c7b4f
                            0x013c7b51
                            0x013c7b57
                            0x013c7b59
                            0x013c7b59
                            0x00000000
                            0x013c7b59
                            0x013c7b77
                            0x00000000
                            0x013c7b77
                            0x013c7b2a
                            0x00000000
                            0x013c7b2a
                            0x013c7af1
                            0x013c7af3
                            0x00000000
                            0x00000000
                            0x013c7afb
                            0x013c7afc
                            0x013c7afe
                            0x00000000
                            0x00000000
                            0x013c7b00
                            0x013c7b03
                            0x00000000
                            0x00000000
                            0x013c7b05
                            0x013c7b09
                            0x013c7b0d
                            0x013c7b0f
                            0x00000000
                            0x00000000
                            0x013c7b18
                            0x013c7b1d
                            0x00000000
                            0x013c7b1d
                            0x013c7ab7
                            0x013c7ab9
                            0x00000000
                            0x00000000
                            0x013c7abf
                            0x013c7ac1
                            0x00000000
                            0x00000000
                            0x013c7ac3
                            0x013c7ac6
                            0x00000000
                            0x00000000
                            0x013c7ac8
                            0x013c7acc
                            0x013c7ad0
                            0x013c7ad2
                            0x00000000
                            0x00000000
                            0x013c7adb
                            0x00000000
                            0x013c7adb
                            0x013c79d6
                            0x013c79d9
                            0x013c79dc
                            0x013c7a91
                            0x013c7a94
                            0x00000000
                            0x013c7a94
                            0x013c79e2
                            0x00000000
                            0x013c79e2
                            0x013c7a74
                            0x013c7a7a
                            0x00000000
                            0x00000000
                            0x013c7a8a
                            0x013c7a21
                            0x013c7a21
                            0x00000000
                            0x013c7a21
                            0x0135c650
                            0x0135c651
                            0x0135c656
                            0x0135c65c
                            0x0135c65d
                            0x0135c663
                            0x0135c664
                            0x0135c66a
                            0x0135c66e
                            0x013c79c5
                            0x013c79c7
                            0x00000000
                            0x013c79c7
                            0x0135c67a
                            0x00000000
                            0x00000000
                            0x00000000

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: c4f6b8c2966623d79cda2ed26d867c38ab8e4a5e2768dddaa26ce2bfb39cd9cb
                            • Instruction ID: e83488df4a4770e5e34a0c87ce0a29236c67a15a650cf396fbe529c2381e21d9
                            • Opcode Fuzzy Hash: c4f6b8c2966623d79cda2ed26d867c38ab8e4a5e2768dddaa26ce2bfb39cd9cb
                            • Instruction Fuzzy Hash: 858192756142069BEB26CE5CC880E7AB7E9FB84B58F14485EEE459B341D330ED41CFA2
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0138138B Relevance: .2, Instructions: 206COMMONCrypto
                            Download Yara Rule
                            C-Code - Quality: 85%
                            			E0138138B(signed int __ecx, signed int* __edx, intOrPtr _a4, signed int _a12, signed int _a16, char _a20, intOrPtr _a24) {
				void* _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				void* __ebx;
				signed int _t97;
				signed int _t102;
				void* _t105;
				char* _t112;
				signed int _t113;
				signed int _t117;
				signed int _t119;
				signed int* _t122;
				signed int _t124;
				signed int _t130;
				signed int _t136;
				char _t150;
				intOrPtr _t153;
				signed int _t161;
				signed int _t163;
				signed int _t170;
				signed int _t175;
				signed int _t176;
				signed int _t182;
				signed int* _t183;
				signed int* _t184;

				_t182 = __ecx;
				_t153 = _a24;
				_t183 = __edx;
				_v24 =  *((intOrPtr*)( *[fs:0x30] + 0x68));
				_t97 = _t153 - _a16;
				if(_t97 > 0xfffff000) {
					L19:
					return 0;
				}
				asm("cdq");
				_t150 = _a20;
				_v16 = _t97 / 0x1000;
				_t102 = _a4 + 0x00000007 & 0xfffffff8;
				_t170 = _t102 + __edx;
				_v20 = _t102 >> 0x00000003 & 0x0000ffff;
				_t105 = _t170 + 0x28;
				_v12 = _t170;
				if(_t105 >= _t150) {
					if(_t105 >= _t153) {
						goto L19;
					}
					_v8 = _t170 - _t150 + 8;
					_push(E01380678(__ecx, 1));
					_push(0x1000);
					_push( &_v8);
					_push(0);
					_push( &_a20);
					_push(0xffffffff);
					if(E01399660() < 0) {
						 *((intOrPtr*)(_t182 + 0x214)) =  *((intOrPtr*)(_t182 + 0x214)) + 1;
						goto L19;
					}
					if(E01377D50() == 0) {
						_t112 = 0x7ffe0380;
					} else {
						_t112 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t112 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						E0141138A(_t150, _t182, _a20, _v8, 3);
					}
					_t150 = _a20 + _v8;
					_t153 = _a24;
					_a20 = _t150;
				}
				_t183[0] = 1;
				_t113 = _t153 - _t150;
				_t183[1] = 1;
				asm("cdq");
				_t175 = _t113 % 0x1000;
				_v28 = _t113 / 0x1000;
				 *_t183 = _v20;
				_t183[1] =  *(_t182 + 0x54);
				if((_v24 & 0x00001000) != 0) {
					_t117 = E013816C7(1, _t175);
					_t150 = _a20;
					_t183[0xd] = _t117;
				}
				_t183[0xb] = _t183[0xb] & 0x00000000;
				_t176 = _v12;
				_t183[3] = _a12;
				_t119 = _a16;
				_t183[7] = _t119;
				_t161 = _v16 << 0xc;
				_t183[6] = _t182;
				_t183[0xa] = _t119 + _t161;
				_t183[8] = _v16;
				_t122 =  &(_t183[0xe]);
				_t183[2] = 0xffeeffee;
				_t183[9] = _t176;
				 *((intOrPtr*)(_t182 + 0x1e8)) =  *((intOrPtr*)(_t182 + 0x1e8)) + _t161;
				 *((intOrPtr*)(_t182 + 0x1e4)) =  *((intOrPtr*)(_t182 + 0x1e4)) + _t161;
				_t122[1] = _t122;
				 *_t122 = _t122;
				if(_t183[6] != _t183) {
					_t124 = 1;
				} else {
					_t124 = 0;
				}
				_t183[1] = _t124;
				 *(_t176 + 4) =  *_t183 ^  *(_t182 + 0x54);
				if(_t183[6] != _t183) {
					_t130 = (_t176 - _t183 >> 0x10) + 1;
					_v24 = _t130;
					if(_t130 >= 0xfe) {
						_push(_t161);
						_push(0);
						E0141A80D(_t183[6], 3, _t176, _t183);
						_t150 = _a20;
						_t176 = _v12;
						_t130 = _v24;
					}
				} else {
					_t130 = 0;
				}
				 *(_t176 + 6) = _t130;
				E0137B73D(_t182, _t183, _t150 - 0x18, _v28 << 0xc, _t176,  &_v8);
				if( *((intOrPtr*)(_t182 + 0x4c)) != 0) {
					_t183[0] = _t183[0] ^  *_t183 ^ _t183[0];
					 *_t183 =  *_t183 ^  *(_t182 + 0x50);
				}
				if(_v8 != 0) {
					E0137A830(_t182, _v12, _v8);
				}
				_t136 = _t182 + 0xa4;
				_t184 =  &(_t183[4]);
				_t163 =  *(_t136 + 4);
				if( *_t163 != _t136) {
					_push(_t163);
					_push( *_t163);
					E0141A80D(0, 0xd, _t136, 0);
				} else {
					 *_t184 = _t136;
					_t184[1] = _t163;
					 *_t163 = _t184;
					 *(_t136 + 4) = _t184;
				}
				 *((intOrPtr*)(_t182 + 0x1f4)) =  *((intOrPtr*)(_t182 + 0x1f4)) + 1;
				return 1;
			}































                            0x0138139f
                            0x013813a1
                            0x013813a4
                            0x013813a6
                            0x013813ab
                            0x013813b3
                            0x013c5522
                            0x00000000
                            0x013c5522
                            0x013813b9
                            0x013813c1
                            0x013813c4
                            0x013813cd
                            0x013813d0
                            0x013813d9
                            0x013813dc
                            0x013813df
                            0x013813e4
                            0x013c552b
                            0x00000000
                            0x00000000
                            0x013c5534
                            0x013c553f
                            0x013c5545
                            0x013c5549
                            0x013c554a
                            0x013c554f
                            0x013c5550
                            0x013c5559
                            0x013c551c
                            0x00000000
                            0x013c551c
                            0x013c5562
                            0x013c5574
                            0x013c5564
                            0x013c556d
                            0x013c556d
                            0x013c557c
                            0x013c5597
                            0x013c5597
                            0x013c559f
                            0x013c55a2
                            0x013c55a5
                            0x013c55a5
                            0x013813ec
                            0x013813f2
                            0x013813f4
                            0x013813f8
                            0x013813fe
                            0x01381400
                            0x01381406
                            0x01381412
                            0x01381419
                            0x013c55b0
                            0x013c55b5
                            0x013c55b8
                            0x013c55b8
                            0x01381425
                            0x01381429
                            0x0138142c
                            0x0138142f
                            0x01381432
                            0x01381435
                            0x0138143a
                            0x0138143d
                            0x01381443
                            0x01381446
                            0x01381449
                            0x01381450
                            0x01381453
                            0x01381459
                            0x0138145f
                            0x01381462
                            0x01381467
                            0x013814fa
                            0x0138146d
                            0x0138146d
                            0x0138146d
                            0x0138146f
                            0x01381479
                            0x01381480
                            0x01381507
                            0x01381508
                            0x01381510
                            0x013c55c1
                            0x013c55c2
                            0x013c55cc
                            0x013c55d1
                            0x013c55d4
                            0x013c55d7
                            0x013c55d7
                            0x01381482
                            0x01381482
                            0x01381482
                            0x01381484
                            0x0138149b
                            0x013814a4
                            0x013814ae
                            0x013814b4
                            0x013814b4
                            0x013814ba
                            0x013814c4
                            0x013814c4
                            0x013814c9
                            0x013814cf
                            0x013814d2
                            0x013814d7
                            0x013c55df
                            0x013c55e0
                            0x013c55ea
                            0x013814dd
                            0x013814dd
                            0x013814df
                            0x013814e2
                            0x013814e4
                            0x013814e4
                            0x013814e7
                            0x00000000

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 1c33f6d9e34d70ec2c7411a2d2e90e11e394967e8af468a76c92d51e73907bb8
                            • Instruction ID: 9df5fef44ab0417c4dbb2ed0eaef3f2d842c6370a73d0a9badff82a782e310b2
                            • Opcode Fuzzy Hash: 1c33f6d9e34d70ec2c7411a2d2e90e11e394967e8af468a76c92d51e73907bb8
                            • Instruction Fuzzy Hash: 4E819971A00345EFCB25DF68C480AAABBF5EF58318F14856EE996D7751D330EA41CBA0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0141B2E8 Relevance: .2, Instructions: 206COMMON
                            Download Yara Rule
                            C-Code - Quality: 81%
                            			E0141B2E8(signed int __ecx, signed int __edx, intOrPtr _a4, signed int _a8, intOrPtr _a12) {
				signed int _v8;
				char _v12;
				char _v28;
				char _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				char _v76;
				signed int _v80;
				intOrPtr _v84;
				intOrPtr _v88;
				signed int _v92;
				intOrPtr _v116;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t75;
				signed int _t79;
				char _t80;
				signed int _t95;
				signed int _t96;
				intOrPtr* _t97;
				signed int _t98;
				signed char* _t99;
				intOrPtr _t100;
				signed int _t101;
				void* _t119;
				signed int _t120;
				void* _t143;
				intOrPtr _t144;
				signed int _t150;
				signed int _t151;
				void* _t152;
				signed int _t157;

				_t135 = __edx;
				_t159 = (_t157 & 0xfffffff8) - 0x5c;
				_v8 =  *0x144d360 ^ (_t157 & 0xfffffff8) - 0x0000005c;
				_v92 = _a8;
				_v56 = __edx;
				_v88 = _a12;
				_t150 = __ecx;
				_v80 = __ecx;
				if(__edx <= 0x7fffffff) {
					_t135 = 1;
					_t75 = E0141C23A( &_v92, 1);
					__eflags = _t75;
					if(_t75 < 0) {
						goto L1;
					}
					_push(0);
					_push(0x2c);
					_push( &_v52);
					_push(0);
					_t79 = E01399860();
					__eflags = _t79;
					if(_t79 >= 0) {
						_t80 = _v12;
					} else {
						_t80 = 1;
						_v12 = 1;
					}
					_t144 = _v88;
					_t120 = E0141B0C7(_t150, _t80, _v92, _t144);
					__eflags = _t120;
					if(_t120 != 0) {
						_t16 = _t120 + 0xd8; // 0xd8
						 *(_t120 + 0xc) = _t150;
						_t18 = _t120 + 0x44; // 0x44
						_t19 = _t120 + 0x10; // 0x10
						 *_t120 = _v92;
						_t20 = _t120 + 0x118; // 0x118
						 *((intOrPtr*)(_t120 + 4)) = _t144;
						 *((intOrPtr*)(_t120 + 8)) = 0xddeeddee;
						E0141FC01(_t18, _t120, _t20, _t16, _t19, _v92, _t144);
						_t24 = _t120 + 0x84; // 0x84
						_t127 = _t24;
						E0141FC01(_t24, _t120, 0, 0, _t19, _v116, _t144);
						 *((intOrPtr*)(_t120 + 0x30)) = 0;
						 *((intOrPtr*)(_t120 + 0x34)) = 0;
						 *((intOrPtr*)(_t120 + 0x38)) = 0;
						__eflags =  *(_t120 + 0xc) & 0x20000000;
						 *((intOrPtr*)(_t120 + 0xc8)) = 0;
						if(( *(_t120 + 0xc) & 0x20000000) != 0) {
							_t127 = 0x14120e0;
							 *(_t120 + 0x20) = E0140FD06(0x14120e0) & 0x0000ffff;
						}
						asm("stosd");
						_t34 = _t120 + 0x44; // 0x44
						_t35 = _t120 + 0xd8; // 0xd8
						asm("stosd");
						asm("stosd");
						asm("stosd");
						asm("stosd");
						_v60 = 0;
						_v76 = 0x14212e0;
						_v72 = 0x1420200;
						_v68 = 0x1420100;
						_v64 = 0x1420150;
						E01422C75(_t35, _t34,  &_v76, _v92 & 1, _t127, 0x144a748);
						asm("stosd");
						_t44 = _t120 + 0x44; // 0x44
						_t45 = _t120 + 0x118; // 0x118
						asm("stosd");
						asm("stosd");
						asm("stosd");
						asm("stosd");
						_t46 = _t120 + 0x10; // 0x10
						_v92 = 0x14200b0;
						_v88 = 0x1420200;
						_v84 = 0x1420100;
						_v80 = 0x1420150;
						_v76 = 0x14200e0;
						E0141CC77(_t45, _t44, _v28, _v92 & 1,  &_v92, _t46, 0x144a73c);
						_t135 = _v92;
						_t56 = _t120 + 0x44; // 0x44
						 *(_t120 + 0xc4) =  *(_t120 + 0xc4) & 0x00000000;
						_t95 = E0141FC94(_t56, _v92, _a4);
						__eflags = _t95;
						if(_t95 >= 0) {
							_t151 = _t120;
							_t120 = 0;
							_t96 = E01377D50();
							__eflags = _t96;
							if(_t96 == 0) {
								_t97 = 0x7ffe0388;
							} else {
								_t97 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
							}
							__eflags =  *_t97 - _t120;
							if( *_t97 != _t120) {
								_t135 =  *((intOrPtr*)(_t151 + 0xd4)) - _t151;
								__eflags =  *((intOrPtr*)(_t151 + 0xd4)) - _t151;
								E0140FD52(_t120, _t151,  *((intOrPtr*)(_t151 + 0xd4)) - _t151, _v80);
							}
							_t98 = E01377D50();
							_t147 = 0x7ffe0380;
							__eflags = _t98;
							if(_t98 == 0) {
								_t99 = 0x7ffe0380;
							} else {
								_t99 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							}
							__eflags =  *_t99 - _t120;
							if( *_t99 == _t120) {
								goto L27;
							} else {
								_t100 =  *[fs:0x30];
								__eflags =  *(_t100 + 0x240) & 0x00000001;
								if(( *(_t100 + 0x240) & 0x00000001) == 0) {
									goto L27;
								}
								_t101 = E01377D50();
								__eflags = _t101;
								if(_t101 != 0) {
									_t147 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
									__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
								}
								_t135 = _v80;
								__eflags =  *((intOrPtr*)(_t151 + 0xd4)) - _t151;
								E014114A0(_t120, _t151, _v80, _t147,  *((intOrPtr*)(_t151 + 0xd4)) - _t151,  *((intOrPtr*)(_t151 + 0xd4)) - _t151,  *((intOrPtr*)(_t151 + 0xd0)) - _t151,  *_t147 & 0x000000ff);
								goto L25;
							}
						} else {
							_t151 = 0;
							L25:
							__eflags = _t120;
							if(_t120 != 0) {
								E0141B581(_t120);
							}
							goto L27;
						}
					} else {
						_t135 = 0;
						_t151 = 0;
						E0141C23A( &_v92, 0);
						L27:
						_pop(_t143);
						_pop(_t152);
						_pop(_t119);
						return E0139B640(_t151, _t119, _v8 ^ _t159, _t135, _t143, _t152);
					}
				}
				L1:
				_t151 = 0;
				goto L27;
			}







































                            0x0141b2e8
                            0x0141b2f0
                            0x0141b2fa
                            0x0141b301
                            0x0141b308
                            0x0141b30c
                            0x0141b312
                            0x0141b314
                            0x0141b31f
                            0x0141b32e
                            0x0141b32f
                            0x0141b334
                            0x0141b336
                            0x00000000
                            0x00000000
                            0x0141b338
                            0x0141b33a
                            0x0141b340
                            0x0141b341
                            0x0141b343
                            0x0141b348
                            0x0141b34a
                            0x0141b354
                            0x0141b34c
                            0x0141b34c
                            0x0141b34e
                            0x0141b34e
                            0x0141b358
                            0x0141b36b
                            0x0141b36d
                            0x0141b36f
                            0x0141b387
                            0x0141b38f
                            0x0141b392
                            0x0141b395
                            0x0141b398
                            0x0141b39c
                            0x0141b3a2
                            0x0141b3a7
                            0x0141b3ae
                            0x0141b3b8
                            0x0141b3b8
                            0x0141b3c4
                            0x0141b3c9
                            0x0141b3cc
                            0x0141b3cf
                            0x0141b3d2
                            0x0141b3d9
                            0x0141b3df
                            0x0141b3e1
                            0x0141b3ee
                            0x0141b3ee
                            0x0141b3f7
                            0x0141b3f8
                            0x0141b401
                            0x0141b407
                            0x0141b408
                            0x0141b409
                            0x0141b40a
                            0x0141b40f
                            0x0141b41d
                            0x0141b427
                            0x0141b42f
                            0x0141b437
                            0x0141b43f
                            0x0141b44a
                            0x0141b44b
                            0x0141b453
                            0x0141b459
                            0x0141b45a
                            0x0141b45b
                            0x0141b45c
                            0x0141b45d
                            0x0141b465
                            0x0141b475
                            0x0141b47d
                            0x0141b485
                            0x0141b48d
                            0x0141b495
                            0x0141b49d
                            0x0141b4a1
                            0x0141b4a4
                            0x0141b4ab
                            0x0141b4b0
                            0x0141b4b2
                            0x0141b4bb
                            0x0141b4bd
                            0x0141b4bf
                            0x0141b4c4
                            0x0141b4c6
                            0x0141b4d8
                            0x0141b4c8
                            0x0141b4d1
                            0x0141b4d1
                            0x0141b4dd
                            0x0141b4df
                            0x0141b4ed
                            0x0141b4ed
                            0x0141b4ef
                            0x0141b4ef
                            0x0141b4f4
                            0x0141b4f9
                            0x0141b4fe
                            0x0141b500
                            0x0141b512
                            0x0141b502
                            0x0141b50b
                            0x0141b50b
                            0x0141b514
                            0x0141b516
                            0x00000000
                            0x0141b518
                            0x0141b518
                            0x0141b51e
                            0x0141b525
                            0x00000000
                            0x00000000
                            0x0141b527
                            0x0141b52c
                            0x0141b52e
                            0x0141b539
                            0x0141b539
                            0x0141b539
                            0x0141b544
                            0x0141b558
                            0x0141b55b
                            0x00000000
                            0x0141b55b
                            0x0141b4b4
                            0x0141b4b4
                            0x0141b560
                            0x0141b560
                            0x0141b562
                            0x0141b566
                            0x0141b566
                            0x00000000
                            0x0141b562
                            0x0141b371
                            0x0141b371
                            0x0141b377
                            0x0141b379
                            0x0141b56b
                            0x0141b571
                            0x0141b572
                            0x0141b573
                            0x0141b57e
                            0x0141b57e
                            0x0141b36f
                            0x0141b321
                            0x0141b321
                            0x00000000

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 90f8b0312bbe0a693748f1bd347ec1a237652f215ed0b3f8152296a84be4b781
                            • Instruction ID: e1c83bbd46ce1a02df7e8f2a50e8800c8883b2341c8b384cba2fd4c2390cf2f0
                            • Opcode Fuzzy Hash: 90f8b0312bbe0a693748f1bd347ec1a237652f215ed0b3f8152296a84be4b781
                            • Instruction Fuzzy Hash: 0171AE71604351AFD711CF69C884A6BBBF9EF98744F04456EFD498B229D630D808CBA2
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 013797ED Relevance: .2, Instructions: 202COMMON
                            Download Yara Rule
                            C-Code - Quality: 74%
                            			E013797ED(intOrPtr __ecx, intOrPtr* __edx) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				void* _v28;
				void* _v32;
				void* __ebx;
				void* __edi;
				unsigned int* _t72;
				signed int _t77;
				intOrPtr* _t80;
				char* _t81;
				signed int _t91;
				signed int _t101;
				char* _t108;
				signed int _t112;
				char* _t118;
				intOrPtr* _t130;
				unsigned int _t162;
				signed int _t164;
				intOrPtr _t166;
				signed int _t167;
				void* _t170;

				_t133 = __ecx;
				_t130 = __edx;
				_v24 = __ecx;
				_t166 =  *((intOrPtr*)(__ecx + 0xc));
				_v20 =  *__edx;
				_t162 = __ecx - 0xa8 + (( *(__edx + 8) & 0x000000ff) << 5);
				if( *((intOrPtr*)(_t166 + 0xd8)) != 0) {
					if(( *(_t166 + 0x40) & 0x00000001) == 0) {
						E0136EEF0( *((intOrPtr*)(_t166 + 0xc8)));
						E0136EB70(_t133,  *((intOrPtr*)(_t166 + 0xc8)));
					}
				}
				_t167 =  *(_t162 + 4) & 0x0000ffff;
				_v12 = _t167;
				if(_t167 >  *((intOrPtr*)(_t162 + 0xc))) {
					_t72 = _t162 + 8;
					_v8 = _t72;
					if(_t167 <=  *_t72 >>  *(_t162 + 0x10)) {
						goto L2;
					}
					_t101 = 1 <<  *(_t130 + 8);
					if(1 > 0x78000) {
						_t101 = 0x78000;
					}
					_v16 = ( *(_t130 + 0xa) & 0x0000ffff) + _t101;
					E0137C111( *((intOrPtr*)(_v24 + 0xc)), _t130, ( *(_t130 + 0xa) & 0x0000ffff) + _t101);
					if(E01377D50() != 0) {
						_t108 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					} else {
						_t108 = 0x7ffe0380;
					}
					if( *_t108 != 0) {
						if(( *( *[fs:0x30] + 0x240) & 0x00000001) == 0) {
							goto L13;
						} else {
							_t132 = _v24;
							E01411951(_v24,  *((intOrPtr*)(_v24 + 0xc)), _t130, _v16, ( *(_v20 + 0x14) & 0x0000ffff) << 3);
							goto L14;
						}
					} else {
						L13:
						_t132 = _v24;
						L14:
						_t91 = _t162 + 8;
						asm("lock dec dword [eax]");
						if(_v12 != 0) {
							_t91 = E01381710(_t162);
							_t164 = _t91;
							if(_t164 != 0) {
								_t112 = 1 <<  *(_t164 + 8);
								if(1 > 0x78000) {
									_t112 = 0x78000;
								}
								_t175 = ( *(_t164 + 0xa) & 0x0000ffff) + _t112;
								asm("lock xadd [eax], ecx");
								E0137C111( *((intOrPtr*)(_t132 + 0xc)), _t164,  ~(( *(_t164 + 0xa) & 0x0000ffff) + _t112));
								if(E01377D50() != 0) {
									_t118 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
								} else {
									_t118 = 0x7ffe0380;
								}
								if( *_t118 != 0) {
									if(( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
										E014118CA(_t132,  *((intOrPtr*)(_t132 + 0xc)), _t164, _t175, 0);
										E01411951(_t132,  *((intOrPtr*)(_t132 + 0xc)), _t164, _t175, 0);
									}
								}
								_t91 = _v8;
								asm("lock dec dword [eax]");
							}
						}
						L7:
						return _t91;
					}
				}
				L2:
				_t77 = 1 <<  *(_t130 + 8);
				if(1 > 0x78000) {
					_t77 = 0x78000;
				}
				_t170 = ( *(_t130 + 0xa) & 0x0000ffff) + _t77;
				asm("lock xadd [eax], ecx");
				_t80 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t80 != 0) {
					if( *_t80 == 0) {
						goto L4;
					}
					_t81 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					goto L5;
				} else {
					L4:
					_t81 = 0x7ffe0380;
					L5:
					if( *_t81 != 0) {
						if(( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
							E014119D8(_t130,  *((intOrPtr*)(_v24 + 0xc)), _t130, _t170, ( *(_v20 + 0x14) & 0x0000ffff) << 3);
						}
					}
					E01372280(_t162 >> 0x00000002 & 0x0000001f, 0x1446dc0 + (_t162 >> 0x00000002 & 0x0000001f) * 4);
					 *_t130 =  *_t162;
					 *(_t162 + 4) =  *(_t162 + 4) + 1;
					 *_t162 = _t130;
					E0136FFB0(_t130, _t162, 0x1446dc0 + (_t162 >> 0x00000002 & 0x0000001f) * 4);
					_t91 = ( *(_t162 + 0x16) & 0x0000ffff) + 1;
					 *(_t162 + 0x16) = _t91;
					goto L7;
				}
			}



























                            0x013797ed
                            0x013797f9
                            0x013797ff
                            0x0137980b
                            0x0137980e
                            0x01379819
                            0x01379824
                            0x01379996
                            0x013799a2
                            0x013799ad
                            0x013799b2
                            0x01379996
                            0x0137982a
                            0x01379831
                            0x01379837
                            0x013798b6
                            0x013798b9
                            0x013798c6
                            0x00000000
                            0x00000000
                            0x013798d7
                            0x013798db
                            0x013c1366
                            0x013c1366
                            0x013798ed
                            0x013798fd
                            0x01379909
                            0x013c1376
                            0x0137990f
                            0x0137990f
                            0x0137990f
                            0x01379917
                            0x013c138d
                            0x00000000
                            0x013c1393
                            0x013c1399
                            0x013c13af
                            0x00000000
                            0x013c13af
                            0x0137991d
                            0x0137991d
                            0x0137991d
                            0x01379921
                            0x01379921
                            0x01379924
                            0x0137992c
                            0x01379934
                            0x01379939
                            0x0137993d
                            0x01379949
                            0x0137994d
                            0x013799bb
                            0x013799bb
                            0x01379953
                            0x0137995c
                            0x01379966
                            0x01379972
                            0x013c13c2
                            0x01379978
                            0x01379978
                            0x01379978
                            0x01379980
                            0x013c13d9
                            0x013c13e7
                            0x013c13f4
                            0x013c13f4
                            0x013c13d9
                            0x01379986
                            0x0137998a
                            0x0137998a
                            0x0137993d
                            0x013798ad
                            0x013798b3
                            0x013798b3
                            0x01379917
                            0x01379839
                            0x01379844
                            0x01379848
                            0x013c13fe
                            0x013c13fe
                            0x01379852
                            0x01379859
                            0x01379863
                            0x01379868
                            0x013c1408
                            0x00000000
                            0x00000000
                            0x013c1417
                            0x00000000
                            0x0137986e
                            0x0137986e
                            0x0137986e
                            0x01379873
                            0x01379876
                            0x013c142e
                            0x013c144d
                            0x013c144d
                            0x013c142e
                            0x0137988c
                            0x01379893
                            0x01379895
                            0x0137989a
                            0x0137989c
                            0x013798a8
                            0x013798a9
                            0x00000000
                            0x013798a9

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: e0c9083f2fdd3786aeb583125882bc0a838096b1e9f11a376be62fb302f615e4
                            • Instruction ID: fc994fce73aa4f2b89631e413bc44d79e55f70e5d0fa76a4da805f2f1cc7400d
                            • Opcode Fuzzy Hash: e0c9083f2fdd3786aeb583125882bc0a838096b1e9f11a376be62fb302f615e4
                            • Instruction Fuzzy Hash: 2571E135604652DFD321DF28C480B2AB7E4FF85728F058669E899CB752D738DC45CB91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0136F370 Relevance: .2, Instructions: 194COMMON
                            Download Yara Rule
                            C-Code - Quality: 87%
                            			E0136F370(intOrPtr __ecx, signed int __edx, intOrPtr _a4, intOrPtr _a8) {
				char _v5;
				intOrPtr _v12;
				intOrPtr _v16;
				signed int _v20;
				unsigned int _v24;
				unsigned int _v28;
				void* __ebx;
				void* __edi;
				unsigned int _t65;
				signed int _t75;
				signed int _t76;
				intOrPtr* _t101;
				char* _t102;
				unsigned int _t115;
				signed int _t119;
				unsigned int _t124;
				void* _t134;
				signed int _t135;
				unsigned int _t137;
				signed int _t141;
				signed int _t148;
				void* _t152;
				intOrPtr* _t155;
				intOrPtr* _t156;
				unsigned int _t159;

				_v12 = __ecx;
				_v5 = __edx;
				_t65 = ((__edx & 0x000000ff) << 5) + __ecx;
				_t115 = _t65 - 0xa8;
				_v28 = _t65;
				_v24 = _t115;
				 *(_t115 + 0x14) = ( *(_t115 + 0x14) & 0x0000ffff) + 1;
				_v16 = 0x1446dc0 + (_t115 >> 0x00000002 & 0x0000001f) * 4;
				E01372280(_t115 >> 0x00000002 & 0x0000001f, 0x1446dc0 + (_t115 >> 0x00000002 & 0x0000001f) * 4);
				_t155 =  *_t115;
				if(_t155 != 0) {
					 *_t115 =  *_t155;
					 *((intOrPtr*)(_t115 + 4)) =  *((intOrPtr*)(_t115 + 4)) + 0xffff;
				}
				asm("lock cmpxchg [edi], ecx");
				_t119 = 1;
				if(1 != 1) {
					while(1) {
						_t75 = _t119 & 0x00000006;
						_v20 = _t75;
						_t76 = _t119;
						_t134 = (0 | _t75 == 0x00000002) * 4 - 1 + _t119;
						asm("lock cmpxchg [ebx], edi");
						if(_t76 == _t119) {
							break;
						}
						_t119 = _t76;
					}
					_t115 = _v24;
					if(_v20 == 2) {
						E013900C2(_v16, 0, _t134);
					}
					_t135 = 1;
				}
				if(_t155 == 0) {
					_t77 = _v5;
					if(_v5 <= 7) {
						L17:
						_t156 = E0136B433( *((intOrPtr*)(_v12 + 0xc)), _t77, _a4, _a8);
						if(_t156 != 0) {
							asm("lock inc dword [eax]");
						}
						L11:
						_t137 =  *(_t115 + 0x14) & 0x0000ffff;
						if(_t137 > 0x40) {
							_t148 =  *(_t115 + 0x18) & 0x0000ffff;
							if(_t137 >= (( *(_t115 + 0x16) & 0x0000ffff) >> 1) + ( *(_t115 + 0x16) & 0x0000ffff) || _t148 >= _t137 - (_t137 >> 1)) {
								L23:
								 *(_t115 + 0x14) = 0;
								 *(_t115 + 0x16) = 0;
								 *(_t115 + 0x18) = 0;
								goto L12;
							} else {
								if( *((intOrPtr*)(_t115 + 0xc)) >= 2) {
									if( *((intOrPtr*)(_t115 + 0x10)) <= 2) {
										goto L23;
									}
									L26:
									asm("lock cmpxchg [edx], ecx");
									goto L23;
								}
								goto L26;
							}
						}
						L12:
						return _t156;
					}
					_t159 = _v28 + 0xffffff38;
					_v28 = _t159;
					_t150 = 0x1446dc0 + (_t159 >> 0x00000002 & 0x0000001f) * 4;
					E01372280(_t159 >> 0x00000002 & 0x0000001f, 0x1446dc0 + (_t159 >> 0x00000002 & 0x0000001f) * 4);
					_t156 =  *_t159;
					if(_t156 != 0) {
						_t124 = _v28;
						 *_t124 =  *_t156;
						 *((intOrPtr*)(_t124 + 4)) =  *((intOrPtr*)(_t124 + 4)) + 0xffff;
					}
					E0136FFB0(_t115, _t150, _t150);
					if(_t156 != 0) {
						_v5 = _v5 - 1;
						_t135 = 1;
						L5:
						if(_t156 == 0) {
							goto L16;
						}
						_t141 = _t135 <<  *(_t156 + 8);
						if(_t141 > 0x78000) {
							_t141 = 0x78000;
						}
						_t152 = ( *(_t156 + 0xa) & 0x0000ffff) + _t141;
						_t101 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
						if(_t101 != 0) {
							if( *_t101 == 0) {
								goto L8;
							}
							_t102 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							goto L9;
						} else {
							L8:
							_t102 = 0x7ffe0380;
							L9:
							if( *_t102 != 0) {
								if(( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
									E014118CA(_t115,  *((intOrPtr*)(_v12 + 0xc)), _t156, _t152, _a4);
								}
							}
							asm("lock xadd [eax], edi");
							goto L11;
						}
					} else {
						L16:
						_t77 = _v5;
						goto L17;
					}
				}
				 *(_t115 + 0x18) = ( *(_t115 + 0x18) & 0x0000ffff) + 1;
				goto L5;
			}




























                            0x0136f37a
                            0x0136f37d
                            0x0136f386
                            0x0136f389
                            0x0136f38f
                            0x0136f39a
                            0x0136f39d
                            0x0136f3b3
                            0x0136f3b6
                            0x0136f3bb
                            0x0136f3bf
                            0x0136f3c3
                            0x0136f3ca
                            0x0136f3ca
                            0x0136f3d7
                            0x0136f3db
                            0x0136f3df
                            0x013bbc33
                            0x013bbc37
                            0x013bbc3d
                            0x013bbc40
                            0x013bbc4c
                            0x013bbc50
                            0x013bbc56
                            0x00000000
                            0x00000000
                            0x013bbc58
                            0x013bbc58
                            0x013bbc60
                            0x013bbc63
                            0x013bbc6b
                            0x013bbc6b
                            0x013bbc70
                            0x013bbc70
                            0x0136f3e7
                            0x0136f45a
                            0x0136f45f
                            0x0136f495
                            0x0136f4a8
                            0x0136f4ac
                            0x0136f4ba
                            0x0136f4ba
                            0x0136f43f
                            0x0136f443
                            0x0136f449
                            0x0136f4e2
                            0x0136f4ee
                            0x0136f4fa
                            0x0136f4fc
                            0x0136f500
                            0x0136f504
                            0x00000000
                            0x0136f50d
                            0x0136f516
                            0x0136f52a
                            0x00000000
                            0x00000000
                            0x0136f51b
                            0x0136f51b
                            0x00000000
                            0x0136f51b
                            0x00000000
                            0x0136f518
                            0x0136f4ee
                            0x0136f44f
                            0x0136f457
                            0x0136f457
                            0x0136f464
                            0x0136f46c
                            0x0136f475
                            0x0136f47d
                            0x0136f482
                            0x0136f486
                            0x0136f4bf
                            0x0136f4c4
                            0x0136f4cb
                            0x0136f4cb
                            0x0136f489
                            0x0136f490
                            0x0136f4d1
                            0x0136f4d4
                            0x0136f3f5
                            0x0136f3f7
                            0x00000000
                            0x00000000
                            0x0136f400
                            0x0136f408
                            0x013bbc7a
                            0x013bbc7a
                            0x0136f418
                            0x0136f41a
                            0x0136f41f
                            0x013bbc87
                            0x00000000
                            0x00000000
                            0x013bbc96
                            0x00000000
                            0x0136f425
                            0x0136f425
                            0x0136f425
                            0x0136f42a
                            0x0136f42d
                            0x013bbcad
                            0x013bbcbf
                            0x013bbcbf
                            0x013bbcad
                            0x0136f43b
                            0x00000000
                            0x0136f43b
                            0x0136f492
                            0x0136f492
                            0x0136f492
                            0x00000000
                            0x0136f492
                            0x0136f490
                            0x0136f3f1
                            0x00000000

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 0cc983dbff37ee39d2a542b0025727ba77cdc82e5604b5b3ddd1cc7ed90cbff7
                            • Instruction ID: 7479a5ceb389d554c18cf50b6aac8ebdbd500390985ed58f5e254a01f7c88e4a
                            • Opcode Fuzzy Hash: 0cc983dbff37ee39d2a542b0025727ba77cdc82e5604b5b3ddd1cc7ed90cbff7
                            • Instruction Fuzzy Hash: 16610136A051158BCB26CF5CD4903BABBBDEF85308B14C0A9E955EBB49DB34C942C790
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 014156B6 Relevance: .2, Instructions: 184COMMON
                            Download Yara Rule
                            C-Code - Quality: 96%
                            			E014156B6(signed int __ecx, intOrPtr* __edx, signed int _a4, signed int _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				signed int _v8;
				signed int _v12;
				intOrPtr* _v16;
				short _v18;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				intOrPtr* _v32;
				intOrPtr _v36;
				void* __ebx;
				intOrPtr* _t107;
				void* _t122;
				signed int _t123;
				signed int _t126;
				intOrPtr* _t127;
				char* _t130;
				signed int _t151;
				intOrPtr* _t153;
				signed int _t158;
				intOrPtr _t160;
				signed int _t163;
				intOrPtr* _t167;
				signed int _t168;
				intOrPtr _t170;
				intOrPtr _t171;
				signed int _t184;
				intOrPtr* _t185;
				signed int _t188;
				signed int _t191;
				signed short _t201;
				unsigned int _t203;
				intOrPtr _t204;
				intOrPtr* _t210;
				signed int _t214;

				_t153 = __edx;
				_v24 = __ecx;
				_v32 = __edx;
				if((_a8 & 0x00000003) != 0) {
					_t158 =  *(__edx + 0x1b) & 0x000000ff;
					_t184 =  *(_a20 + 2) & 0x000000ff;
					_v36 =  *((intOrPtr*)(__edx + 0x10));
					if(_t158 != 0) {
						_t107 =  *((intOrPtr*)(__ecx + 0x5c4 + _t184 * 4)) + 0xffffff98 + _t158 * 0x68;
					} else {
						_t107 =  *((intOrPtr*)(__ecx + 0x3c0 + _t184 * 4));
					}
					_t160 = _a12;
					_t185 = _a4;
					_v16 = _t107;
					 *_t185 = _t153;
					_v12 = (_t160 + 0x00001007 & 0xfffff000) + 0x1000;
					_t188 = ((_a16 + _t185 & 0xfffff000) - (_t185 + 0x0000101f & 0xfffff000)) / _v12;
					 *((short*)(_t153 + 0x14)) = _t160 + 8 >> 3;
					 *(_t153 + 0x18) = _t188;
					 *_t153 = _v16;
					_v8 = _t188;
					 *((char*)(_t153 + 0x1a)) =  *(_a20 + 2);
					 *((short*)(_t153 + 0x16)) = _a8;
					_v18 = _v12;
					_t122 = E014155C6(_t153, _t185 + 0x0000101f & 0xfffff000);
					_t163 =  *0x144874c; // 0xb79398c5
					_t123 = _a4;
					_t201 = _t122 - _t123;
					_v20 = _t201;
					 *(_t123 + 0x10) = _t163 ^ _v20 ^ _v24 ^ _t123;
					_t167 = _t123 + 0x14;
					 *_t167 = _v8;
					 *((intOrPtr*)(_t167 + 4)) = _t123 + 0x1c;
					E0141A496(_t167);
					_t168 = _a4;
					_v20 = _v20 & 0x00000000;
					_t191 = _v8;
					_t203 = (_t201 & 0x0000ffff) + _t168;
					if(_t191 == 0) {
						L9:
						 *(_t153 + 4) = _t168;
						 *(_t153 + 8) =  *(_t153 + 8) & 0x00000000;
						 *(_t153 + 0xc) =  *(_t153 + 0xc) & 0x00000000;
						_t210 = _v16 + 0x50;
						do {
							_t126 =  *_t210;
							_t204 =  *((intOrPtr*)(_t210 + 4));
							_v28 = _t126;
							if(_t191 <= 0) {
							}
							asm("lock cmpxchg8b [esi]");
							_t170 = _t204;
							_t191 = _v8;
						} while (_t126 != _v28 || _t170 != _t204);
						_t127 = _v16;
						_t205 = _v32;
						_v20 = _v20 & 0x00000000;
						_v20 = _t191;
						_t171 =  *_t127;
						 *((intOrPtr*)(_t171 + 0x10)) =  *((intOrPtr*)(_t171 + 0x10)) + 1;
						 *((intOrPtr*)(_t127 + 0x58)) =  *((intOrPtr*)(_t171 + 0x10));
						 *((intOrPtr*)(_v32 + 0x1c)) = 1;
						asm("lock cmpxchg [edx], ecx");
						if(E01377D50() == 0) {
							_t130 = 0x7ffe0380;
						} else {
							_t130 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
						}
						if( *_t130 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
							E01411A5F(1,  *((intOrPtr*)(_v24 + 0xc)),  *((intOrPtr*)(_t205 + 4)),  *(_t205 + 0x14) & 0x0000ffff,  *(_t205 + 0x18) & 0x0000ffff,  *(_t205 + 0x1b) & 0x000000ff);
						}
						return 1;
					} else {
						_v28 = _v12 << 0xd;
						_t214 = _t203 - _t168 << 0xd;
						do {
							 *_t203 = _t203 >> 0x00000003 ^ _t214 ^  *0x144874c ^  *(_v24 + 0xc);
							 *(_t203 + 4) = (_v20 & 0x0000ffff) << 0x00000008 |  *(_t203 + 4) & 0xff0000ff;
							 *((char*)(_t203 + 7)) = 0x80;
							E01415656(_t153, _t203);
							_t203 = _t203 + _v12;
							_t214 = _t214 + _v28;
							_t151 = _v20 + 1;
							_t191 = _v8;
							_v20 = _t151;
						} while (_t151 < _t191);
						_t168 = _a4;
						goto L9;
					}
				}
				return 0;
			}





































                            0x014156c5
                            0x014156c7
                            0x014156ca
                            0x014156cd
                            0x014156dd
                            0x014156e1
                            0x014156e5
                            0x014156eb
                            0x01415703
                            0x014156ed
                            0x014156ed
                            0x014156ed
                            0x01415705
                            0x01415708
                            0x0141570b
                            0x01415719
                            0x01415726
                            0x01415740
                            0x0141574b
                            0x01415752
                            0x01415756
                            0x0141575a
                            0x01415762
                            0x01415769
                            0x01415770
                            0x01415774
                            0x01415779
                            0x01415781
                            0x01415784
                            0x01415789
                            0x01415795
                            0x01415798
                            0x0141579e
                            0x014157a0
                            0x014157a3
                            0x014157a8
                            0x014157ab
                            0x014157af
                            0x014157b5
                            0x014157b9
                            0x0141581a
                            0x0141581d
                            0x01415820
                            0x01415824
                            0x01415828
                            0x0141582b
                            0x0141582b
                            0x0141582d
                            0x01415830
                            0x0141583b
                            0x0141583b
                            0x01415842
                            0x01415846
                            0x01415848
                            0x0141584b
                            0x01415854
                            0x01415859
                            0x0141585d
                            0x01415861
                            0x01415865
                            0x0141586a
                            0x01415870
                            0x01415879
                            0x0141587c
                            0x01415887
                            0x01415899
                            0x01415889
                            0x01415892
                            0x01415892
                            0x014158a1
                            0x014158cd
                            0x014158cd
                            0x00000000
                            0x014157bb
                            0x014157c5
                            0x014157c8
                            0x014157cb
                            0x014157e0
                            0x014157f5
                            0x014157fa
                            0x014157fe
                            0x01415806
                            0x01415809
                            0x0141580c
                            0x0141580d
                            0x01415810
                            0x01415813
                            0x01415817
                            0x00000000
                            0x01415817
                            0x014157b9
                            0x00000000

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 4958c86a09df5735c8b5bbbfbe62352f7b1b7162c5d8127b58b5186df4bbe183
                            • Instruction ID: d213373e344602f9cc74295bf8ec8148f0383d39ec5a791d130ed22d0bfb4eff
                            • Opcode Fuzzy Hash: 4958c86a09df5735c8b5bbbfbe62352f7b1b7162c5d8127b58b5186df4bbe183
                            • Instruction Fuzzy Hash: 6A819275A00606DFCB09CF68C490AAEBBF1FF98310F14866AD859DB355D734EA51CB90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0135395E Relevance: .2, Instructions: 172COMMON
                            Download Yara Rule
                            C-Code - Quality: 83%
                            			E0135395E(signed int __ecx, signed int __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t54;
				intOrPtr _t57;
				intOrPtr _t67;
				intOrPtr _t74;
				void* _t77;
				intOrPtr* _t81;
				signed int _t93;
				void* _t94;
				intOrPtr* _t97;
				intOrPtr* _t104;
				intOrPtr _t109;
				signed int _t112;
				intOrPtr* _t113;
				signed int _t114;
				void* _t123;

				_v8 =  *0x144d360 ^ _t114;
				_t54 =  *0x14484cc; // 0x0
				_v16 = __edx;
				_t93 = 0;
				_t112 = __ecx;
				_v12 = _v12 & 0;
				L0137FAD0(_t54 + 4);
				_t109 =  *0x14484cc; // 0x0
				_t110 = _t109 + 8;
				_t97 =  *_t110;
				while(_t97 != _t110) {
					_t113 = _t97 - 0x1c;
					_t67 =  *((intOrPtr*)(_t112 + 0xc));
					if( *((intOrPtr*)(_t113 + 0x10)) !=  *((intOrPtr*)(_t112 + 8)) ||  *((intOrPtr*)(_t113 + 0x14)) != _t67 ||  *((intOrPtr*)(_t113 + 8)) !=  *_t112) {
						L21:
						_t97 =  *_t97;
						continue;
					} else {
						_t69 =  *((intOrPtr*)(_t113 + 0xc));
						if( *((intOrPtr*)(_t113 + 0xc)) !=  *((intOrPtr*)(_t112 + 4))) {
							goto L21;
						}
						_t94 = _t113 + 0x28;
						E01372280(_t69, _t94);
						if( *(_t113 + 0x5c) == 2) {
							__eflags = _v16;
							if(_v16 == 0) {
								L013777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *(_t113 + 0x58));
								 *(_t113 + 0x58) =  *(_t113 + 0x58) & 0x00000000;
								 *(_t113 + 0x5c) =  *(_t113 + 0x5c) & 0x00000000;
								L8:
								asm("lock inc dword [esi+0x50]");
								 *(_t113 + 0x5c) = 1;
								E0136FFB0(_t94, _t112, _t94);
								_t74 =  *0x14484cc; // 0x0
								_t123 = _t74 + 4;
								E0137FA00(_t94, _t97, _t112, _t74 + 4);
								while(1) {
									_t95 = 0;
									_t77 = E01353ACA(0, _t112, _t113, _t112, _t113, _t123, 0);
									_t124 = _t77 - 0xc000022d;
									if(_t77 == 0xc000022d) {
										_t95 = 0xc000022d;
									}
									_t110 = _t113;
									if(E01353ACA(_t95, _t112, _t113, _t112, _t113, _t124, 1) == 0xc000022d) {
										_t93 = 0xc000022d;
									}
									E01372280(_t113 + 0x28, _t113 + 0x28);
									_v12 = _v12 + 1;
									_t104 = _t113 + 0x2c;
									_t81 =  *_t104;
									while(_t81 != _t104) {
										 *(_t81 + 0x60) =  *(_t81 + 0x60) & 0x00000000;
										_t81 =  *_t81;
									}
									if( *(_t113 + 0x58) != 0) {
										_t112 =  *(_t113 + 0x58);
										 *(_t113 + 0x58) =  *(_t113 + 0x58) & 0x00000000;
										E0136FFB0(_t93, _t112, _t113 + 0x28);
										continue;
									}
									if(_t93 != 0) {
										__eflags = _t93 - 0xc000022d;
										if(_t93 == 0xc000022d) {
											 *(_t113 + 0x58) = _t112;
											 *(_t113 + 0x5c) = 2;
											E013E2DA1(_t113);
										}
										L17:
										E0136FFB0(_t93, _t112, _t113 + 0x28);
										E0138DE9E(_t113);
										L18:
										if(_v12 > 1) {
											_t113 = 0;
											_t49 = _t112 + 8; // 0x8
											_push(0);
											_push(0);
											_push(_t93);
											_push( *((intOrPtr*)(_t112 + 0x18)));
											_push(_t112);
											E0139A3A0();
											__eflags = _t93;
											if(_t93 == 0) {
												L013777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t112);
											}
											_t93 = 0x80;
										}
										return E0139B640(_t93, _t93, _v8 ^ _t114, _t110, _t112, _t113);
									}
									 *(_t113 + 0x5c) =  *(_t113 + 0x5c) & _t93;
									if( *((intOrPtr*)(_t113 + 0x18)) != _t93) {
										__eflags =  *((intOrPtr*)(_t112 + 0x10)) -  *((intOrPtr*)(_t113 + 0x18));
										if( *((intOrPtr*)(_t112 + 0x10)) -  *((intOrPtr*)(_t113 + 0x18)) > 0) {
											goto L16;
										}
										goto L17;
									}
									L16:
									 *((intOrPtr*)(_t113 + 0x18)) =  *((intOrPtr*)(_t112 + 0x10));
									goto L17;
								}
							}
							_push(_t94);
							L27:
							E0136FFB0(_t94, _t112);
							_t93 = 0x80;
							break;
						}
						if( *(_t113 + 0x5c) == 1) {
							__eflags = _v16;
							_push(_t94);
							if(_v16 != 0) {
								goto L27;
							}
							 *(_t113 + 0x58) = _t112;
							E0136FFB0(_t94, _t112);
							_t93 = 0x103;
							break;
						}
						goto L8;
					}
				}
				_t57 =  *0x14484cc; // 0x0
				E0137FA00(_t93, _t97, _t112, _t57 + 4);
				goto L18;
			}

























                            0x0135396d
                            0x01353970
                            0x0135397b
                            0x0135397e
                            0x01353980
                            0x01353982
                            0x01353986
                            0x0135398b
                            0x01353991
                            0x01353994
                            0x01353996
                            0x013539a1
                            0x013539a7
                            0x013539aa
                            0x01353aa7
                            0x01353aa7
                            0x00000000
                            0x013539c4
                            0x013539c4
                            0x013539ca
                            0x00000000
                            0x00000000
                            0x013539d0
                            0x013539d4
                            0x013539dd
                            0x013afffc
                            0x013b0000
                            0x013b0020
                            0x013b0025
                            0x013b0029
                            0x013539ed
                            0x013539ed
                            0x013539f2
                            0x013539f9
                            0x013539fe
                            0x01353a03
                            0x01353a07
                            0x01353a0c
                            0x01353a0c
                            0x01353a13
                            0x01353a1d
                            0x01353a1f
                            0x013b004b
                            0x013b004b
                            0x01353a27
                            0x01353a37
                            0x013b0052
                            0x013b0052
                            0x01353a41
                            0x01353a46
                            0x01353a49
                            0x01353a4c
                            0x01353a4e
                            0x01353a9f
                            0x01353aa3
                            0x01353aa3
                            0x01353a56
                            0x013b0059
                            0x013b005f
                            0x013b0064
                            0x00000000
                            0x013b0064
                            0x01353a5e
                            0x013b0073
                            0x013b0075
                            0x013b007d
                            0x013b0080
                            0x013b0087
                            0x013b0087
                            0x01353a72
                            0x01353a76
                            0x01353a7d
                            0x01353a82
                            0x01353a86
                            0x013b0091
                            0x013b0093
                            0x013b0096
                            0x013b0097
                            0x013b0098
                            0x013b0099
                            0x013b009c
                            0x013b009e
                            0x013b00a3
                            0x013b00a5
                            0x013b00b2
                            0x013b00b2
                            0x013b00b7
                            0x013b00b7
                            0x01353a9e
                            0x01353a9e
                            0x01353a64
                            0x01353a6a
                            0x01353ac4
                            0x01353ac6
                            0x00000000
                            0x00000000
                            0x00000000
                            0x01353ac8
                            0x01353a6c
                            0x01353a6f
                            0x00000000
                            0x01353a6f
                            0x01353a0c
                            0x013b0002
                            0x013b0003
                            0x013b0003
                            0x013b0008
                            0x00000000
                            0x013b0008
                            0x013539e7
                            0x013b0032
                            0x013b0036
                            0x013b0037
                            0x00000000
                            0x00000000
                            0x013b0039
                            0x013b003c
                            0x013b0041
                            0x00000000
                            0x013b0041
                            0x00000000
                            0x013539e7
                            0x013539aa
                            0x01353aae
                            0x01353ab7
                            0x00000000

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 1a5ab0b7cfc25ef38e67f47983cb7a0d5dc54f4f3900537a0799395f9008ddb2
                            • Instruction ID: e8bcf70d6117057cd8c74eda9fc1e704c6cd182eae8224db89d0ffef1448620d
                            • Opcode Fuzzy Hash: 1a5ab0b7cfc25ef38e67f47983cb7a0d5dc54f4f3900537a0799395f9008ddb2
                            • Instruction Fuzzy Hash: F0519C71A007469FEB35EB99C884E6BB7B9FB5474DF00482DE94687A11D774E844CB80
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0135B171 Relevance: .2, Instructions: 166COMMONLIBRARYCODE
                            Download Yara Rule
                            C-Code - Quality: 78%
                            			E0135B171(signed short __ebx, intOrPtr __ecx, intOrPtr* __edx, intOrPtr* __edi, signed short __esi, void* __eflags) {
				signed int _t65;
				signed short _t69;
				intOrPtr _t70;
				signed short _t85;
				void* _t86;
				signed short _t89;
				signed short _t91;
				intOrPtr _t92;
				intOrPtr _t97;
				intOrPtr* _t98;
				signed short _t99;
				signed short _t101;
				void* _t102;
				char* _t103;
				signed short _t104;
				intOrPtr* _t110;
				void* _t111;
				void* _t114;
				intOrPtr* _t115;

				_t109 = __esi;
				_t108 = __edi;
				_t106 = __edx;
				_t95 = __ebx;
				_push(0x90);
				_push(0x142f7a8);
				E013AD0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t114 - 0x9c)) = __edx;
				 *((intOrPtr*)(_t114 - 0x84)) = __ecx;
				 *((intOrPtr*)(_t114 - 0x8c)) =  *((intOrPtr*)(_t114 + 0xc));
				 *((intOrPtr*)(_t114 - 0x88)) =  *((intOrPtr*)(_t114 + 0x10));
				 *((intOrPtr*)(_t114 - 0x78)) =  *[fs:0x18];
				if(__edx == 0xffffffff) {
					L6:
					_t97 =  *((intOrPtr*)(_t114 - 0x78));
					_t65 =  *(_t97 + 0xfca) & 0x0000ffff;
					__eflags = _t65 & 0x00000002;
					if((_t65 & 0x00000002) != 0) {
						L3:
						L4:
						return E013AD130(_t95, _t108, _t109);
					}
					 *(_t97 + 0xfca) = _t65 | 0x00000002;
					_t108 = 0;
					_t109 = 0;
					_t95 = 0;
					__eflags = 0;
					while(1) {
						__eflags = _t95 - 0x200;
						if(_t95 >= 0x200) {
							break;
						}
						E0139D000(0x80);
						 *((intOrPtr*)(_t114 - 0x18)) = _t115;
						_t108 = _t115;
						_t95 = _t95 - 0xffffff80;
						_t17 = _t114 - 4;
						 *_t17 =  *(_t114 - 4) & 0x00000000;
						__eflags =  *_t17;
						_t106 =  *((intOrPtr*)(_t114 - 0x84));
						_t110 =  *((intOrPtr*)(_t114 - 0x84));
						_t102 = _t110 + 1;
						do {
							_t85 =  *_t110;
							_t110 = _t110 + 1;
							__eflags = _t85;
						} while (_t85 != 0);
						_t111 = _t110 - _t102;
						_t21 = _t95 - 1; // -129
						_t86 = _t21;
						__eflags = _t111 - _t86;
						if(_t111 > _t86) {
							_t111 = _t86;
						}
						E0139F3E0(_t108, _t106, _t111);
						_t115 = _t115 + 0xc;
						_t103 = _t111 + _t108;
						 *((intOrPtr*)(_t114 - 0x80)) = _t103;
						_t89 = _t95 - _t111;
						__eflags = _t89;
						_push(0);
						if(_t89 == 0) {
							L15:
							_t109 = 0xc000000d;
							goto L16;
						} else {
							__eflags = _t89 - 0x7fffffff;
							if(_t89 <= 0x7fffffff) {
								L16:
								 *(_t114 - 0x94) = _t109;
								__eflags = _t109;
								if(_t109 < 0) {
									__eflags = _t89;
									if(_t89 != 0) {
										 *_t103 = 0;
									}
									L26:
									 *(_t114 - 0xa0) = _t109;
									 *(_t114 - 4) = 0xfffffffe;
									__eflags = _t109;
									if(_t109 >= 0) {
										L31:
										_t98 = _t108;
										_t39 = _t98 + 1; // 0x1
										_t106 = _t39;
										do {
											_t69 =  *_t98;
											_t98 = _t98 + 1;
											__eflags = _t69;
										} while (_t69 != 0);
										_t99 = _t98 - _t106;
										__eflags = _t99;
										L34:
										_t70 =  *[fs:0x30];
										__eflags =  *((char*)(_t70 + 2));
										if( *((char*)(_t70 + 2)) != 0) {
											L40:
											 *((intOrPtr*)(_t114 - 0x74)) = 0x40010006;
											 *(_t114 - 0x6c) =  *(_t114 - 0x6c) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x64)) = 2;
											 *(_t114 - 0x70) =  *(_t114 - 0x70) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x60)) = (_t99 & 0x0000ffff) + 1;
											 *((intOrPtr*)(_t114 - 0x5c)) = _t108;
											 *(_t114 - 4) = 1;
											_push(_t114 - 0x74);
											E013ADEF0(_t99, _t106);
											 *(_t114 - 4) = 0xfffffffe;
											 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
											goto L3;
										}
										__eflags = ( *0x7ffe02d4 & 0x00000003) - 3;
										if(( *0x7ffe02d4 & 0x00000003) != 3) {
											goto L40;
										}
										_push( *((intOrPtr*)(_t114 + 8)));
										_push( *((intOrPtr*)(_t114 - 0x9c)));
										_push(_t99 & 0x0000ffff);
										_push(_t108);
										_push(1);
										_t101 = E0139B280();
										__eflags =  *((char*)(_t114 + 0x14)) - 1;
										if( *((char*)(_t114 + 0x14)) == 1) {
											__eflags = _t101 - 0x80000003;
											if(_t101 == 0x80000003) {
												E0139B7E0(1);
												_t101 = 0;
												__eflags = 0;
											}
										}
										 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
										goto L4;
									}
									__eflags = _t109 - 0x80000005;
									if(_t109 == 0x80000005) {
										continue;
									}
									break;
								}
								 *(_t114 - 0x90) = 0;
								 *((intOrPtr*)(_t114 - 0x7c)) = _t89 - 1;
								_t91 = E0139E2D0(_t103, _t89 - 1,  *((intOrPtr*)(_t114 - 0x8c)),  *((intOrPtr*)(_t114 - 0x88)));
								_t115 = _t115 + 0x10;
								_t104 = _t91;
								_t92 =  *((intOrPtr*)(_t114 - 0x7c));
								__eflags = _t104;
								if(_t104 < 0) {
									L21:
									_t109 = 0x80000005;
									 *(_t114 - 0x90) = 0x80000005;
									L22:
									 *((char*)(_t92 +  *((intOrPtr*)(_t114 - 0x80)))) = 0;
									L23:
									 *(_t114 - 0x94) = _t109;
									goto L26;
								}
								__eflags = _t104 - _t92;
								if(__eflags > 0) {
									goto L21;
								}
								if(__eflags == 0) {
									goto L22;
								}
								goto L23;
							}
							goto L15;
						}
					}
					__eflags = _t109;
					if(_t109 >= 0) {
						goto L31;
					}
					__eflags = _t109 - 0x80000005;
					if(_t109 != 0x80000005) {
						goto L31;
					}
					 *((short*)(_t95 + _t108 - 2)) = 0xa;
					_t38 = _t95 - 1; // -129
					_t99 = _t38;
					goto L34;
				}
				if( *((char*)( *[fs:0x30] + 2)) != 0) {
					__eflags = __edx - 0x65;
					if(__edx != 0x65) {
						goto L2;
					}
					goto L6;
				}
				L2:
				_push( *((intOrPtr*)(_t114 + 8)));
				_push(_t106);
				if(E0139A890() != 0) {
					goto L6;
				}
				goto L3;
			}






















                            0x0135b171
                            0x0135b171
                            0x0135b171
                            0x0135b171
                            0x0135b171
                            0x0135b176
                            0x0135b17b
                            0x0135b180
                            0x0135b186
                            0x0135b18f
                            0x0135b198
                            0x0135b1a4
                            0x0135b1aa
                            0x013b4802
                            0x013b4802
                            0x013b4805
                            0x013b480c
                            0x013b480e
                            0x0135b1d1
                            0x0135b1d3
                            0x0135b1de
                            0x0135b1de
                            0x013b4817
                            0x013b481e
                            0x013b4820
                            0x013b4822
                            0x013b4822
                            0x013b4824
                            0x013b4824
                            0x013b482a
                            0x00000000
                            0x00000000
                            0x013b4835
                            0x013b483a
                            0x013b483d
                            0x013b483f
                            0x013b4842
                            0x013b4842
                            0x013b4842
                            0x013b4846
                            0x013b484c
                            0x013b484e
                            0x013b4851
                            0x013b4851
                            0x013b4853
                            0x013b4854
                            0x013b4854
                            0x013b4858
                            0x013b485a
                            0x013b485a
                            0x013b485d
                            0x013b485f
                            0x013b4861
                            0x013b4861
                            0x013b4866
                            0x013b486b
                            0x013b486e
                            0x013b4871
                            0x013b4876
                            0x013b4876
                            0x013b4878
                            0x013b487b
                            0x013b4884
                            0x013b4884
                            0x00000000
                            0x013b487d
                            0x013b487d
                            0x013b4882
                            0x013b4889
                            0x013b4889
                            0x013b488f
                            0x013b4891
                            0x013b48e0
                            0x013b48e2
                            0x013b48e4
                            0x013b48e4
                            0x013b48e7
                            0x013b48e7
                            0x013b48ed
                            0x013b48f4
                            0x013b48f6
                            0x013b4951
                            0x013b4951
                            0x013b4953
                            0x013b4953
                            0x013b4956
                            0x013b4956
                            0x013b4958
                            0x013b4959
                            0x013b4959
                            0x013b495d
                            0x013b495d
                            0x013b495f
                            0x013b495f
                            0x013b4965
                            0x013b4969
                            0x013b49ba
                            0x013b49ba
                            0x013b49c1
                            0x013b49c5
                            0x013b49cc
                            0x013b49d4
                            0x013b49d7
                            0x013b49da
                            0x013b49e4
                            0x013b49e5
                            0x013b49f3
                            0x013b4a02
                            0x00000000
                            0x013b4a02
                            0x013b4972
                            0x013b4974
                            0x00000000
                            0x00000000
                            0x013b4976
                            0x013b4979
                            0x013b4982
                            0x013b4983
                            0x013b4984
                            0x013b498b
                            0x013b498d
                            0x013b4991
                            0x013b4993
                            0x013b4999
                            0x013b499d
                            0x013b49a2
                            0x013b49a2
                            0x013b49a2
                            0x013b4999
                            0x013b49ac
                            0x00000000
                            0x013b49b3
                            0x013b48f8
                            0x013b48fe
                            0x00000000
                            0x00000000
                            0x00000000
                            0x013b48fe
                            0x013b4895
                            0x013b489c
                            0x013b48ad
                            0x013b48b2
                            0x013b48b5
                            0x013b48b7
                            0x013b48ba
                            0x013b48bc
                            0x013b48c6
                            0x013b48c6
                            0x013b48cb
                            0x013b48d1
                            0x013b48d4
                            0x013b48d8
                            0x013b48d8
                            0x00000000
                            0x013b48d8
                            0x013b48be
                            0x013b48c0
                            0x00000000
                            0x00000000
                            0x013b48c2
                            0x00000000
                            0x00000000
                            0x00000000
                            0x013b48c4
                            0x00000000
                            0x013b4882
                            0x013b487b
                            0x013b4904
                            0x013b4906
                            0x00000000
                            0x00000000
                            0x013b4908
                            0x013b490e
                            0x00000000
                            0x00000000
                            0x013b4910
                            0x013b4917
                            0x013b4917
                            0x00000000
                            0x013b4917
                            0x0135b1ba
                            0x013b47f9
                            0x013b47fc
                            0x00000000
                            0x00000000
                            0x00000000
                            0x013b47fc
                            0x0135b1c0
                            0x0135b1c0
                            0x0135b1c3
                            0x0135b1cb
                            0x00000000
                            0x00000000
                            0x00000000

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: f7614de4cb4cd7c28993a689cdba994741f2800fc63b17ca0d385b40bade5688
                            • Instruction ID: 41f0f42b7838ebe7fb38429e5f6bfdc17232cd05b9a21dfbb0ead37a8e44b5d2
                            • Opcode Fuzzy Hash: f7614de4cb4cd7c28993a689cdba994741f2800fc63b17ca0d385b40bade5688
                            • Instruction Fuzzy Hash: 7C51C171D002598EDF21CF68C885BEEBFB1AF04718F1041A9DA5AABA82E7714941CB95
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 01358760 Relevance: .2, Instructions: 165COMMON
                            Download Yara Rule
                            C-Code - Quality: 63%
                            			E01358760(intOrPtr _a4, signed int** _a8, signed int _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t41;
				void* _t43;
				void* _t49;
				signed int _t57;
				unsigned int _t62;
				intOrPtr _t73;
				signed int _t78;
				void* _t79;
				signed int* _t80;
				signed int _t83;
				signed int _t84;
				unsigned int _t90;
				void* _t91;
				signed int _t93;
				signed int* _t96;
				signed int _t97;
				void* _t114;

				_t83 = _a12;
				_v12 = _v12 & 0x00000000;
				if((_t83 & 0xfffffff8) != 0 || (_t83 & 0x00000005 & (_t83 & 0x00000005) - 0x00000001) != 0) {
					return 0xc00000f1;
				} else {
					_t78 = _t83 & 0x00000002;
					_v20 = _t78;
					_t41 = _t83 & 1;
					if(_t78 != 0) {
						_t93 = _t41;
						if(_t41 != 0) {
							L4:
							_t73 = _a4;
							if(_t73 != 0) {
								_t84 = _t83 & 0x00000004;
								if(_t84 == 0) {
									L7:
									if(_t84 != 0) {
										L22:
										_t79 = 4;
										_t80 = E013836CC(_t79);
										if(_t80 == 0) {
											_t43 = 0xc000009a;
											L19:
											L20:
											return _t43;
										}
										 *_t80 =  *_t80 & 0x00000000;
										 *_a8 = _t80;
										L18:
										_t43 = 0;
										goto L19;
									}
									if(_t73 != 0) {
										_v8 = _v8 & 0x00000000;
										_v16 = _t93 ^ 1;
										_t90 = E0138585B(_t73, _t93 ^ 1);
										while(1) {
											L10:
											_t82 = _t90;
											_t96 = E013836CC(_t90);
											if(_t96 == 0) {
												break;
											}
											if(_v8 != 1) {
												L14:
												if(_v16 != 1) {
													_push(_t90 >> 1);
													_push(_t73);
													_push(0);
													_push(_t90);
													_push(_t96);
													if(_v20 != 0) {
														_t49 = E01359A40(_t73, _t90);
													} else {
														_t49 = E0138BFA0(_t73, _t90, _t96);
													}
													_t91 = _t49;
													if(_t91 >= 0) {
														L17:
														 *_a8 = _t96;
														goto L18;
													} else {
														L013777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t96);
														L39:
														_t43 = _t91;
														goto L19;
													}
												}
												E0139F3E0(_t96, _t73, _t90);
												if(_v8 == 1) {
													E0136EB70(_t82,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
												}
												goto L17;
											}
											_t82 =  *[fs:0x30];
											E0136EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
											_t57 = _v12;
											_t73 =  *((intOrPtr*)(_t57 + 0x48));
											if(_t73 == 0) {
												E0136EB70(_t82,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
												L013777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t96);
												goto L22;
											}
											_t62 =  *(_t57 + 0x290);
											_t114 = _t62 - _t90;
											_t90 = _t62;
											if(_t114 > 0) {
												E0136EB70(_t82,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
												L013777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t96);
												continue;
											}
											goto L14;
										}
										_t91 = 0xc000009a;
										goto L39;
									}
									_v16 = 1;
									_v8 = 1;
									_t97 =  *( *[fs:0x30] + 0x10);
									_v12 = _t97;
									E0136EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
									_t73 =  *((intOrPtr*)(_t97 + 0x48));
									_t90 =  *(_t97 + 0x290);
									E0136EB70(_t78,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
									if(_t73 == 0) {
										goto L22;
									}
									goto L10;
								}
								L25:
								_t43 = 0xc0000030;
								goto L19;
							}
							_t93 = _t41;
							if(_t41 != 0) {
								goto L25;
							}
							_t84 = _t83 & 0x00000004;
							goto L7;
						}
						_t43 = 0xc00000f1;
						goto L20;
					}
					_t93 = _t83 & 1;
					goto L4;
				}
			}



























                            0x01358768
                            0x0135876b
                            0x01358775
                            0x00000000
                            0x0135878b
                            0x01358792
                            0x01358797
                            0x0135879a
                            0x0135879e
                            0x013b3220
                            0x013b3224
                            0x013587a8
                            0x013587a9
                            0x013587ae
                            0x013588a1
                            0x013588a4
                            0x013587c1
                            0x013587c3
                            0x01358889
                            0x0135888b
                            0x01358891
                            0x01358895
                            0x013588ca
                            0x01358880
                            0x01358881
                            0x00000000
                            0x01358882
                            0x0135889a
                            0x0135889d
                            0x0135887e
                            0x0135887e
                            0x00000000
                            0x0135887e
                            0x013587cb
                            0x013588b1
                            0x013588b9
                            0x013588c3
                            0x0135880c
                            0x0135880c
                            0x0135880c
                            0x01358813
                            0x01358817
                            0x00000000
                            0x00000000
                            0x01358821
                            0x01358850
                            0x01358854
                            0x013b3284
                            0x013b3285
                            0x013b3286
                            0x013b3288
                            0x013b3289
                            0x013b328a
                            0x013b3293
                            0x013b328c
                            0x013b328c
                            0x013b328c
                            0x013b3298
                            0x013b329c
                            0x01358879
                            0x0135887c
                            0x00000000
                            0x013b32a2
                            0x013b32ae
                            0x013b32ba
                            0x013b32ba
                            0x00000000
                            0x013b32ba
                            0x013b329c
                            0x0135885d
                            0x01358869
                            0x01358874
                            0x01358874
                            0x00000000
                            0x01358869
                            0x01358823
                            0x0135882d
                            0x01358832
                            0x01358835
                            0x0135883a
                            0x013b3261
                            0x013b3272
                            0x00000000
                            0x013b3272
                            0x01358840
                            0x01358846
                            0x01358848
                            0x0135884a
                            0x013b323d
                            0x013b324e
                            0x00000000
                            0x013b324e
                            0x00000000
                            0x0135884a
                            0x013b32b5
                            0x00000000
                            0x013b32b5
                            0x013587d7
                            0x013587da
                            0x013587dd
                            0x013587e6
                            0x013587ec
                            0x013587f7
                            0x013587fa
                            0x01358803
                            0x0135880a
                            0x00000000
                            0x00000000
                            0x00000000
                            0x0135880a
                            0x013588aa
                            0x013588aa
                            0x00000000
                            0x013588aa
                            0x013587b4
                            0x013587b8
                            0x00000000
                            0x00000000
                            0x013587be
                            0x00000000
                            0x013587be
                            0x013b322a
                            0x00000000
                            0x013b322a
                            0x013587a6
                            0x00000000
                            0x013587a6

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: e071a218df035798d556e04d7a041afcbba84b84a005531a9e7e5ff35d1ae27d
                            • Instruction ID: 4838a38587258de1f243947d12b1d8e75cf1d882c65fe82633bac59c93be87cc
                            • Opcode Fuzzy Hash: e071a218df035798d556e04d7a041afcbba84b84a005531a9e7e5ff35d1ae27d
                            • Instruction Fuzzy Hash: 2D511731A01615DBDB269F5EDC80F6A7B79FF90A5CF1444A9ED018BB51D634DC01CB80
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0141B581 Relevance: .2, Instructions: 163COMMON
                            Download Yara Rule
                            C-Code - Quality: 54%
                            			E0141B581(char __ecx) {
				signed int _v8;
				signed int _v11;
				intOrPtr _v15;
				short _v41;
				char _v47;
				intOrPtr _v48;
				intOrPtr _v52;
				char _v55;
				signed int _v56;
				char _v60;
				intOrPtr _v63;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t54;
				signed int _t60;
				char* _t66;
				void* _t67;
				signed int _t87;
				signed int _t88;
				void* _t89;
				signed char _t91;
				intOrPtr* _t98;
				signed int _t107;
				signed int _t108;
				signed int _t114;
				signed int _t115;
				char _t117;
				void* _t120;
				signed int* _t123;
				void* _t124;
				signed int _t128;
				signed int _t129;

				_t131 = (_t129 & 0xfffffff8) - 0x3c;
				_v8 =  *0x144d360 ^ (_t129 & 0xfffffff8) - 0x0000003c;
				_t117 = __ecx;
				_v60 = __ecx;
				_t91 =  *((intOrPtr*)(__ecx + 0x38));
				_t54 =  *(__ecx + 0x34);
				_t87 = _t91 & 1;
				if(_t54 == 0) {
					L17:
					 *(_t117 + 0x34) =  *(_t117 + 0x34) & 0x00000000;
					 *(_t117 + 0x38) =  *(_t117 + 0x38) & 0x00000000;
					if((_t91 & 0x00000001) != 0) {
						 *(_t117 + 0x38) = 1;
					}
					_t118 = _v60;
					_t88 = _v60 + 0xe8;
					while(1) {
						_t122 =  *_t88;
						if( *_t88 == 0) {
							break;
						}
						E01422EF7(_t118 + 0xd8, _t122 ^ _t88);
						E01423209(_t118 + 0xd8, _t122 ^ _t88, 1);
					}
					E0141CB82(_v60 + 0x118);
					E0141FA96();
					E0141FA96();
					_t98 = _v60;
					_v48 =  *((intOrPtr*)(_t98 + 4));
					_t60 =  *((intOrPtr*)(_t98 + 0xd4)) - _t98;
					_v52 =  *_t98;
					_v56 = _t60;
					_push( *((intOrPtr*)(_t98 + 4)));
					_push( *_t98);
					if(( *(_t98 + 0x2c) & 0x00000001) == 0) {
						asm("sbb eax, eax");
						_push((_t60 & 0x01000000) + 0x8000);
						E0141AFDE( &_v60,  &_v56);
					} else {
						E0141BCD2(_t98);
					}
					E0141C23A( &_v55, 0);
					if(E01377D50() == 0) {
						_t66 = 0x7ffe0388;
					} else {
						_t66 = ( *[fs:0x30])[0x14] + 0x22e;
					}
					if( *_t66 != 0) {
						E0140FDD3(_v63);
					}
					_t67 = E01377D50();
					_t123 = 0x7ffe0380;
					if(_t67 == 0) {
						_t68 = 0x7ffe0380;
					} else {
						_t68 = ( *[fs:0x30])[0x14] + 0x226;
					}
					if( *_t68 != 0) {
						_t68 =  *[fs:0x30];
						if((( *[fs:0x30])[0x90] & 0x00000001) != 0) {
							if(E01377D50() != 0) {
								_t123 = ( *[fs:0x30])[0x14] + 0x226;
							}
							_v15 = _v63;
							_v41 = 0x1023;
							_push( &_v47);
							_push(4);
							_push(0x402);
							_push( *_t123 & 0x000000ff);
							_t68 = E01399AE0();
						}
					}
					_pop(_t120);
					_pop(_t124);
					_pop(_t89);
					return E0139B640(_t68, _t89, _v11 ^ _t131, 0, _t120, _t124);
				} else {
					goto L1;
				}
				while(1) {
					L1:
					_t107 =  *_t54;
					if(_t107 != 0) {
						break;
					}
					_t108 =  *(_t54 + 4);
					if(_t108 == 0) {
						_t128 =  *(_t54 + 8) & 0xfffffffc;
						if(_t87 != 0 && _t128 != 0) {
							_t128 = _t128 ^ _t54;
						}
						E0141E962(_t87, _t108, _t54, _t117);
						if(_t128 == 0) {
							_t91 =  *(_t117 + 0x38);
							goto L17;
						} else {
							_t54 = _t128;
							continue;
						}
					}
					_t115 = _t54;
					if(_t87 == 0) {
						_t54 = _t108;
					} else {
						_t54 = _t54 ^ _t108;
					}
					 *(_t115 + 4) =  *(_t115 + 4) & 0x00000000;
				}
				_t114 = _t54;
				if(_t87 == 0) {
					_t54 = _t107;
				} else {
					_t54 = _t54 ^ _t107;
				}
				 *_t114 =  *_t114 & 0x00000000;
				goto L1;
			}




































                            0x0141b589
                            0x0141b593
                            0x0141b59a
                            0x0141b59c
                            0x0141b5a0
                            0x0141b5a3
                            0x0141b5a9
                            0x0141b5ae
                            0x0141b602
                            0x0141b602
                            0x0141b606
                            0x0141b60d
                            0x0141b60f
                            0x0141b60f
                            0x0141b613
                            0x0141b617
                            0x0141b61d
                            0x0141b61d
                            0x0141b621
                            0x00000000
                            0x00000000
                            0x0141b62d
                            0x0141b63c
                            0x0141b63c
                            0x0141b64d
                            0x0141b659
                            0x0141b668
                            0x0141b66d
                            0x0141b676
                            0x0141b680
                            0x0141b682
                            0x0141b686
                            0x0141b68e
                            0x0141b691
                            0x0141b693
                            0x0141b6a7
                            0x0141b6b3
                            0x0141b6b4
                            0x0141b695
                            0x0141b695
                            0x0141b695
                            0x0141b6bf
                            0x0141b6cb
                            0x0141b6dd
                            0x0141b6cd
                            0x0141b6d6
                            0x0141b6d6
                            0x0141b6e5
                            0x0141b6eb
                            0x0141b6eb
                            0x0141b6f0
                            0x0141b6f5
                            0x0141b701
                            0x0141b710
                            0x0141b703
                            0x0141b70c
                            0x0141b70c
                            0x0141b715
                            0x0141b717
                            0x0141b724
                            0x0141b72d
                            0x0141b738
                            0x0141b738
                            0x0141b740
                            0x0141b749
                            0x0141b752
                            0x0141b753
                            0x0141b755
                            0x0141b75d
                            0x0141b75e
                            0x0141b75e
                            0x0141b724
                            0x0141b767
                            0x0141b768
                            0x0141b769
                            0x0141b774
                            0x00000000
                            0x00000000
                            0x00000000
                            0x0141b5b0
                            0x0141b5b0
                            0x0141b5b0
                            0x0141b5b4
                            0x00000000
                            0x00000000
                            0x0141b5c7
                            0x0141b5cc
                            0x0141b5e3
                            0x0141b5e8
                            0x0141b5ee
                            0x0141b5ee
                            0x0141b5f2
                            0x0141b5f9
                            0x0141b5ff
                            0x00000000
                            0x0141b5fb
                            0x0141b5fb
                            0x00000000
                            0x0141b5fb
                            0x0141b5f9
                            0x0141b5ce
                            0x0141b5d2
                            0x0141b5d8
                            0x0141b5d4
                            0x0141b5d4
                            0x0141b5d4
                            0x0141b5da
                            0x0141b5da
                            0x0141b5b6
                            0x0141b5ba
                            0x0141b5c0
                            0x0141b5bc
                            0x0141b5bc
                            0x0141b5bc
                            0x0141b5c2
                            0x00000000

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 469c8144c2e9b66ee16517942c9186334579ab96bd2a8dc68b35c6155d653ee1
                            • Instruction ID: a18de4b35a25c25e402df8517807d082779782e275bfdf3d89a90317f7ee1c28
                            • Opcode Fuzzy Hash: 469c8144c2e9b66ee16517942c9186334579ab96bd2a8dc68b35c6155d653ee1
                            • Instruction Fuzzy Hash: 1E51D1316047428BE311DF29C994B67BBF5FF64718F18086EE9458B3A4EB34E806CB81
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0141B0C7 Relevance: .2, Instructions: 156COMMON
                            Download Yara Rule
                            C-Code - Quality: 74%
                            			E0141B0C7(signed int __ecx, signed int __edx, unsigned int _a4, intOrPtr _a8) {
				signed int _v8;
				char _v12;
				signed int _v16;
				intOrPtr _v20;
				void* __ebx;
				char* _t67;
				signed int _t87;
				char _t96;
				unsigned int _t97;
				signed int _t105;
				signed int _t113;
				signed int _t115;
				signed int _t120;

				_t105 = __edx;
				_v8 = _v8 & 0x00000000;
				_t115 = __ecx;
				if(__edx > 0x40) {
					_t105 = 0x40;
				}
				_push(_a8);
				_t4 = _t105 + 3; // 0x43
				_t113 = 0x1000;
				_v16 = 0x1000;
				_t7 = 0x1fd0 + ((_t4 & 0xfffffffc) + _t105 * 0x24) * 0x81 - 1; // -8078
				_t96 = 0x1fd0 + ((_t4 & 0xfffffffc) + _t105 * 0x24) * 0x81 - (_t7 & 0x00000fff) + 0xfff;
				_v20 = _t96;
				_t87 = 0;
				_v12 = _t96;
				_t97 = _a4;
				if( *((intOrPtr*)(E0141BD32(_t97))) == 0 || ( *0x1445cb8 & 0x00000008) != 0 || (_t115 & 0x40000000) != 0 || _t97 >> 0x10 != 0) {
					asm("sbb ebx, ebx");
					_t87 = _t87 & 0x01000000;
					asm("sbb esi, esi");
					_t119 = ( ~(_t115 & 0x40000000) & 0x0000003c) + 4;
					if(E0141A854( &_v8,  &_v12, 0, _t87 | 0x00002000, ( ~(_t115 & 0x40000000) & 0x0000003c) + 4, 0, _t97, _a8) >= 0) {
						if(E0141A854( &_v8,  &_v16, 0, _t87 | _t113, _t119, 0, _a4, _a8) < 0) {
							goto L9;
						} else {
							if(E01377D50() == 0) {
								_t67 = 0x7ffe0380;
							} else {
								_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							}
							if( *_t67 == 0 || ( *( *[fs:0x30] + 0x240) & 0x00000001) == 0) {
								_t113 = _v16;
							} else {
								_t113 = _v16;
								E0141138A(_t87, _v8, _v8, _t113, 0xb);
							}
							_v16 = _v16 & 0x00000000;
							_t120 = _v8;
							_v8 = _v8 & 0x00000000;
							goto L19;
						}
					} else {
						L9:
						_t120 = 0;
					}
				} else {
					_v16 = 1;
					_t120 = E0141BBBB(_v20, 0x1000, 1, _t97, _a8);
					if(_t120 != 0) {
						L19:
						E0139FA60(_t120, 0, 0x398);
						_t37 = _t120 + 0x398; // 0x398
						 *((intOrPtr*)(_t120 + 0xcc)) = _t37;
						 *((intOrPtr*)(_t120 + 0xd0)) = _t120 + _t113;
						 *((intOrPtr*)(_t120 + 0xd4)) = _v12 + _t120;
						 *(_t120 + 0x2c) =  *(_t120 + 0x2c) & 0xfffffffe | _v16;
						asm("lock xadd [eax], ecx");
						asm("lock xadd [eax], edi");
					}
				}
				if(_v8 != 0) {
					_push(_a8);
					_push(_a4);
					_push(_t87 | 0x00008000);
					E0141AFDE( &_v8,  &_v12);
				}
				return _t120;
			}
















                            0x0141b0c7
                            0x0141b0cf
                            0x0141b0d5
                            0x0141b0db
                            0x0141b0df
                            0x0141b0df
                            0x0141b0e0
                            0x0141b0e6
                            0x0141b0f3
                            0x0141b0fc
                            0x0141b105
                            0x0141b10c
                            0x0141b110
                            0x0141b113
                            0x0141b115
                            0x0141b118
                            0x0141b123
                            0x0141b16a
                            0x0141b175
                            0x0141b180
                            0x0141b18a
                            0x0141b19a
                            0x0141b1c0
                            0x00000000
                            0x0141b1c2
                            0x0141b1c9
                            0x0141b1db
                            0x0141b1cb
                            0x0141b1d4
                            0x0141b1d4
                            0x0141b1e3
                            0x0141b206
                            0x0141b1f4
                            0x0141b1f9
                            0x0141b1ff
                            0x0141b1ff
                            0x0141b209
                            0x0141b20d
                            0x0141b210
                            0x00000000
                            0x0141b210
                            0x0141b19c
                            0x0141b19c
                            0x0141b19c
                            0x0141b19c
                            0x0141b13f
                            0x0141b14c
                            0x0141b154
                            0x0141b158
                            0x0141b214
                            0x0141b21c
                            0x0141b221
                            0x0141b22a
                            0x0141b233
                            0x0141b23e
                            0x0141b24d
                            0x0141b259
                            0x0141b263
                            0x0141b263
                            0x0141b158
                            0x0141b26b
                            0x0141b26d
                            0x0141b279
                            0x0141b27f
                            0x0141b280
                            0x0141b280
                            0x0141b28d

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 309fa71a017437d5a48bcf816fd4cc8ec125bd7ed882241b616300a4c3270c28
                            • Instruction ID: 428866d498e71323b3788fc361ee96edfa81182a670c25d14361ac894386610f
                            • Opcode Fuzzy Hash: 309fa71a017437d5a48bcf816fd4cc8ec125bd7ed882241b616300a4c3270c28
                            • Instruction Fuzzy Hash: C7510A72A00608AFDB25CF58CC84BEEB7B5EF44350F15816AE915EB2A4D7749A05CB90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0142740D Relevance: .1, Instructions: 141COMMON
                            Download Yara Rule
                            C-Code - Quality: 84%
                            			E0142740D(intOrPtr __ecx, signed short* __edx, intOrPtr _a4) {
				signed short* _v8;
				intOrPtr _v12;
				intOrPtr _t55;
				void* _t56;
				intOrPtr* _t66;
				intOrPtr* _t69;
				void* _t74;
				intOrPtr* _t78;
				intOrPtr* _t81;
				intOrPtr* _t82;
				intOrPtr _t83;
				signed short* _t84;
				intOrPtr _t85;
				signed int _t87;
				intOrPtr* _t90;
				intOrPtr* _t93;
				intOrPtr* _t94;
				void* _t98;

				_t84 = __edx;
				_t80 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t55 = __ecx;
				_v8 = __edx;
				_t87 =  *__edx & 0x0000ffff;
				_v12 = __ecx;
				_t3 = _t55 + 0x154; // 0x154
				_t93 = _t3;
				_t78 =  *_t93;
				_t4 = _t87 + 2; // 0x2
				_t56 = _t4;
				while(_t78 != _t93) {
					if( *((intOrPtr*)(_t78 + 0x14)) != _t56) {
						L4:
						_t78 =  *_t78;
						continue;
					} else {
						_t7 = _t78 + 0x18; // 0x18
						if(E013AD4F0(_t7, _t84[2], _t87) == _t87) {
							_t40 = _t78 + 0xc; // 0xc
							_t94 = _t40;
							_t90 =  *_t94;
							while(_t90 != _t94) {
								_t41 = _t90 + 8; // 0x8
								_t74 = E0139F380(_a4, _t41, 0x10);
								_t98 = _t98 + 0xc;
								if(_t74 != 0) {
									_t90 =  *_t90;
									continue;
								}
								goto L12;
							}
							_t82 = E01374620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
							if(_t82 != 0) {
								_t46 = _t78 + 0xc; // 0xc
								_t69 = _t46;
								asm("movsd");
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t85 =  *_t69;
								if( *((intOrPtr*)(_t85 + 4)) != _t69) {
									L20:
									_t82 = 3;
									asm("int 0x29");
								}
								 *((intOrPtr*)(_t82 + 4)) = _t69;
								 *_t82 = _t85;
								 *((intOrPtr*)(_t85 + 4)) = _t82;
								 *_t69 = _t82;
								 *(_t78 + 8) =  *(_t78 + 8) + 1;
								 *(_v12 + 0xdc) =  *(_v12 + 0xdc) | 0x00000010;
								goto L11;
							} else {
								L18:
								_push(0xe);
								_pop(0);
							}
						} else {
							_t84 = _v8;
							_t9 = _t87 + 2; // 0x2
							_t56 = _t9;
							goto L4;
						}
					}
					L12:
					return 0;
				}
				_t10 = _t87 + 0x1a; // 0x1a
				_t78 = E01374620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t10);
				if(_t78 == 0) {
					goto L18;
				} else {
					_t12 = _t87 + 2; // 0x2
					 *((intOrPtr*)(_t78 + 0x14)) = _t12;
					_t16 = _t78 + 0x18; // 0x18
					E0139F3E0(_t16, _v8[2], _t87);
					 *((short*)(_t78 + _t87 + 0x18)) = 0;
					_t19 = _t78 + 0xc; // 0xc
					_t66 = _t19;
					 *((intOrPtr*)(_t66 + 4)) = _t66;
					 *_t66 = _t66;
					 *(_t78 + 8) =  *(_t78 + 8) & 0x00000000;
					_t81 = E01374620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
					if(_t81 == 0) {
						goto L18;
					} else {
						_t26 = _t78 + 0xc; // 0xc
						_t69 = _t26;
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t85 =  *_t69;
						if( *((intOrPtr*)(_t85 + 4)) != _t69) {
							goto L20;
						} else {
							 *((intOrPtr*)(_t81 + 4)) = _t69;
							 *_t81 = _t85;
							 *((intOrPtr*)(_t85 + 4)) = _t81;
							 *_t69 = _t81;
							_t83 = _v12;
							 *(_t78 + 8) = 1;
							 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
							_t34 = _t83 + 0x154; // 0x1ba
							_t69 = _t34;
							_t85 =  *_t69;
							if( *((intOrPtr*)(_t85 + 4)) != _t69) {
								goto L20;
							} else {
								 *_t78 = _t85;
								 *((intOrPtr*)(_t78 + 4)) = _t69;
								 *((intOrPtr*)(_t85 + 4)) = _t78;
								 *_t69 = _t78;
								 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
							}
						}
						goto L11;
					}
				}
				goto L12;
			}





















                            0x0142740d
                            0x0142740d
                            0x01427412
                            0x01427413
                            0x01427416
                            0x01427418
                            0x0142741c
                            0x0142741f
                            0x01427422
                            0x01427422
                            0x01427428
                            0x0142742a
                            0x0142742a
                            0x01427451
                            0x01427432
                            0x0142744f
                            0x0142744f
                            0x00000000
                            0x01427434
                            0x01427438
                            0x01427443
                            0x01427517
                            0x01427517
                            0x0142751a
                            0x01427535
                            0x01427520
                            0x01427527
                            0x0142752c
                            0x01427531
                            0x01427533
                            0x00000000
                            0x01427533
                            0x00000000
                            0x01427531
                            0x0142754b
                            0x0142754f
                            0x0142755c
                            0x0142755c
                            0x0142755f
                            0x01427560
                            0x01427561
                            0x01427562
                            0x01427563
                            0x01427568
                            0x0142756a
                            0x0142756c
                            0x0142756d
                            0x0142756d
                            0x0142756f
                            0x01427572
                            0x01427574
                            0x01427577
                            0x0142757c
                            0x0142757f
                            0x00000000
                            0x01427551
                            0x01427551
                            0x01427551
                            0x01427553
                            0x01427553
                            0x01427449
                            0x01427449
                            0x0142744c
                            0x0142744c
                            0x00000000
                            0x0142744c
                            0x01427443
                            0x0142750e
                            0x01427514
                            0x01427514
                            0x01427455
                            0x01427469
                            0x0142746d
                            0x00000000
                            0x01427473
                            0x01427473
                            0x01427476
                            0x01427480
                            0x01427484
                            0x0142748e
                            0x01427493
                            0x01427493
                            0x01427496
                            0x01427499
                            0x014274a1
                            0x014274b1
                            0x014274b5
                            0x00000000
                            0x014274bb
                            0x014274c1
                            0x014274c1
                            0x014274c4
                            0x014274c5
                            0x014274c6
                            0x014274c7
                            0x014274c8
                            0x014274cd
                            0x00000000
                            0x014274d3
                            0x014274d3
                            0x014274d6
                            0x014274d8
                            0x014274db
                            0x014274dd
                            0x014274e0
                            0x014274e7
                            0x014274ee
                            0x014274ee
                            0x014274f4
                            0x014274f9
                            0x00000000
                            0x014274fb
                            0x014274fb
                            0x014274fd
                            0x01427500
                            0x01427503
                            0x01427505
                            0x01427505
                            0x014274f9
                            0x00000000
                            0x014274cd
                            0x014274b5
                            0x00000000

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                            • Instruction ID: f5eb65655980d534b8540ea3378d055700a1d4c86e2633005f1cf518500aa2a7
                            • Opcode Fuzzy Hash: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                            • Instruction Fuzzy Hash: EA518D71600646EFDB16CF18C480A96FBB5FF55309F54C1BAE9089F222E771E986CB90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 01382990 Relevance: .1, Instructions: 133COMMON
                            Download Yara Rule
                            C-Code - Quality: 97%
                            			E01382990() {
				signed int* _t62;
				signed int _t64;
				intOrPtr _t66;
				signed short* _t69;
				intOrPtr _t76;
				signed short* _t79;
				void* _t81;
				signed int _t82;
				signed short* _t83;
				signed int _t87;
				intOrPtr _t91;
				void* _t98;
				signed int _t99;
				void* _t101;
				signed int* _t102;
				void* _t103;
				void* _t104;
				void* _t107;

				_push(0x20);
				_push(0x142ff00);
				E013AD08C(_t81, _t98, _t101);
				 *((intOrPtr*)(_t103 - 0x28)) =  *[fs:0x18];
				_t99 = 0;
				 *((intOrPtr*)( *((intOrPtr*)(_t103 + 0x1c)))) = 0;
				_t82 =  *((intOrPtr*)(_t103 + 0x10));
				if(_t82 == 0) {
					_t62 = 0xc0000100;
				} else {
					 *((intOrPtr*)(_t103 - 4)) = 0;
					_t102 = 0xc0000100;
					 *((intOrPtr*)(_t103 - 0x30)) = 0xc0000100;
					_t64 = 4;
					while(1) {
						 *(_t103 - 0x24) = _t64;
						if(_t64 == 0) {
							break;
						}
						_t87 = _t64 * 0xc;
						 *(_t103 - 0x2c) = _t87;
						_t107 = _t82 -  *((intOrPtr*)(_t87 + 0x1331664));
						if(_t107 <= 0) {
							if(_t107 == 0) {
								_t79 = E0139E5C0( *((intOrPtr*)(_t103 + 0xc)),  *((intOrPtr*)(_t87 + 0x1331668)), _t82);
								_t104 = _t104 + 0xc;
								__eflags = _t79;
								if(__eflags == 0) {
									_t102 = E013D51BE(_t82,  *((intOrPtr*)( *(_t103 - 0x2c) + 0x133166c)),  *((intOrPtr*)(_t103 + 0x14)), _t99, _t102, __eflags,  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
									 *((intOrPtr*)(_t103 - 0x30)) = _t102;
									break;
								} else {
									_t64 =  *(_t103 - 0x24);
									goto L5;
								}
								goto L13;
							} else {
								L5:
								_t64 = _t64 - 1;
								continue;
							}
						}
						break;
					}
					 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
					__eflags = _t102;
					if(_t102 < 0) {
						__eflags = _t102 - 0xc0000100;
						if(_t102 == 0xc0000100) {
							_t83 =  *((intOrPtr*)(_t103 + 8));
							__eflags = _t83;
							if(_t83 != 0) {
								 *((intOrPtr*)(_t103 - 0x20)) = _t83;
								__eflags =  *_t83 - _t99;
								if( *_t83 == _t99) {
									_t102 = 0xc0000100;
									goto L19;
								} else {
									_t91 =  *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30));
									_t66 =  *((intOrPtr*)(_t91 + 0x10));
									__eflags =  *((intOrPtr*)(_t66 + 0x48)) - _t83;
									if( *((intOrPtr*)(_t66 + 0x48)) == _t83) {
										__eflags =  *((intOrPtr*)(_t91 + 0x1c));
										if( *((intOrPtr*)(_t91 + 0x1c)) == 0) {
											L26:
											_t102 = E01382AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
											 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
											__eflags = _t102 - 0xc0000100;
											if(_t102 != 0xc0000100) {
												goto L12;
											} else {
												_t99 = 1;
												_t83 =  *((intOrPtr*)(_t103 - 0x20));
												goto L18;
											}
										} else {
											_t69 = E01366600( *((intOrPtr*)(_t91 + 0x1c)));
											__eflags = _t69;
											if(_t69 != 0) {
												goto L26;
											} else {
												_t83 =  *((intOrPtr*)(_t103 + 8));
												goto L18;
											}
										}
									} else {
										L18:
										_t102 = E01382C50(_t83,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)), _t99);
										L19:
										 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
										goto L12;
									}
								}
								L28:
							} else {
								E0136EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
								 *((intOrPtr*)(_t103 - 4)) = 1;
								 *((intOrPtr*)(_t103 - 0x20)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30)) + 0x10)) + 0x48));
								_t102 =  *((intOrPtr*)(_t103 + 0x1c));
								_t76 = E01382AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102);
								 *((intOrPtr*)(_t103 - 0x1c)) = _t76;
								__eflags = _t76 - 0xc0000100;
								if(_t76 == 0xc0000100) {
									 *((intOrPtr*)(_t103 - 0x1c)) = E01382C50( *((intOrPtr*)(_t103 - 0x20)),  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102, 1);
								}
								 *((intOrPtr*)(_t103 - 4)) = _t99;
								E01382ACB();
							}
						}
					}
					L12:
					 *((intOrPtr*)(_t103 - 4)) = 0xfffffffe;
					_t62 = _t102;
				}
				L13:
				return E013AD0D1(_t62);
				goto L28;
			}





















                            0x01382990
                            0x01382992
                            0x01382997
                            0x013829a3
                            0x013829a6
                            0x013829ab
                            0x013829ad
                            0x013829b2
                            0x013c5c80
                            0x013829b8
                            0x013829b8
                            0x013829bb
                            0x013829c0
                            0x013829c5
                            0x013829c6
                            0x013829c6
                            0x013829cb
                            0x00000000
                            0x00000000
                            0x013829cd
                            0x013829d0
                            0x013829d9
                            0x013829db
                            0x013829dd
                            0x01382a7f
                            0x01382a84
                            0x01382a87
                            0x01382a89
                            0x013c5ca1
                            0x013c5ca3
                            0x00000000
                            0x01382a8f
                            0x01382a8f
                            0x00000000
                            0x01382a8f
                            0x00000000
                            0x013829e3
                            0x013829e3
                            0x013829e3
                            0x00000000
                            0x013829e3
                            0x013829dd
                            0x00000000
                            0x013829db
                            0x013829e6
                            0x013829e9
                            0x013829eb
                            0x013829ed
                            0x013829f3
                            0x013829f5
                            0x013829f8
                            0x013829fa
                            0x01382a97
                            0x01382a9a
                            0x01382a9d
                            0x01382add
                            0x00000000
                            0x01382a9f
                            0x01382aa2
                            0x01382aa5
                            0x01382aa8
                            0x01382aab
                            0x013c5cab
                            0x013c5caf
                            0x013c5cc5
                            0x013c5cda
                            0x013c5cdc
                            0x013c5cdf
                            0x013c5ce5
                            0x00000000
                            0x013c5ceb
                            0x013c5ced
                            0x013c5cee
                            0x00000000
                            0x013c5cee
                            0x013c5cb1
                            0x013c5cb4
                            0x013c5cb9
                            0x013c5cbb
                            0x00000000
                            0x013c5cbd
                            0x013c5cbd
                            0x00000000
                            0x013c5cbd
                            0x013c5cbb
                            0x01382ab1
                            0x01382ab1
                            0x01382ac4
                            0x01382ac6
                            0x01382ac6
                            0x00000000
                            0x01382ac6
                            0x01382aab
                            0x00000000
                            0x01382a00
                            0x01382a09
                            0x01382a0e
                            0x01382a21
                            0x01382a24
                            0x01382a35
                            0x01382a3a
                            0x01382a3d
                            0x01382a42
                            0x01382a59
                            0x01382a59
                            0x01382a5c
                            0x01382a5f
                            0x01382a5f
                            0x013829fa
                            0x013829f3
                            0x01382a64
                            0x01382a64
                            0x01382a6b
                            0x01382a6b
                            0x01382a6d
                            0x01382a72
                            0x00000000

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 4a34dd32fca9728f0d8cc623f5b5bfe43c511eba29c07144a03c7c31fb63f4ad
                            • Instruction ID: 65bf1bda3d8bab68b2914dac50c078b104d7a03d78988b667a2156891a16ed6b
                            • Opcode Fuzzy Hash: 4a34dd32fca9728f0d8cc623f5b5bfe43c511eba29c07144a03c7c31fb63f4ad
                            • Instruction Fuzzy Hash: E9515971A0020ADFEF25EF99C880ADFBBB5BF18758F008119E914AB260C7359D52CF90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 01351618 Relevance: .1, Instructions: 132COMMON
                            Download Yara Rule
                            C-Code - Quality: 97%
                            			E01351618(void* __ebx, intOrPtr* __ecx, intOrPtr* __edx, void* __edi, void* __esi, void* __eflags) {
				short _t45;
				short _t49;
				signed int _t58;
				signed short _t60;
				signed char _t64;
				intOrPtr* _t74;
				intOrPtr* _t75;
				signed short _t77;
				signed short* _t79;
				signed short _t80;
				signed short _t85;
				intOrPtr _t88;
				short _t92;
				intOrPtr* _t94;
				short _t95;
				void* _t97;

				_t75 = __ecx;
				_push(0x2c);
				_push(0x142f2a8);
				E013AD08C(__ebx, __edi, __esi);
				_t94 = __edx;
				 *((intOrPtr*)(_t97 - 0x38)) = __edx;
				_t74 = __ecx;
				 *((intOrPtr*)(_t97 - 0x34)) = __ecx;
				if(E01351783(__ecx) == 0) {
					_t45 = 0xc000000d;
					L13:
					return E013AD0D1(_t45);
				}
				_t92 = 0;
				 *((intOrPtr*)(_t97 - 4)) = 0;
				if(E01391310(__edx, _t97 - 0x1c) != 0) {
					_t49 =  *((intOrPtr*)(_t97 - 0x1c));
					__eflags = _t49 - 0xc000;
					if(_t49 >= 0xc000) {
						_t49 = 0;
						 *((short*)(_t97 - 0x1c)) = 0;
						_t95 = 0xc000000d;
					} else {
						_t95 = 0;
					}
					 *((intOrPtr*)(_t97 - 0x20)) = _t95;
					_t77 =  *(_t97 + 8);
					__eflags = _t77;
					if(_t77 != 0) {
						 *_t77 = _t49;
					}
					L12:
					 *((intOrPtr*)(_t97 - 4)) = 0xfffffffe;
					E0136FFB0(_t74, _t92,  *((intOrPtr*)(_t97 - 0x34)) + 8);
					_t45 = _t95;
					goto L13;
				}
				if( *_t94 == 0) {
					_t95 = 0xc0000033;
					L11:
					 *((intOrPtr*)(_t97 - 0x20)) = _t95;
					goto L12;
				}
				_t78 = _t74;
				_t95 = E0135187D(_t74, _t94, _t75, _t97 - 0x2c, _t97 - 0x24, _t97 - 0x30, _t97 - 0x28);
				 *((intOrPtr*)(_t97 - 0x20)) = _t95;
				if(_t95 < 0) {
					goto L12;
				}
				_t88 =  *((intOrPtr*)(_t97 - 0x28));
				if(_t88 != 0) {
					_t79 =  *(_t97 - 0x30);
					_t58 =  *_t79 & 0x0000ffff;
					__eflags = _t58 - 0xffff;
					if(_t58 == 0xffff) {
						_t79[1] = _t79[1] | 0x00000001;
					} else {
						_t60 = _t58 + 1;
						__eflags = _t60;
						 *_t79 = _t60;
					}
					_t80 =  *(_t97 + 8);
					__eflags = _t80;
					if(_t80 != 0) {
						 *_t80 =  *((intOrPtr*)(_t88 + 6));
					}
					_t95 = _t92;
					goto L11;
				}
				_t106 =  *((intOrPtr*)(_t97 - 0x2c)) - _t88;
				if( *((intOrPtr*)(_t97 - 0x2c)) == _t88) {
					_t95 = 0xc000000d;
					goto L11;
				}
				_t95 = 0xc0000017;
				 *((intOrPtr*)(_t97 - 0x20)) = 0xc0000017;
				_t92 = E01351BE9( *(_t97 - 0x24), _t97 - 0x30, _t106, _t78);
				 *((intOrPtr*)(_t97 - 0x28)) = _t92;
				if(_t92 == 0) {
					goto L12;
				}
				_t18 = _t92 + 0xe; // 0xe
				E0139F3E0(_t18,  *((intOrPtr*)(_t97 - 0x38)),  *(_t97 - 0x24));
				_t64 =  *(_t97 - 0x24) >> 1;
				 *(_t92 + 0xc) = _t64;
				 *((short*)(_t92 + 0xe + (_t64 & 0x000000ff) * 2)) = 0;
				if(E01351A30(_t74, _t92) == 0) {
					L013777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t92);
					_t95 =  *((intOrPtr*)(_t97 - 0x20));
					goto L12;
				}
				 *(_t92 + 6) = 0x0000c000 |  *(_t92 + 4);
				 *((intOrPtr*)( *((intOrPtr*)(_t97 - 0x2c)))) = _t92;
				_t85 =  *(_t97 + 8);
				if(_t85 != 0) {
					 *_t85 =  *(_t92 + 6);
				}
				_t95 = 0;
				goto L11;
			}



















                            0x01351618
                            0x01351618
                            0x0135161a
                            0x0135161f
                            0x01351624
                            0x01351626
                            0x01351629
                            0x0135162b
                            0x01351635
                            0x013aef1c
                            0x01351722
                            0x01351727
                            0x01351727
                            0x0135163b
                            0x0135163d
                            0x0135164c
                            0x01351755
                            0x01351759
                            0x0135175c
                            0x0135176f
                            0x01351771
                            0x01351775
                            0x0135175e
                            0x0135175e
                            0x0135175e
                            0x01351760
                            0x01351763
                            0x01351766
                            0x01351768
                            0x0135176a
                            0x0135176a
                            0x0135170d
                            0x0135170d
                            0x0135171b
                            0x01351720
                            0x00000000
                            0x01351720
                            0x01351655
                            0x013aef26
                            0x0135170a
                            0x0135170a
                            0x00000000
                            0x0135170a
                            0x0135166e
                            0x01351675
                            0x01351677
                            0x0135167c
                            0x00000000
                            0x00000000
                            0x01351682
                            0x01351687
                            0x0135172a
                            0x0135172d
                            0x01351735
                            0x01351738
                            0x0135177c
                            0x0135173a
                            0x0135173a
                            0x0135173a
                            0x0135173b
                            0x0135173b
                            0x0135173e
                            0x01351741
                            0x01351743
                            0x01351749
                            0x01351749
                            0x0135174c
                            0x00000000
                            0x0135174c
                            0x0135168d
                            0x01351690
                            0x013aef49
                            0x00000000
                            0x013aef49
                            0x01351696
                            0x0135169b
                            0x013516aa
                            0x013516ac
                            0x013516b1
                            0x00000000
                            0x00000000
                            0x013516b9
                            0x013516bd
                            0x013516c8
                            0x013516ca
                            0x013516d2
                            0x013516e2
                            0x013aef3c
                            0x013aef41
                            0x00000000
                            0x013aef41
                            0x013516f1
                            0x013516f8
                            0x013516fa
                            0x013516ff
                            0x01351705
                            0x01351705
                            0x01351708
                            0x00000000

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 82ea3bba43c61782cf6e73a95cbe4ed59fa547b7e52c1d582ecacf39152201e7
                            • Instruction ID: 2fc90d73b22c2f6fb39baf5b288ab9ab7b8164ef74bf097f57b276e6e2733d83
                            • Opcode Fuzzy Hash: 82ea3bba43c61782cf6e73a95cbe4ed59fa547b7e52c1d582ecacf39152201e7
                            • Instruction Fuzzy Hash: 2641CD3991021A9ACB14DFACC440FEDBBB8AF58A08F15816AE815E7640D7348D41CBA0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0137F86D Relevance: .1, Instructions: 124COMMON
                            Download Yara Rule
                            C-Code - Quality: 93%
                            			E0137F86D(void* __ebx, signed int __ecx, unsigned int* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t31;
				signed int _t40;
				signed int _t45;
				signed int _t46;
				signed int _t48;
				signed int _t50;
				signed int _t53;
				unsigned int* _t60;
				signed int* _t66;
				signed int _t67;
				signed int* _t70;
				void* _t71;

				_t64 = __edx;
				_t61 = __ecx;
				_push(0x1c);
				_push(0x142feb8);
				E013AD08C(__ebx, __edi, __esi);
				_t60 = __edx;
				 *((intOrPtr*)(_t71 - 0x28)) = __edx;
				_t70 = __ecx;
				 *((intOrPtr*)(_t71 - 0x2c)) = __ecx;
				_t66 =  *(_t71 + 8);
				if(_t66 == 0 || __ecx == 0 || __edx == 0 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					E014288F5(_t60, _t61, _t64, _t66, _t70, __eflags);
					_t31 = 0xc000000d;
					goto L9;
				} else {
					if( *__ecx == 0) {
						L10:
						 *(_t71 - 0x20) =  *(_t71 - 0x20) & 0x00000000;
						_t67 = E01383E70(_t71 - 0x20, 0);
						 *(_t71 - 0x24) = _t67;
						__eflags = _t67;
						if(_t67 < 0) {
							L24:
							_t31 = _t67;
							L9:
							return E013AD0D1(_t31);
						}
						E01372280(_t36, _t60);
						 *(_t71 - 4) = 1;
						__eflags =  *_t70;
						if( *_t70 != 0) {
							asm("lock inc dword [eax]");
							L21:
							 *(_t71 - 4) = 0xfffffffe;
							E0137F9DD(_t60);
							_t40 =  *(_t71 - 0x20);
							__eflags = _t40;
							if(__eflags != 0) {
								_push(_t40);
								E01359100(_t60, _t61, _t67, _t70, __eflags);
							}
							__eflags = _t67;
							if(_t67 >= 0) {
								 *( *(_t71 + 8)) =  *_t70;
							}
							goto L24;
						}
						__eflags = _t70 - 0x14486c0;
						if(_t70 != 0x14486c0) {
							__eflags = _t70 - 0x14486b8;
							if(_t70 != 0x14486b8) {
								L20:
								 *_t70 =  *(_t71 - 0x20);
								_t20 = _t71 - 0x20;
								 *_t20 =  *(_t71 - 0x20) & 0x00000000;
								__eflags =  *_t20;
								goto L21;
							}
							E01385AA0(_t61,  *(_t71 - 0x20), 1);
							_t45 = E013595F0( *(_t71 - 0x20), 1);
							L27:
							_t67 = _t45;
							__eflags = _t67;
							 *(_t71 - 0x24) = _t67;
							if(_t67 >= 0) {
								goto L20;
							}
							goto L21;
						}
						_t46 =  *0x1448754; // 0x0
						__eflags = _t46;
						if(_t46 != 0) {
							E01385AA0(_t61,  *(_t71 - 0x20), _t46);
						} else {
							_t50 =  *0x7ffe03c0 << 3;
							__eflags = _t50 - 0x300;
							if(_t50 < 0x300) {
								_t50 = 0x300;
							}
							E01385AA0(0x300,  *(_t71 - 0x20), _t50);
							_t53 =  *0x7ffe03c0 << 2;
							_t61 = 0x180;
							__eflags = _t53 - 0x180;
							if(_t53 < 0x180) {
								_t53 = 0x180;
							}
							E01395C70( *(_t71 - 0x20), _t53);
						}
						_t48 =  *0x1448750; // 0x0
						__eflags = _t48;
						if(_t48 != 0) {
							_t45 = E0135B8F0( *(_t71 - 0x20), _t48);
							goto L27;
						} else {
							goto L20;
						}
					}
					 *((char*)(_t71 - 0x19)) = 0;
					L0137FAD0(__edx);
					 *(_t71 - 4) =  *(_t71 - 4) & 0x00000000;
					if( *_t70 != 0) {
						asm("lock inc dword [eax]");
						 *_t66 =  *_t70;
						 *((char*)(_t71 - 0x19)) = 1;
					}
					 *(_t71 - 4) = 0xfffffffe;
					E0137F9D6(_t60);
					if( *((char*)(_t71 - 0x19)) == 0) {
						goto L10;
					} else {
						_t31 = 0;
						goto L9;
					}
				}
			}















                            0x0137f86d
                            0x0137f86d
                            0x0137f86d
                            0x0137f86f
                            0x0137f874
                            0x0137f879
                            0x0137f87b
                            0x0137f87e
                            0x0137f880
                            0x0137f883
                            0x0137f888
                            0x013c47c9
                            0x013c47ce
                            0x00000000
                            0x0137f8b1
                            0x0137f8b4
                            0x0137f8f1
                            0x0137f8f1
                            0x0137f900
                            0x0137f902
                            0x0137f905
                            0x0137f907
                            0x0137f9a9
                            0x0137f9a9
                            0x0137f8e9
                            0x0137f8ee
                            0x0137f8ee
                            0x0137f90e
                            0x0137f913
                            0x0137f91c
                            0x0137f91e
                            0x0137f9e4
                            0x0137f98b
                            0x0137f98b
                            0x0137f992
                            0x0137f997
                            0x0137f99a
                            0x0137f99c
                            0x0137f9e9
                            0x0137f9ea
                            0x0137f9ea
                            0x0137f99e
                            0x0137f9a0
                            0x0137f9a7
                            0x0137f9a7
                            0x00000000
                            0x0137f9a0
                            0x0137f924
                            0x0137f92a
                            0x0137f9b0
                            0x0137f9b6
                            0x0137f982
                            0x0137f985
                            0x0137f987
                            0x0137f987
                            0x0137f987
                            0x00000000
                            0x0137f987
                            0x0137f9be
                            0x0137f9c6
                            0x0137f9cb
                            0x0137f9cb
                            0x0137f9cd
                            0x0137f9cf
                            0x0137f9d2
                            0x00000000
                            0x00000000
                            0x00000000
                            0x0137f9d4
                            0x0137f930
                            0x0137f935
                            0x0137f937
                            0x013c47a3
                            0x0137f93d
                            0x0137f942
                            0x0137f94a
                            0x0137f94c
                            0x0137f94e
                            0x0137f94e
                            0x0137f954
                            0x0137f95e
                            0x0137f961
                            0x0137f966
                            0x0137f968
                            0x0137f96a
                            0x0137f96a
                            0x0137f970
                            0x0137f970
                            0x0137f975
                            0x0137f97a
                            0x0137f97c
                            0x013c47b1
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x0137f97c
                            0x0137f8b6
                            0x0137f8bb
                            0x0137f8c0
                            0x0137f8c8
                            0x0137f8ca
                            0x0137f8cf
                            0x0137f8d1
                            0x0137f8d1
                            0x0137f8d5
                            0x0137f8dc
                            0x0137f8e5
                            0x00000000
                            0x0137f8e7
                            0x0137f8e7
                            0x00000000
                            0x0137f8e7
                            0x0137f8e5

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 60da021ebe7e7beac4a7caf26c5b98725294e3b18c96c950d464dd1758d5d4dd
                            • Instruction ID: 7ba7587fa2996680f7d71a3430b92dd2b0b94189252aa0dd6aeb28f5dfb82450
                            • Opcode Fuzzy Hash: 60da021ebe7e7beac4a7caf26c5b98725294e3b18c96c950d464dd1758d5d4dd
                            • Instruction Fuzzy Hash: 0041A471A00316EFEB32DFACC880BADB6B9BF5971CF140119E561E7251D778D8408B51
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 013E6365 Relevance: .1, Instructions: 123COMMON
                            Download Yara Rule
                            C-Code - Quality: 88%
                            			E013E6365(void* __ecx, void* __edx, signed short _a4, signed int* _a8, intOrPtr* _a12, intOrPtr* _a16, char* _a20) {
				intOrPtr _v8;
				void* _v12;
				void* _v16;
				intOrPtr _t30;
				intOrPtr _t36;
				intOrPtr _t39;
				intOrPtr* _t40;
				signed int* _t41;
				char* _t42;
				void* _t45;
				void* _t47;
				intOrPtr* _t49;
				signed int _t52;
				intOrPtr* _t53;
				intOrPtr _t56;
				void* _t61;
				void* _t62;
				void* _t63;
				void* _t64;
				signed int _t65;
				void* _t67;
				void* _t68;

				_t65 = _a4 & 0x0000ffff;
				_v12 = __edx;
				_t63 = __ecx;
				_t47 = E01374620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t65);
				_t30 = 0;
				_v8 = 0;
				if(_t47 == 0) {
					_t64 = 0xc0000017;
					L8:
					if(_t47 != 0) {
						L013777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t30, _t47);
					}
					return _t64;
				}
				_push( &_v16);
				_push(_t65);
				_push(_t47);
				_push(2);
				_push(_t63);
				_push(0xffffffff);
				_t64 = E01399730();
				if(_t64 < 0) {
					L7:
					_t30 = 0;
					goto L8;
				}
				_t49 =  *((intOrPtr*)(_t47 + 4));
				_t61 = _t49 + 2;
				do {
					_t36 =  *_t49;
					_t49 = _t49 + 2;
				} while (_t36 != _v8);
				_t52 = 2 + (_t49 - _t61 >> 1) * 2;
				_v16 = _t52;
				if(_t52 >= _t65) {
					_t64 = 0x80000005;
					goto L7;
				}
				E0139F3E0(_v12,  *((intOrPtr*)(_t47 + 4)), _t52);
				_t67 = L013A13D0(_v12, 0x5c);
				if(_t67 != 0) {
					_t68 = _t67 + 2;
					_t53 = _t68;
					_t15 = _t53 + 2; // 0x0
					_t62 = _t15;
					do {
						_t39 =  *_t53;
						_t53 = _t53 + 2;
					} while (_t39 != _v8);
					_t56 = (_t53 - _t62 >> 1) + (_t53 - _t62 >> 1);
					_v8 = _t56;
					if(_a12 == 0) {
						L17:
						_t40 = _a16;
						if(_t40 != 0) {
							 *_t40 = _t56;
						}
						_t41 = _a8;
						if(_t41 != 0) {
							 *_t41 = _t68 - _v12 & 0xfffffffe;
						}
						_t42 = _a20;
						if(_t42 != 0) {
							 *_t42 = 1;
						}
						goto L7;
					}
					_t19 = _t56 + 2; // -2
					_t45 = E01374620(_t56,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t19);
					 *_a12 = _t45;
					if(_t45 != 0) {
						E0139F3E0(_t45, _t68, _v8 + 2);
						_t56 = _v8;
						goto L17;
					}
					_t64 = 0xc0000017;
					goto L7;
				}
				_t64 = 0xc0000039;
				goto L7;
			}

























                            0x013e6375
                            0x013e6380
                            0x013e6383
                            0x013e638a
                            0x013e638c
                            0x013e638e
                            0x013e6393
                            0x013e64ab
                            0x013e63fc
                            0x013e63fe
                            0x013e640b
                            0x013e640b
                            0x013e6418
                            0x013e6418
                            0x013e639c
                            0x013e639d
                            0x013e639e
                            0x013e639f
                            0x013e63a1
                            0x013e63a2
                            0x013e63a9
                            0x013e63ad
                            0x013e63fa
                            0x013e63fa
                            0x00000000
                            0x013e63fa
                            0x013e63af
                            0x013e63b2
                            0x013e63b5
                            0x013e63b5
                            0x013e63b8
                            0x013e63bb
                            0x013e63c5
                            0x013e63cc
                            0x013e63d1
                            0x013e64a1
                            0x00000000
                            0x013e64a1
                            0x013e63df
                            0x013e63ec
                            0x013e63f3
                            0x013e641b
                            0x013e641e
                            0x013e6420
                            0x013e6420
                            0x013e6423
                            0x013e6423
                            0x013e6426
                            0x013e6429
                            0x013e6433
                            0x013e6439
                            0x013e643c
                            0x013e6476
                            0x013e6476
                            0x013e647b
                            0x013e647d
                            0x013e647d
                            0x013e647f
                            0x013e6484
                            0x013e648c
                            0x013e648c
                            0x013e648e
                            0x013e6493
                            0x013e6499
                            0x013e6499
                            0x00000000
                            0x013e6493
                            0x013e643e
                            0x013e644d
                            0x013e6455
                            0x013e6459
                            0x013e646b
                            0x013e6470
                            0x00000000
                            0x013e6473
                            0x013e645b
                            0x00000000
                            0x013e645b
                            0x013e63f5
                            0x00000000

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: be3b4a51cfa3edcff81842d127ee4f292402115a8f3185dbd1a32f25bb9fad36
                            • Instruction ID: e1171de4ca7d8203acff95fba7420bcd1599ff2709d8fba8ab6e378cc85de0c9
                            • Opcode Fuzzy Hash: be3b4a51cfa3edcff81842d127ee4f292402115a8f3185dbd1a32f25bb9fad36
                            • Instruction Fuzzy Hash: EF41F7B6600215EBDB25DF6CCC56BAF7BB9EF54718F194068E902AB290D734DD01CBA0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 01359450 Relevance: .1, Instructions: 123COMMON
                            Download Yara Rule
                            C-Code - Quality: 100%
                            			E01359450(intOrPtr _a4, intOrPtr* _a8, char _a12) {
				signed int _v8;
				signed short _v12;
				signed int _v16;
				void* _t31;
				signed int _t35;
				signed short _t37;
				signed int _t38;
				intOrPtr* _t40;
				signed int _t41;
				signed int _t42;
				signed int _t43;
				void* _t48;
				signed int _t49;
				signed short* _t51;
				void* _t52;
				signed short _t54;
				signed int _t55;
				signed int _t56;
				short* _t57;
				intOrPtr _t58;

				_t57 = 0;
				if(_a4 == 0) {
					L34:
					_t58 = 0xc000000d;
					L11:
					if(_t57 != 0) {
						E01359515(_t57);
					}
					L13:
					return _t58;
				}
				_t39 = _a8;
				if(_a8 == 0) {
					goto L34;
				}
				_t52 = 8;
				_t31 = 0x2a;
				_t45 = _t31;
				if(E013595A0(_t31, _t52) == 0) {
					_t58 = 0xc0000095;
					goto L13;
				}
				_t57 = E01374620(_t45,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t32);
				if(_t57 == 0) {
					_t58 = 0xc0000017;
					goto L13;
				} else {
					_t35 = 0x2a;
					_t58 = 0;
					if(E0135953A(_t35, _t39, _t57, _a4, 0, 0, _t35) == 0) {
						_t58 = 0xc0000001;
					}
					_t54 = 0;
					_t37 = 0;
					_v12 = 0;
					do {
						if(0 == _t37) {
							goto L8;
						}
						_t49 = _t37;
						_v16 = _t49;
						if( *((intOrPtr*)(_t57 + 4 + _t49 * 8)) != _t54) {
							if(0 >= _t37) {
								goto L8;
							}
							_t41 = _t37 & 0x0000ffff;
							_t13 = _t57 + 2; // 0x2
							_t51 = _t13;
							_t38 = _v16;
							_v8 = _t41;
							do {
								if(_t51[1] != _t54) {
									_t55 =  *(_t51 - 2) & 0x0000ffff;
									if(_t55 != 0) {
										_t43 =  *(_t57 + _t38 * 8) & 0x0000ffff;
										if(_t43 == 0) {
											_t41 = _v8;
										} else {
											_t41 = _v8;
											if(_t55 == _t43) {
												_t58 = 0xc0000001;
											}
										}
									}
									_t56 =  *_t51 & 0x0000ffff;
									if(_t56 > 0) {
										_t42 =  *(_t57 + 2 + _t38 * 8) & 0x0000ffff;
										if(_t42 <= 0) {
											_t41 = _v8;
										} else {
											_t41 = _v8;
											if(_t56 == _t42) {
												_t58 = 0xc0000001;
											}
										}
									}
									_t54 = 0;
								}
								_t51 =  &(_t51[4]);
								_t41 = _t41 - 1;
								_v8 = _t41;
							} while (_t41 != 0);
							_t37 = _v12;
						}
						L8:
						_t37 = _t37 + 1;
						_t48 = 0x2a;
						_v12 = _t37;
					} while (_t37 < _t48);
					_t40 = _a8;
					if(_a12 == 1 &&  *_t40 < _t54) {
						_t58 = 0xc0000001;
					}
					goto L11;
				}
			}























                            0x0135945b
                            0x01359460
                            0x013b38a3
                            0x013b38a3
                            0x013594f1
                            0x013594f3
                            0x013594f7
                            0x013594f7
                            0x013594fd
                            0x01359504
                            0x01359504
                            0x01359466
                            0x0135946b
                            0x00000000
                            0x00000000
                            0x01359473
                            0x01359476
                            0x01359477
                            0x01359480
                            0x013b3816
                            0x00000000
                            0x013b3816
                            0x01359497
                            0x0135949b
                            0x013b3820
                            0x00000000
                            0x013594a1
                            0x013594a3
                            0x013594a5
                            0x013594b7
                            0x01359507
                            0x01359507
                            0x013594b9
                            0x013594bb
                            0x013594bd
                            0x013594c0
                            0x013594c5
                            0x00000000
                            0x00000000
                            0x013594c7
                            0x013594ca
                            0x013594d1
                            0x013b382f
                            0x00000000
                            0x00000000
                            0x013b3835
                            0x013b3838
                            0x013b3838
                            0x013b383b
                            0x013b383e
                            0x013b3841
                            0x013b3844
                            0x013b3846
                            0x013b384d
                            0x013b384f
                            0x013b3856
                            0x013b3867
                            0x013b3858
                            0x013b385b
                            0x013b385e
                            0x013b3860
                            0x013b3860
                            0x013b385e
                            0x013b3856
                            0x013b386a
                            0x013b3870
                            0x013b3872
                            0x013b387a
                            0x013b388b
                            0x013b387c
                            0x013b387f
                            0x013b3882
                            0x013b3884
                            0x013b3884
                            0x013b3882
                            0x013b387a
                            0x013b388e
                            0x013b388e
                            0x013b3890
                            0x013b3893
                            0x013b3896
                            0x013b3896
                            0x013b389b
                            0x013b389b
                            0x013594d7
                            0x013594d9
                            0x013594da
                            0x013594db
                            0x013594de
                            0x013594e7
                            0x013594ea
                            0x0135950e
                            0x0135950e
                            0x00000000
                            0x013594ea

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 3fdd712a2fa0cfcb15263e76a605d83d9ed9224d7ed9c5f299158a8fb8885060
                            • Instruction ID: 2e4d9b192da79bcfd33ecd52bcba144968430ea425efbbb14bee07a142da24b5
                            • Opcode Fuzzy Hash: 3fdd712a2fa0cfcb15263e76a605d83d9ed9224d7ed9c5f299158a8fb8885060
                            • Instruction Fuzzy Hash: 71411571E00229DBDB21DE6D84C0BFA7F65FB94B2CF16806AEE459B640E6359E408391
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0135649B Relevance: .1, Instructions: 123COMMON
                            Download Yara Rule
                            C-Code - Quality: 89%
                            			E0135649B(signed int __ecx, signed int __edx) {
				signed int _v8;
				char _v40;
				void* _v80;
				short _v82;
				char _v84;
				short _v88;
				char _v92;
				void* _v96;
				void* _v98;
				void* _v100;
				void* _v104;
				void* _v106;
				void* _v108;
				void* _v112;
				void* _v120;
				void* _v122;
				void* _v124;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t37;
				short _t41;
				void* _t43;
				short _t45;
				void* _t65;
				short* _t71;
				void* _t72;
				void* _t74;
				void* _t76;
				signed int _t77;
				signed int _t79;

				_t69 = __edx;
				_t79 = (_t77 & 0xfffffff8) - 0x5c;
				_v8 =  *0x144d360 ^ _t79;
				_t71 = __edx;
				_v92 = 0;
				_v88 = 0;
				_v84 = 0;
				_v80 = 0;
				if(__edx == 0) {
					_t37 = 0xc000000d;
					L7:
					_pop(_t72);
					_pop(_t74);
					_pop(_t65);
					return E0139B640(_t37, _t65, _v8 ^ _t79, _t69, _t72, _t74);
				}
				_t75 = __ecx & 0x0000ffff;
				 *((short*)(__edx)) = 0;
				_v80 =  &_v40;
				_t41 = 0x1e;
				_v82 = _t41;
				_t43 = E01364720(__edx, __ecx & 0x0000ffff,  &_v84, 2, 0);
				if(_t43 < 0) {
					if(_t43 == 0xc0000023) {
						_v80 = 0;
						_v82 = 0;
						_t43 = E01364720(__edx, _t75,  &_v84, 2, 1);
					}
					if(_t43 >= 0) {
						goto L2;
					} else {
						_t76 = 0xc000000d;
						L4:
						if(_v88 != _t79 + 0x24) {
							L013777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v88);
						}
						if(_v80 !=  &_v40) {
							L013777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v80);
						}
						_t37 = _t76;
						goto L7;
					}
				}
				L2:
				_v88 = _t79 + 0x28;
				_t45 = 0x1e;
				 *((short*)(_t79 + 0x16)) = _t45;
				_t76 = E01362EB0(_t69, _v80,  &_v92, 6, 0);
				if(_t76 < 0) {
					if(_t76 == 0xc0000023) {
						_v88 = 0;
						 *((short*)(_t79 + 0x16)) = 0;
						_t76 = E01362EB0(_t69, _v80,  &_v92, 6, 1);
					}
					if(_t76 < 0) {
						goto L4;
					} else {
						goto L3;
					}
				}
				L3:
				if(0 != _v92) {
					_t76 = E01364570(_t69, _v88, _t79 + 0x24, 3);
					if(_t76 >= 0) {
						 *_t71 =  *((intOrPtr*)(_t79 + 0x20));
					}
				}
				goto L4;
			}


































                            0x0135649b
                            0x013564a3
                            0x013564ad
                            0x013564b6
                            0x013564b8
                            0x013564bc
                            0x013564c0
                            0x013564c4
                            0x013564ca
                            0x013b1905
                            0x01356550
                            0x01356554
                            0x01356555
                            0x01356556
                            0x01356561
                            0x01356561
                            0x013564d2
                            0x013564d5
                            0x013564de
                            0x013564e2
                            0x013564e4
                            0x013564f1
                            0x013564f8
                            0x013b1914
                            0x013b1918
                            0x013b191e
                            0x013b192b
                            0x013b192b
                            0x013b1932
                            0x00000000
                            0x013b1938
                            0x013b1938
                            0x01356532
                            0x0135653a
                            0x013b1984
                            0x013b1984
                            0x01356548
                            0x013b199c
                            0x013b199c
                            0x0135654e
                            0x00000000
                            0x0135654e
                            0x013b1932
                            0x013564fe
                            0x01356504
                            0x01356508
                            0x0135650a
                            0x0135651f
                            0x01356523
                            0x013b1948
                            0x013b194c
                            0x013b1952
                            0x013b1967
                            0x013b1967
                            0x013b196b
                            0x00000000
                            0x013b1971
                            0x00000000
                            0x013b1971
                            0x013b196b
                            0x01356529
                            0x01356530
                            0x01356572
                            0x01356576
                            0x0135657d
                            0x0135657d
                            0x01356576
                            0x00000000

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 3dc78966eea3d8491b25a4d79cd90fdf9359dbce50643b13cb7000e87dbe8f55
                            • Instruction ID: 6f78346c6a0204a7d223aba5c5d7c2d3ffe091fe6c7bf540cb769e3866b4f3be
                            • Opcode Fuzzy Hash: 3dc78966eea3d8491b25a4d79cd90fdf9359dbce50643b13cb7000e87dbe8f55
                            • Instruction Fuzzy Hash: DF418C725483469FD321DF28D941A6BF7E9EF84A58F40092AFA90D7250E730DE058BD3
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 01360100 Relevance: .1, Instructions: 122COMMON
                            Download Yara Rule
                            C-Code - Quality: 69%
                            			E01360100(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags) {
				signed char _t37;
				char _t38;
				intOrPtr _t42;
				signed int* _t43;
				signed int _t44;
				signed int _t48;
				char _t59;
				intOrPtr* _t61;
				intOrPtr _t62;
				signed int _t65;
				intOrPtr _t67;
				signed int _t70;
				signed int _t72;
				void* _t73;

				_push(0x1c);
				_push(0x142f848);
				_t37 = E013AD08C(__ebx, __edi, __esi);
				_t59 = 0;
				 *((char*)(_t73 - 0x19)) = 0;
				if( *((intOrPtr*)(_t73 + 8)) == 0) {
					_t38 = 0;
					L7:
					return E013AD0D1(_t38);
				}
				E01372280(_t37, 0x144861c);
				 *(_t73 - 4) =  *(_t73 - 4) & 0x00000000;
				_t72 =  *0x1446da4; // 0x0
				if(_t72 == 0) {
					_t59 = 1;
					L26:
					 *((char*)(_t73 - 0x19)) = _t59;
					L6:
					 *(_t73 - 4) = 0xfffffffe;
					E0136021A();
					_t38 = _t59;
					goto L7;
				}
				_t70 = _t72;
				 *(_t73 - 0x24) = _t70;
				_t42 =  *0x1446da0; // 0x0
				 *((intOrPtr*)(_t73 - 0x20)) = _t42;
				while(_t70 > 0) {
					_t65 = _t70 << 5;
					if( *((intOrPtr*)(_t65 + _t42 - 0x1c)) ==  *((intOrPtr*)(_t73 + 8))) {
						_t12 = _t42 - 0x20; // -32
						_t61 = _t12 + _t65;
						 *((intOrPtr*)(_t73 - 0x28)) = _t61;
						_t14 = _t61 + 0x10; // -16
						_t43 = _t14;
						 *(_t73 - 0x2c) = _t43;
						_t44 =  *_t43;
						if(_t44 == 0) {
							L21:
							_t62 =  *((intOrPtr*)(_t73 - 0x20));
							L16:
							if(_t70 != _t72) {
								_t27 = _t70 - 1; // -1
								E01359FF0(_t27);
							}
							_t72 = _t72 - 1;
							 *0x1446da4 = _t72;
							if(_t72 == 0) {
								L013777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t62);
								_t42 = 0;
								 *((intOrPtr*)(_t73 - 0x20)) = 0;
								 *0x1446da0 = 0;
								 *0x1446da8 =  *0x1446da8 & 0;
								L32:
								_t70 =  *(_t73 - 0x24);
								_t72 =  *0x1446da4; // 0x0
								L20:
								_t59 = 1;
								 *((char*)(_t73 - 0x19)) = 1;
								goto L5;
							}
							_t48 =  *0x1446da8; // 0x0
							_t49 = _t48 + 0xffffffe0;
							if(_t72 < _t48 + 0xffffffe0) {
								_t42 = L01378E10( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t62, _t49 << 5);
								 *((intOrPtr*)(_t73 - 0x20)) = _t42;
								if(_t42 != 0) {
									 *0x1446da0 = _t42;
									 *0x1446da8 =  *0x1446da8 - 0x20;
									goto L32;
								}
								_t59 = 0;
								goto L26;
							}
							_t42 =  *((intOrPtr*)(_t73 - 0x20));
							goto L20;
						}
						_t67 =  *((intOrPtr*)(_t73 + 0xc));
						if(_t67 != 0) {
							if(_t67 !=  *_t61) {
								goto L21;
							}
						}
						if(_t44 == 0xffffffff) {
							goto L21;
						}
						_push(_t44 & 0xfffffffc);
						if( *((intOrPtr*)(_t61 + 0x1c)) == 0xc0000019) {
							_push(0);
							_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
							L013777F0();
							_t70 =  *(_t73 - 0x24);
							_t61 =  *((intOrPtr*)(_t73 - 0x28));
						} else {
							_push(0xffffffff);
							E013997A0();
						}
						if( *(_t61 + 0x14) != 0) {
							_push( *(_t61 + 0x14));
							E013995D0();
							 *(_t61 + 0x14) =  *(_t61 + 0x14) & 0x00000000;
						}
						 *( *(_t73 - 0x2c)) =  *( *(_t73 - 0x2c)) & 0x00000000;
						_t72 =  *0x1446da4; // 0x0
						_t62 =  *0x1446da0; // 0x0
						 *((intOrPtr*)(_t73 - 0x20)) = _t62;
						goto L16;
					}
					L5:
					_t70 = _t70 - 1;
					 *(_t73 - 0x24) = _t70;
				}
				goto L6;
			}

















                            0x01360100
                            0x01360102
                            0x01360107
                            0x0136010c
                            0x0136010e
                            0x01360115
                            0x013b6127
                            0x0136016a
                            0x0136016f
                            0x0136016f
                            0x01360120
                            0x01360125
                            0x01360129
                            0x01360131
                            0x013b612e
                            0x013b6134
                            0x013b6134
                            0x0136015c
                            0x0136015c
                            0x01360163
                            0x01360168
                            0x00000000
                            0x01360168
                            0x01360137
                            0x01360139
                            0x0136013c
                            0x01360141
                            0x01360144
                            0x0136014a
                            0x01360154
                            0x01360172
                            0x01360175
                            0x01360177
                            0x0136017a
                            0x0136017a
                            0x0136017d
                            0x01360180
                            0x01360184
                            0x0136020b
                            0x0136020b
                            0x013601db
                            0x013601dd
                            0x01360210
                            0x01360213
                            0x01360213
                            0x013601df
                            0x013601e2
                            0x013601e8
                            0x013b6171
                            0x013b6176
                            0x013b6178
                            0x013b617b
                            0x013b6180
                            0x013b6194
                            0x013b6194
                            0x013b6197
                            0x01360201
                            0x01360201
                            0x01360203
                            0x00000000
                            0x01360203
                            0x013601ee
                            0x013601f3
                            0x013601f8
                            0x013b61b2
                            0x013b61b7
                            0x013b61bc
                            0x013b6188
                            0x013b618d
                            0x00000000
                            0x013b618d
                            0x013b6132
                            0x00000000
                            0x013b6132
                            0x013601fe
                            0x00000000
                            0x013601fe
                            0x0136018a
                            0x01360191
                            0x013b613f
                            0x00000000
                            0x00000000
                            0x013b6145
                            0x0136019a
                            0x00000000
                            0x00000000
                            0x0136019f
                            0x013601a7
                            0x013b614a
                            0x013b6152
                            0x013b6155
                            0x013b615a
                            0x013b615d
                            0x013601ad
                            0x013601ad
                            0x013601af
                            0x013601af
                            0x013601b8
                            0x013601ba
                            0x013601bd
                            0x013601c2
                            0x013601c2
                            0x013601c9
                            0x013601cc
                            0x013601d2
                            0x013601d8
                            0x00000000
                            0x013601d8
                            0x01360156
                            0x01360156
                            0x01360157
                            0x01360157
                            0x00000000

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 66866b5202ae7eed6a1302dcf952d0e34f62985b6047243d7125cd1a3faccfad
                            • Instruction ID: f054b306e22b9b7a2553c51f03189f26ecb9e8b0b5bfd8fc4d9ac473befa163e
                            • Opcode Fuzzy Hash: 66866b5202ae7eed6a1302dcf952d0e34f62985b6047243d7125cd1a3faccfad
                            • Instruction Fuzzy Hash: 8C41F0B5940209CFCF65CF68C9827EA7BB8FF5531CF054115E5126B6AAD3348981CB60
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0136B433 Relevance: .1, Instructions: 109COMMON
                            Download Yara Rule
                            C-Code - Quality: 72%
                            			E0136B433(intOrPtr __ecx, signed int __edx, intOrPtr _a4, char _a8) {
				char _v5;
				intOrPtr _v12;
				char _v16;
				signed int _v20;
				char _v24;
				void* __ebx;
				short _t48;
				intOrPtr* _t51;
				char* _t52;
				signed int _t61;
				void* _t63;
				signed int _t71;
				intOrPtr _t73;
				void* _t74;

				_t73 = __ecx;
				_v5 = __edx;
				_v12 = __ecx;
				_t65 = __edx;
				_t71 = 1 << __edx;
				if(1 > 0x78000) {
					_t71 = 0x78000;
				}
				_t58 = _t71;
				if(_a8 != 0) {
					_t13 = _t71 + 0x2000; // 0x2001
					_t58 = _t13;
				}
				E0136EEF0( *((intOrPtr*)(_t73 + 0xc8)));
				_t74 = E01374620(_t65, _t73, 0x800001, _t58);
				if(_t74 == 0) {
					E0136EB70(_t65,  *((intOrPtr*)(_v12 + 0xc8)));
					L8:
					return _t74;
				}
				if(_a8 != 0) {
					_t15 = _t74 + 0xfff; // 0xfff
					_t61 = _t15 + _t71 & 0xfffff000;
					_v20 = _t61;
					_t63 = _t61 - _t74 + 0x1000;
					_t74 = L01378E10(_v12, 0x800001, _t74, _t63);
					E0136EB70(_t65,  *((intOrPtr*)(_v12 + 0xc8)));
					_v16 = 0x1000;
					_push( &_v24);
					_push(1);
					_push( &_v16);
					_push( &_v20);
					_push(0xffffffff);
					E01399A00();
					_t58 = _t63 - 0x1000;
					 *((char*)(_t74 + 9)) = 1;
					_t48 = _t63 - 0x1000 - _t71;
					_t72 = _v12;
				} else {
					_t72 = _v12;
					E0136EB70(_t65,  *((intOrPtr*)(_v12 + 0xc8)));
					_t48 = 0;
					 *((char*)(_t74 + 9)) = 0;
				}
				 *((short*)(_t74 + 0xa)) = _t48;
				 *((char*)(_t74 + 8)) = _v5;
				_t51 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t51 != 0) {
					if( *_t51 == 0) {
						goto L6;
					}
					_t52 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					goto L7;
				} else {
					L6:
					_t52 = 0x7ffe0380;
					L7:
					if( *_t52 != 0) {
						if(( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
							E01411843(_t58, _t72, _t74, _t58, _a4);
						}
					}
					goto L8;
				}
			}

















                            0x0136b442
                            0x0136b444
                            0x0136b448
                            0x0136b44b
                            0x0136b452
                            0x0136b456
                            0x013ba7da
                            0x013ba7da
                            0x0136b460
                            0x0136b462
                            0x0136b4d2
                            0x0136b4d2
                            0x0136b4d2
                            0x0136b46a
                            0x0136b47b
                            0x0136b47f
                            0x013ba7ea
                            0x0136b4c8
                            0x0136b4cf
                            0x0136b4cf
                            0x0136b489
                            0x0136b4dd
                            0x0136b4e5
                            0x0136b4eb
                            0x0136b4f0
                            0x0136b503
                            0x0136b50e
                            0x0136b516
                            0x0136b51d
                            0x0136b51e
                            0x0136b523
                            0x0136b527
                            0x0136b528
                            0x0136b52a
                            0x0136b52f
                            0x0136b535
                            0x0136b53b
                            0x0136b53d
                            0x0136b48b
                            0x0136b48b
                            0x0136b494
                            0x0136b499
                            0x0136b49b
                            0x0136b49b
                            0x0136b49e
                            0x0136b4a5
                            0x0136b4ae
                            0x0136b4b3
                            0x013ba7f7
                            0x00000000
                            0x00000000
                            0x013ba806
                            0x00000000
                            0x0136b4b9
                            0x0136b4b9
                            0x0136b4b9
                            0x0136b4be
                            0x0136b4c1
                            0x013ba81d
                            0x013ba82b
                            0x013ba82b
                            0x013ba81d
                            0x00000000
                            0x0136b4c1

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 9ce7baec8dd61d033a2283f6c29e1c0cbcb02c42f85a1c7a17e92119e31cdb3b
                            • Instruction ID: a94850fda78cc4c9560813843359b219aa3891768416b20cfb4a981349a4603b
                            • Opcode Fuzzy Hash: 9ce7baec8dd61d033a2283f6c29e1c0cbcb02c42f85a1c7a17e92119e31cdb3b
                            • Instruction Fuzzy Hash: A0412831604649AFDB12CBACCC84BDABBBCAF10348F0485A6E455E7756D6749944CB60
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 013D69A6 Relevance: .1, Instructions: 108COMMON
                            Download Yara Rule
                            C-Code - Quality: 69%
                            			E013D69A6(signed short* __ecx, void* __eflags) {
				signed int _v8;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				signed short _v28;
				signed int _v32;
				intOrPtr _v36;
				signed int _v40;
				char* _v44;
				signed int _v48;
				intOrPtr _v52;
				signed int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				char _v72;
				signed short* _v76;
				signed int _v80;
				char _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t68;
				intOrPtr _t73;
				signed short* _t74;
				void* _t77;
				void* _t78;
				signed int _t79;
				signed int _t80;

				_v8 =  *0x144d360 ^ _t80;
				_t75 = 0x100;
				_v64 = _v64 & 0x00000000;
				_v76 = __ecx;
				_t79 = 0;
				_t68 = 0;
				_v72 = 1;
				_v68 =  *((intOrPtr*)( *[fs:0x18] + 0x20));
				_t77 = 0;
				if(L01366C59(__ecx[2], 0x100, __eflags) != 0) {
					_t79 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
					if(_t79 != 0 && E013D6BA3() != 0) {
						_push(0);
						_push(0);
						_push(0);
						_push(0x1f0003);
						_push( &_v64);
						if(E01399980() >= 0) {
							E01372280(_t56, 0x1448778);
							_t77 = 1;
							_t68 = 1;
							if( *0x1448774 == 0) {
								asm("cdq");
								 *(_t79 + 0xf70) = _v64;
								 *(_t79 + 0xf74) = 0x100;
								_t75 = 0;
								_t73 = 4;
								_v60 =  &_v68;
								_v52 = _t73;
								_v36 = _t73;
								_t74 = _v76;
								_v44 =  &_v72;
								 *0x1448774 = 1;
								_v56 = 0;
								_v28 = _t74[2];
								_v48 = 0;
								_v20 = ( *_t74 & 0x0000ffff) + 2;
								_v40 = 0;
								_v32 = 0;
								_v24 = 0;
								_v16 = 0;
								if(E0135B6F0(0x133c338, 0x133c288, 3,  &_v60) == 0) {
									_v80 = _v80 | 0xffffffff;
									_push( &_v84);
									_push(0);
									_push(_v64);
									_v84 = 0xfa0a1f00;
									E01399520();
								}
							}
						}
					}
				}
				if(_v64 != 0) {
					_push(_v64);
					E013995D0();
					 *(_t79 + 0xf70) =  *(_t79 + 0xf70) & 0x00000000;
					 *(_t79 + 0xf74) =  *(_t79 + 0xf74) & 0x00000000;
				}
				if(_t77 != 0) {
					E0136FFB0(_t68, _t77, 0x1448778);
				}
				_pop(_t78);
				return E0139B640(_t68, _t68, _v8 ^ _t80, _t75, _t78, _t79);
			}
































                            0x013d69b5
                            0x013d69be
                            0x013d69c3
                            0x013d69c9
                            0x013d69cc
                            0x013d69d1
                            0x013d69d3
                            0x013d69de
                            0x013d69e1
                            0x013d69ea
                            0x013d69f6
                            0x013d69fe
                            0x013d6a13
                            0x013d6a14
                            0x013d6a15
                            0x013d6a16
                            0x013d6a1e
                            0x013d6a26
                            0x013d6a31
                            0x013d6a36
                            0x013d6a37
                            0x013d6a40
                            0x013d6a49
                            0x013d6a4a
                            0x013d6a53
                            0x013d6a59
                            0x013d6a5d
                            0x013d6a5e
                            0x013d6a64
                            0x013d6a67
                            0x013d6a6a
                            0x013d6a6d
                            0x013d6a70
                            0x013d6a77
                            0x013d6a7d
                            0x013d6a86
                            0x013d6a89
                            0x013d6a9c
                            0x013d6a9f
                            0x013d6aa2
                            0x013d6aa5
                            0x013d6aaf
                            0x013d6ab1
                            0x013d6ab8
                            0x013d6ab9
                            0x013d6abb
                            0x013d6abe
                            0x013d6ac5
                            0x013d6ac5
                            0x013d6aaf
                            0x013d6a40
                            0x013d6a26
                            0x013d69fe
                            0x013d6ace
                            0x013d6ad0
                            0x013d6ad3
                            0x013d6ad8
                            0x013d6adf
                            0x013d6adf
                            0x013d6ae8
                            0x013d6aef
                            0x013d6aef
                            0x013d6af9
                            0x013d6b06

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: a154ad5ee572f6141870df3f48a52db8de470d53f48dd75d180168572a902b96
                            • Instruction ID: 422c68270727ffc3aab4b8a9139d5de81e75c854cf23c3e325d0df8c51fbec6e
                            • Opcode Fuzzy Hash: a154ad5ee572f6141870df3f48a52db8de470d53f48dd75d180168572a902b96
                            • Instruction Fuzzy Hash: 7B41A2B2D002099FEB20CFA9D941BFEBBF8FF48718F14812AE954A7250DB749905CB51
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 01355210 Relevance: .1, Instructions: 107COMMON
                            Download Yara Rule
                            C-Code - Quality: 85%
                            			E01355210(intOrPtr _a4, void* _a8) {
				void* __ecx;
				intOrPtr _t31;
				signed int _t32;
				signed int _t33;
				intOrPtr _t35;
				signed int _t52;
				void* _t54;
				void* _t56;
				unsigned int _t59;
				signed int _t60;
				void* _t61;

				_t61 = E013552A5(1);
				if(_t61 == 0) {
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					_t54 =  *((intOrPtr*)(_t31 + 0x28));
					_t59 =  *(_t31 + 0x24) & 0x0000ffff;
				} else {
					_t54 =  *((intOrPtr*)(_t61 + 0x10));
					_t59 =  *(_t61 + 0xc) & 0x0000ffff;
				}
				_t60 = _t59 >> 1;
				_t32 = 0x3a;
				if(_t60 < 2 ||  *((intOrPtr*)(_t54 + _t60 * 2 - 4)) == _t32) {
					_t52 = _t60 + _t60;
					if(_a4 > _t52) {
						goto L5;
					}
					if(_t61 != 0) {
						asm("lock xadd [esi], eax");
						if((_t32 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E013995D0();
							L013777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					} else {
						E0136EB70(_t54, 0x14479a0);
					}
					_t26 = _t52 + 2; // 0xddeeddf0
					return _t26;
				} else {
					_t52 = _t60 + _t60;
					if(_a4 < _t52) {
						if(_t61 != 0) {
							asm("lock xadd [esi], eax");
							if((_t32 | 0xffffffff) == 0) {
								_push( *((intOrPtr*)(_t61 + 4)));
								E013995D0();
								L013777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
							}
						} else {
							E0136EB70(_t54, 0x14479a0);
						}
						return _t52;
					}
					L5:
					_t33 = E0139F3E0(_a8, _t54, _t52);
					if(_t61 == 0) {
						E0136EB70(_t54, 0x14479a0);
					} else {
						asm("lock xadd [esi], eax");
						if((_t33 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E013995D0();
							L013777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					}
					_t35 = _a8;
					if(_t60 <= 1) {
						L9:
						_t60 = _t60 - 1;
						 *((short*)(_t52 + _t35 - 2)) = 0;
						goto L10;
					} else {
						_t56 = 0x3a;
						if( *((intOrPtr*)(_t35 + _t60 * 2 - 4)) == _t56) {
							 *((short*)(_t52 + _t35)) = 0;
							L10:
							return _t60 + _t60;
						}
						goto L9;
					}
				}
			}














                            0x01355220
                            0x01355224
                            0x013b0d13
                            0x013b0d16
                            0x013b0d19
                            0x0135522a
                            0x0135522a
                            0x0135522d
                            0x0135522d
                            0x01355231
                            0x01355235
                            0x01355239
                            0x013b0d5c
                            0x013b0d62
                            0x00000000
                            0x00000000
                            0x013b0d6a
                            0x013b0d7b
                            0x013b0d7f
                            0x013b0d81
                            0x013b0d84
                            0x013b0d95
                            0x013b0d95
                            0x013b0d6c
                            0x013b0d71
                            0x013b0d71
                            0x013b0d9a
                            0x00000000
                            0x0135524a
                            0x0135524a
                            0x01355250
                            0x013b0d24
                            0x013b0d35
                            0x013b0d39
                            0x013b0d3b
                            0x013b0d3e
                            0x013b0d50
                            0x013b0d50
                            0x013b0d26
                            0x013b0d2b
                            0x013b0d2b
                            0x00000000
                            0x013b0d55
                            0x01355256
                            0x0135525b
                            0x01355265
                            0x013b0da7
                            0x0135526b
                            0x0135526e
                            0x01355272
                            0x013b0db1
                            0x013b0db4
                            0x013b0dc5
                            0x013b0dc5
                            0x01355272
                            0x01355278
                            0x0135527e
                            0x0135528a
                            0x0135528c
                            0x0135528d
                            0x00000000
                            0x01355280
                            0x01355282
                            0x01355288
                            0x0135529f
                            0x01355292
                            0x00000000
                            0x01355292
                            0x00000000
                            0x01355288
                            0x0135527e

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: d43d5e1cf5d52bf1632f579e65625f68dfd402686dba237aa87d1e274ad22bdf
                            • Instruction ID: deb7b583920a379819cbfa24a1e5d91c3e2a95e5ec1bbb00eaa409994eff303b
                            • Opcode Fuzzy Hash: d43d5e1cf5d52bf1632f579e65625f68dfd402686dba237aa87d1e274ad22bdf
                            • Instruction Fuzzy Hash: 5E31D331251605EBDB269B1CC881FAB7779AF10BA8F11462EFA554B9E0E770B841C790
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0138A61C Relevance: .1, Instructions: 106COMMON
                            Download Yara Rule
                            C-Code - Quality: 78%
                            			E0138A61C(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				intOrPtr _t39;
				intOrPtr _t45;
				intOrPtr* _t51;
				intOrPtr* _t52;
				intOrPtr* _t55;
				signed int _t57;
				intOrPtr* _t59;
				intOrPtr _t68;
				intOrPtr* _t77;
				void* _t79;
				signed int _t80;
				intOrPtr _t81;
				char* _t82;
				void* _t83;

				_push(0x24);
				_push(0x1430220);
				E013AD08C(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t83 - 0x30)) = __edx;
				_t79 = __ecx;
				_t35 =  *0x1447b9c; // 0x0
				_t55 = E01374620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t35 + 0xc0000, 0x28);
				 *((intOrPtr*)(_t83 - 0x24)) = _t55;
				if(_t55 == 0) {
					_t39 = 0xc0000017;
					L11:
					return E013AD0D1(_t39);
				}
				_t68 = 0;
				 *((intOrPtr*)(_t83 - 0x1c)) = 0;
				 *(_t83 - 4) =  *(_t83 - 4) & 0;
				_t7 = _t55 + 8; // 0x8
				_t57 = 6;
				memcpy(_t7, _t79, _t57 << 2);
				_t80 = 0xfffffffe;
				 *(_t83 - 4) = _t80;
				if(0 < 0) {
					L14:
					_t81 =  *((intOrPtr*)(_t83 - 0x1c));
					L20:
					L013777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t55);
					_t39 = _t81;
					goto L11;
				}
				if( *((intOrPtr*)(_t55 + 0xc)) <  *(_t55 + 8)) {
					_t81 = 0xc000007b;
					goto L20;
				}
				if( *((intOrPtr*)(_t83 + 0xc)) == 0) {
					_t59 =  *((intOrPtr*)(_t83 + 8));
					_t45 =  *_t59;
					 *((intOrPtr*)(_t83 - 0x20)) = _t45;
					 *_t59 = _t45 + 1;
					L6:
					 *(_t83 - 4) = 1;
					 *((intOrPtr*)( *((intOrPtr*)(_t55 + 0x10)))) =  *((intOrPtr*)(_t83 - 0x20));
					 *(_t83 - 4) = _t80;
					if(_t68 < 0) {
						_t82 =  *((intOrPtr*)(_t83 + 0xc));
						if(_t82 == 0) {
							goto L14;
						}
						asm("btr eax, ecx");
						_t81 =  *((intOrPtr*)(_t83 - 0x1c));
						if( *_t82 != 0) {
							 *0x1447b10 =  *0x1447b10 - 8;
						}
						goto L20;
					}
					 *((intOrPtr*)(_t55 + 0x24)) =  *((intOrPtr*)(_t83 - 0x20));
					 *((intOrPtr*)(_t55 + 0x20)) =  *((intOrPtr*)(_t83 - 0x30));
					_t51 =  *0x144536c; // 0x77e15368
					if( *_t51 != 0x1445368) {
						_push(3);
						asm("int 0x29");
						goto L14;
					}
					 *_t55 = 0x1445368;
					 *((intOrPtr*)(_t55 + 4)) = _t51;
					 *_t51 = _t55;
					 *0x144536c = _t55;
					_t52 =  *((intOrPtr*)(_t83 + 0x10));
					if(_t52 != 0) {
						 *_t52 = _t55;
					}
					_t39 = 0;
					goto L11;
				}
				_t77 =  *((intOrPtr*)(_t83 + 8));
				_t68 = E0138A70E(_t77,  *((intOrPtr*)(_t83 + 0xc)));
				 *((intOrPtr*)(_t83 - 0x1c)) = _t68;
				if(_t68 < 0) {
					goto L14;
				}
				 *((intOrPtr*)(_t83 - 0x20)) =  *_t77;
				goto L6;
			}


















                            0x0138a61c
                            0x0138a61e
                            0x0138a623
                            0x0138a628
                            0x0138a62b
                            0x0138a62d
                            0x0138a648
                            0x0138a64a
                            0x0138a64f
                            0x013c9b44
                            0x0138a6ec
                            0x0138a6f1
                            0x0138a6f1
                            0x0138a655
                            0x0138a657
                            0x0138a65a
                            0x0138a65d
                            0x0138a662
                            0x0138a663
                            0x0138a667
                            0x0138a668
                            0x0138a66d
                            0x0138a706
                            0x0138a706
                            0x013c9bda
                            0x013c9be6
                            0x013c9beb
                            0x00000000
                            0x013c9beb
                            0x0138a679
                            0x013c9b7a
                            0x00000000
                            0x013c9b7a
                            0x0138a683
                            0x0138a6f4
                            0x0138a6f7
                            0x0138a6f9
                            0x0138a6fd
                            0x0138a6a0
                            0x0138a6a0
                            0x0138a6ad
                            0x0138a6af
                            0x0138a6b4
                            0x013c9ba7
                            0x013c9bac
                            0x00000000
                            0x00000000
                            0x013c9bc6
                            0x013c9bce
                            0x013c9bd1
                            0x013c9bd3
                            0x013c9bd3
                            0x00000000
                            0x013c9bd1
                            0x0138a6bd
                            0x0138a6c3
                            0x0138a6c6
                            0x0138a6d2
                            0x0138a701
                            0x0138a704
                            0x00000000
                            0x0138a704
                            0x0138a6d4
                            0x0138a6d6
                            0x0138a6d9
                            0x0138a6db
                            0x0138a6e1
                            0x0138a6e6
                            0x0138a6e8
                            0x0138a6e8
                            0x0138a6ea
                            0x00000000
                            0x0138a6ea
                            0x0138a688
                            0x0138a692
                            0x0138a694
                            0x0138a699
                            0x00000000
                            0x00000000
                            0x0138a69d
                            0x00000000

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: f0026fd3e3afbc783852c821610805dd9a5acef04dbf00bf4fee2fef13028e9f
                            • Instruction ID: 10106b261a81c8e316aee1f3bf4f5ee3aef9f1739f8964dac6831ec3e48baa9a
                            • Opcode Fuzzy Hash: f0026fd3e3afbc783852c821610805dd9a5acef04dbf00bf4fee2fef13028e9f
                            • Instruction Fuzzy Hash: 1E4179B5A00309DFCB15DF98C880B99BBF1FB89718F1580AAE905AB358C774AD01CB90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0137C182 Relevance: .1, Instructions: 104COMMON
                            Download Yara Rule
                            C-Code - Quality: 68%
                            			E0137C182(void* __ecx, unsigned int* __edx, intOrPtr _a4) {
				signed int* _v8;
				char _v16;
				void* __ebx;
				void* __edi;
				signed char _t33;
				signed char _t43;
				signed char _t48;
				signed char _t62;
				void* _t63;
				intOrPtr _t69;
				intOrPtr _t71;
				unsigned int* _t82;
				void* _t83;

				_t80 = __ecx;
				_t82 = __edx;
				_t33 =  *((intOrPtr*)(__ecx + 0xde));
				_t62 = _t33 >> 0x00000001 & 0x00000001;
				if((_t33 & 0x00000001) != 0) {
					_v8 = ((0 | _t62 != 0x00000000) - 0x00000001 & 0x00000048) + 8 + __edx;
					if(E01377D50() != 0) {
						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					} else {
						_t43 = 0x7ffe0386;
					}
					if( *_t43 != 0) {
						_t43 = E01428D34(_v8, _t80);
					}
					E01372280(_t43, _t82);
					if( *((char*)(_t80 + 0xdc)) == 0) {
						E0136FFB0(_t62, _t80, _t82);
						 *(_t80 + 0xde) =  *(_t80 + 0xde) | 0x00000004;
						_t30 = _t80 + 0xd0; // 0xd0
						_t83 = _t30;
						E01428833(_t83,  &_v16);
						_t81 = _t80 + 0x90;
						E0136FFB0(_t62, _t80 + 0x90, _t80 + 0x90);
						_t63 = 0;
						_push(0);
						_push(_t83);
						_t48 = E0139B180();
						if(_a4 != 0) {
							E01372280(_t48, _t81);
						}
					} else {
						_t69 = _v8;
						_t12 = _t80 + 0x98; // 0x98
						_t13 = _t69 + 0xc; // 0x575651ff
						E0137BB2D(_t13, _t12);
						_t71 = _v8;
						_t15 = _t80 + 0xb0; // 0xb0
						_t16 = _t71 + 8; // 0x8b000cc2
						E0137BB2D(_t16, _t15);
						E0137B944(_v8, _t62);
						 *((char*)(_t80 + 0xdc)) = 0;
						E0136FFB0(0, _t80, _t82);
						 *((intOrPtr*)(_t80 + 0xd8)) = 0;
						 *((intOrPtr*)(_t80 + 0xc8)) = 0;
						 *((intOrPtr*)(_t80 + 0xcc)) = 0;
						 *(_t80 + 0xde) = 0;
						if(_a4 == 0) {
							_t25 = _t80 + 0x90; // 0x90
							E0136FFB0(0, _t80, _t25);
						}
						_t63 = 1;
					}
					return _t63;
				}
				 *((intOrPtr*)(__ecx + 0xc8)) = 0;
				 *((intOrPtr*)(__ecx + 0xcc)) = 0;
				if(_a4 == 0) {
					_t24 = _t80 + 0x90; // 0x90
					E0136FFB0(0, __ecx, _t24);
				}
				return 0;
			}
















                            0x0137c18d
                            0x0137c18f
                            0x0137c191
                            0x0137c19b
                            0x0137c1a0
                            0x0137c1d4
                            0x0137c1de
                            0x013c2d6e
                            0x0137c1e4
                            0x0137c1e4
                            0x0137c1e4
                            0x0137c1ec
                            0x013c2d7d
                            0x013c2d7d
                            0x0137c1f3
                            0x0137c1ff
                            0x013c2d88
                            0x013c2d8d
                            0x013c2d94
                            0x013c2d94
                            0x013c2d9f
                            0x013c2da4
                            0x013c2dab
                            0x013c2db0
                            0x013c2db2
                            0x013c2db3
                            0x013c2db4
                            0x013c2dbc
                            0x013c2dc3
                            0x013c2dc3
                            0x0137c205
                            0x0137c205
                            0x0137c208
                            0x0137c20e
                            0x0137c211
                            0x0137c216
                            0x0137c219
                            0x0137c21f
                            0x0137c222
                            0x0137c22c
                            0x0137c234
                            0x0137c23a
                            0x0137c23f
                            0x0137c245
                            0x0137c24b
                            0x0137c251
                            0x0137c25a
                            0x0137c276
                            0x0137c27d
                            0x0137c27d
                            0x0137c25c
                            0x0137c25c
                            0x00000000
                            0x0137c25e
                            0x0137c1a4
                            0x0137c1aa
                            0x0137c1b3
                            0x0137c265
                            0x0137c26c
                            0x0137c26c
                            0x00000000

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                            • Instruction ID: 97837719eb5da99b84cb2e77500b508ae5ebcfd6a773979921bc03c5a6ebb9a1
                            • Opcode Fuzzy Hash: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                            • Instruction Fuzzy Hash: FC315E7260154BBEDB15EBB8D490BEAF768BF6210CF04916AC41C47205DB3C5949CBD0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 013D7016 Relevance: .1, Instructions: 104COMMON
                            Download Yara Rule
                            C-Code - Quality: 76%
                            			E013D7016(short __ecx, intOrPtr __edx, char _a4, char _a8, signed short* _a12, signed short* _a16) {
				signed int _v8;
				char _v588;
				intOrPtr _v592;
				intOrPtr _v596;
				signed short* _v600;
				char _v604;
				short _v606;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short* _t55;
				void* _t56;
				signed short* _t58;
				signed char* _t61;
				char* _t68;
				void* _t69;
				void* _t71;
				void* _t72;
				signed int _t75;

				_t64 = __edx;
				_t77 = (_t75 & 0xfffffff8) - 0x25c;
				_v8 =  *0x144d360 ^ (_t75 & 0xfffffff8) - 0x0000025c;
				_t55 = _a16;
				_v606 = __ecx;
				_t71 = 0;
				_t58 = _a12;
				_v596 = __edx;
				_v600 = _t58;
				_t68 =  &_v588;
				if(_t58 != 0) {
					_t71 = ( *_t58 & 0x0000ffff) + 2;
					if(_t55 != 0) {
						_t71 = _t71 + ( *_t55 & 0x0000ffff) + 2;
					}
				}
				_t8 = _t71 + 0x2a; // 0x28
				_t33 = _t8;
				_v592 = _t8;
				if(_t71 <= 0x214) {
					L6:
					 *((short*)(_t68 + 6)) = _v606;
					if(_t64 != 0xffffffff) {
						asm("cdq");
						 *((intOrPtr*)(_t68 + 0x20)) = _t64;
						 *((char*)(_t68 + 0x28)) = _a4;
						 *((intOrPtr*)(_t68 + 0x24)) = _t64;
						 *((char*)(_t68 + 0x29)) = _a8;
						if(_t71 != 0) {
							_t22 = _t68 + 0x2a; // 0x2a
							_t64 = _t22;
							E013D6B4C(_t58, _t22, _t71,  &_v604);
							if(_t55 != 0) {
								_t25 = _v604 + 0x2a; // 0x2a
								_t64 = _t25 + _t68;
								E013D6B4C(_t55, _t25 + _t68, _t71 - _v604,  &_v604);
							}
							if(E01377D50() == 0) {
								_t61 = 0x7ffe0384;
							} else {
								_t61 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							}
							_push(_t68);
							_push(_v592 + 0xffffffe0);
							_push(0x402);
							_push( *_t61 & 0x000000ff);
							E01399AE0();
						}
					}
					_t35 =  &_v588;
					if( &_v588 != _t68) {
						_t35 = L013777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t68);
					}
					L16:
					_pop(_t69);
					_pop(_t72);
					_pop(_t56);
					return E0139B640(_t35, _t56, _v8 ^ _t77, _t64, _t69, _t72);
				}
				_t68 = E01374620(_t58,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t33);
				if(_t68 == 0) {
					goto L16;
				} else {
					_t58 = _v600;
					_t64 = _v596;
					goto L6;
				}
			}






















                            0x013d7016
                            0x013d701e
                            0x013d702b
                            0x013d7033
                            0x013d7037
                            0x013d703c
                            0x013d703e
                            0x013d7041
                            0x013d7045
                            0x013d704a
                            0x013d7050
                            0x013d7055
                            0x013d705a
                            0x013d7062
                            0x013d7062
                            0x013d705a
                            0x013d7064
                            0x013d7064
                            0x013d7067
                            0x013d7071
                            0x013d7096
                            0x013d709b
                            0x013d70a2
                            0x013d70a6
                            0x013d70a7
                            0x013d70ad
                            0x013d70b3
                            0x013d70b6
                            0x013d70bb
                            0x013d70c3
                            0x013d70c3
                            0x013d70c6
                            0x013d70cd
                            0x013d70dd
                            0x013d70e0
                            0x013d70e2
                            0x013d70e2
                            0x013d70ee
                            0x013d7101
                            0x013d70f0
                            0x013d70f9
                            0x013d70f9
                            0x013d710a
                            0x013d710e
                            0x013d7112
                            0x013d7117
                            0x013d7118
                            0x013d7118
                            0x013d70bb
                            0x013d711d
                            0x013d7123
                            0x013d7131
                            0x013d7131
                            0x013d7136
                            0x013d713d
                            0x013d713e
                            0x013d713f
                            0x013d714a
                            0x013d714a
                            0x013d7084
                            0x013d7088
                            0x00000000
                            0x013d708e
                            0x013d708e
                            0x013d7092
                            0x00000000
                            0x013d7092

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: bace3cbbfd77b76325fd8b46b5ec8c1697cd3d027c63103c090fd8445a6d78ef
                            • Instruction ID: fd8655c6bfb9062d2c6b0856cae96dee110f2a8feaf90bef2ee4a15bc13b9e8e
                            • Opcode Fuzzy Hash: bace3cbbfd77b76325fd8b46b5ec8c1697cd3d027c63103c090fd8445a6d78ef
                            • Instruction Fuzzy Hash: 6131C2736047919FC320DF6CD841A6AB7E9FF88708F044A29F99587690E734E904C7A6
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 01358466 Relevance: .1, Instructions: 102COMMON
                            Download Yara Rule
                            C-Code - Quality: 71%
                            			E01358466(void* __ebx, intOrPtr __ecx, intOrPtr* __edx, signed int _a4) {
				intOrPtr _v0;
				char _v8;
				intOrPtr _v12;
				void* __edi;
				void* __esi;
				intOrPtr* _t21;
				char* _t22;
				intOrPtr _t25;
				intOrPtr* _t31;
				void* _t34;
				intOrPtr _t39;
				void* _t43;
				intOrPtr* _t54;
				intOrPtr* _t59;
				void* _t61;

				_t52 = __edx;
				_t43 = __ebx;
				_push(__ecx);
				_push(__ecx);
				_t54 = __edx;
				_v12 = __ecx;
				if(E0138BD39(__ecx) < 0) {
					L14:
					_t21 = 0;
					goto L12;
				} else {
					_t22 =  &_v8;
					_push(_t22);
					_push(0x1334704);
					L16();
					if(_t22 >= 0) {
						if(_v8 != 0) {
							goto L14;
						} else {
							goto L2;
						}
					} else {
						L2:
						_t47 = 0;
						E01395DBF(_t43, 0, _t52, _t54);
						if(E013693A0() != 0) {
							_t25 =  *0x144b21c; // 0x0
						} else {
							_t25 =  *((intOrPtr*)( *[fs:0x30] + 0x18));
						}
						_t59 = E01374620(_t47, _t25, 0, 0x10);
						if(_t59 == 0) {
							L11:
							E01395DBF(_t43, 1, _t52, _t54);
							_t21 = _t59;
							L12:
							return _t21;
						} else {
							 *((intOrPtr*)(_t59 + 8)) = 1;
							 *((intOrPtr*)(_t59 + 0xc)) = E0138F3A0(_t47, _t52, _t54, _t43);
							_t7 = 0x144b330 + _a4 * 0xc; // -21279527
							_t54 = _t7;
							E01372280(E0138BDFC(0x144b32c + _a4 * 0xc, _t47, _t52, _t54, _t59, 0),  *((intOrPtr*)(0x144b32c + _a4 * 0xc)));
							if( *_t54 == _t54) {
								_t47 = _a4 + 2;
								asm("lock bts [eax], ecx");
							}
							if(_v12 == 0) {
								_t31 =  *((intOrPtr*)(_t54 + 4));
								if( *_t31 != _t54) {
									goto L15;
								} else {
									 *_t59 = _t54;
									 *((intOrPtr*)(_t59 + 4)) = _t31;
									 *_t31 = _t59;
									 *((intOrPtr*)(_t54 + 4)) = _t59;
									goto L10;
								}
							} else {
								_t39 =  *_t54;
								if( *((intOrPtr*)(_t39 + 4)) != _t54) {
									L15:
									_t50 = 3;
									asm("int 0x29");
									asm("int3");
									asm("int3");
									asm("int3");
									asm("int3");
									asm("int3");
									asm("int3");
									asm("int3");
									asm("int3");
									asm("int3");
									asm("int3");
									_push(_t59);
									_t61 = 0xc0000225;
									if( *0x144b23c != 0) {
										_push(_t54);
										L0137FAD0(0x1448650);
										_t34 = E0139EC60(_t50, _v0,  *0x144b23c,  *0x144b240, 0x14, E0135A890);
										if(_t34 != 0) {
											_t50 =  *((intOrPtr*)(_t34 + 0x10));
											_t61 = 0;
											 *_a4 =  *((intOrPtr*)(_t34 + 0x10));
										}
										E0137FA00(_t45, _t50, 0x1448650, 0x1448650);
									}
									return _t61;
								} else {
									 *_t59 = _t39;
									 *((intOrPtr*)(_t59 + 4)) = _t54;
									 *((intOrPtr*)(_t39 + 4)) = _t59;
									 *_t54 = _t59;
									L10:
									E0136FFB0(_t45, _t54,  *_t45);
									E0138BDFC(_t45, _t47, _t52, _t54, _t59, 1);
									_pop(_t43);
									goto L11;
								}
							}
						}
					}
				}
			}


















                            0x01358466
                            0x01358466
                            0x0135846b
                            0x0135846c
                            0x0135846e
                            0x01358470
                            0x0135847a
                            0x0135854d
                            0x0135854d
                            0x00000000
                            0x01358480
                            0x01358480
                            0x01358483
                            0x01358484
                            0x01358489
                            0x01358490
                            0x013b31a5
                            0x00000000
                            0x013b31ab
                            0x00000000
                            0x013b31ab
                            0x01358496
                            0x01358496
                            0x01358496
                            0x01358498
                            0x013584a4
                            0x01358543
                            0x013584aa
                            0x013584b0
                            0x013584b0
                            0x013584be
                            0x013584c2
                            0x01358531
                            0x01358534
                            0x01358539
                            0x0135853c
                            0x01358540
                            0x013584c4
                            0x013584c6
                            0x013584d8
                            0x013584e1
                            0x013584e1
                            0x013584eb
                            0x013584f2
                            0x013584fd
                            0x01358503
                            0x01358503
                            0x0135850b
                            0x013b31b0
                            0x013b31b5
                            0x00000000
                            0x013b31bb
                            0x013b31bb
                            0x013b31bd
                            0x013b31c0
                            0x013b31c2
                            0x00000000
                            0x013b31c2
                            0x01358511
                            0x01358511
                            0x01358516
                            0x01358551
                            0x01358553
                            0x01358554
                            0x01358556
                            0x01358557
                            0x01358558
                            0x01358559
                            0x0135855a
                            0x0135855b
                            0x0135855c
                            0x0135855d
                            0x0135855e
                            0x0135855f
                            0x0135856c
                            0x0135856d
                            0x01358572
                            0x01358574
                            0x0135857b
                            0x01358596
                            0x013585a0
                            0x013585b0
                            0x013585b3
                            0x013585b8
                            0x013585b8
                            0x013585a3
                            0x013585a8
                            0x013585ad
                            0x01358518
                            0x01358518
                            0x0135851a
                            0x0135851d
                            0x01358520
                            0x01358522
                            0x01358524
                            0x0135852b
                            0x01358530
                            0x00000000
                            0x01358530
                            0x01358516
                            0x0135850b
                            0x013584c2
                            0x01358490

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: b58e8dc08b36889d397fa27f871de97c0c7fc5d123a66a8ab9ff553992bae098
                            • Instruction ID: 9f7b67653a9ba05c9cb0e8bef5bfd7d5d2981824c2b82d4ca5e28c77f7848ecf
                            • Opcode Fuzzy Hash: b58e8dc08b36889d397fa27f871de97c0c7fc5d123a66a8ab9ff553992bae098
                            • Instruction Fuzzy Hash: A931AF70541206EFC722AF2EC840F56FBF8EF50B5CF1088AAE9059B615E7B4D840CB90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 013D5623 Relevance: .1, Instructions: 99COMMON
                            Download Yara Rule
                            C-Code - Quality: 100%
                            			E013D5623(signed int __edx) {
				void* _t21;
				signed int _t22;
				void* _t23;
				signed int _t24;
				intOrPtr _t26;
				signed int _t27;
				signed char* _t39;
				signed int _t45;
				signed int _t51;
				signed int _t54;
				signed int _t63;

				_t51 = __edx;
				_t21 = E01377D50();
				_t45 = 0x7ffe0384;
				if(_t21 == 0) {
					_t22 = 0x7ffe0384;
				} else {
					_t22 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				}
				_t54 = 0x7ffe0385;
				if( *_t22 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
					if(E01377D50() == 0) {
						_t39 = 0x7ffe0385;
					} else {
						_t39 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t39 & 0x00000020) != 0) {
						_t51 = _t51 | 0xffffffff;
						_t63 = _t51;
						E013D7016(0x1480, _t51, 0xffffffff, 0xffffffff, 0, 0);
					}
				}
				_t23 = E01386900(_t63, 0x1445350);
				_t24 = E01377D50();
				if(_t23 == 0) {
					__eflags = _t24;
					if(_t24 != 0) {
						_t45 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						__eflags = _t45;
					}
					__eflags =  *_t45;
					if( *_t45 != 0) {
						_t26 =  *[fs:0x30];
						__eflags =  *(_t26 + 0x240) & 0x00000004;
						if(( *(_t26 + 0x240) & 0x00000004) != 0) {
							_t27 = E01377D50();
							__eflags = _t27;
							if(_t27 != 0) {
								_t54 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								__eflags = _t54;
							}
							__eflags =  *_t54 & 0x00000020;
							if(( *_t54 & 0x00000020) != 0) {
								__eflags = _t51 | 0xffffffff;
								E013D7016(0x1482, _t51 | 0xffffffff, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					__eflags = 0;
					return 0;
				}
				if(_t24 != 0) {
					_t45 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				}
				if( *_t45 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
					if(E01377D50() != 0) {
						_t54 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t54 & 0x00000020) != 0) {
						E013D7016(0x1481, _t51 | 0xffffffff, 0xffffffff, 0xffffffff, 0, 0);
					}
				}
				return 1;
			}














                            0x013d5623
                            0x013d5628
                            0x013d562d
                            0x013d5634
                            0x013d5646
                            0x013d5636
                            0x013d563f
                            0x013d563f
                            0x013d564b
                            0x013d5650
                            0x013d5668
                            0x013d567a
                            0x013d566a
                            0x013d5673
                            0x013d5673
                            0x013d567f
                            0x013d5689
                            0x013d5689
                            0x013d5691
                            0x013d5691
                            0x013d567f
                            0x013d569b
                            0x013d56a2
                            0x013d56a9
                            0x013d5708
                            0x013d570a
                            0x013d5715
                            0x013d5715
                            0x013d5715
                            0x013d571b
                            0x013d571e
                            0x013d5720
                            0x013d5726
                            0x013d572d
                            0x013d572f
                            0x013d5734
                            0x013d5736
                            0x013d5741
                            0x013d5741
                            0x013d5741
                            0x013d5747
                            0x013d574a
                            0x013d5754
                            0x013d575c
                            0x013d575c
                            0x013d574a
                            0x013d572d
                            0x013d5761
                            0x00000000
                            0x013d5761
                            0x013d56ad
                            0x013d56b8
                            0x013d56b8
                            0x013d56c1
                            0x013d56d9
                            0x013d56e4
                            0x013d56e4
                            0x013d56ed
                            0x013d56ff
                            0x013d56ff
                            0x013d56ed
                            0x00000000

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 54ad3dee464f47f8c642f543eb32a038435eb6019889a40cc0004e420a925939
                            • Instruction ID: 1859d214e27b733b31e84def155e9547d84156eedabb9a4900b04db5ab37cf27
                            • Opcode Fuzzy Hash: 54ad3dee464f47f8c642f543eb32a038435eb6019889a40cc0004e420a925939
                            • Instruction Fuzzy Hash: 2D3174736457819BF732976CED48F243BE4AB01B7CF2D03A0EA209B6E2DB68D401C611
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 013853C5 Relevance: .1, Instructions: 98COMMON
                            Download Yara Rule
                            C-Code - Quality: 96%
                            			E013853C5(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				signed int _t56;
				unsigned int _t58;
				char _t63;
				unsigned int _t72;
				signed int _t77;
				intOrPtr _t79;
				void* _t80;

				_push(0x18);
				_push(0x142ff80);
				E013AD08C(__ebx, __edi, __esi);
				_t79 = __ecx;
				 *((intOrPtr*)(_t80 - 0x28)) = __ecx;
				 *((char*)(_t80 - 0x1a)) = 0;
				 *((char*)(_t80 - 0x19)) = 0;
				 *((intOrPtr*)(_t80 - 0x20)) = 0;
				 *((intOrPtr*)(_t80 - 4)) = 0;
				if(( *(__ecx + 0x40) & 0x75010f61) != 0 || ( *(__ecx + 0x40) & 0x00000002) == 0 || ( *( *[fs:0x30] + 0x68) & 0x00000800) != 0) {
					_t47 = 0;
					_t63 = 1;
				} else {
					_t63 = 1;
					_t47 = 1;
				}
				if(_t47 == 0) {
					_t77 = 0xc000000d;
					goto L18;
				} else {
					E0136EEF0( *((intOrPtr*)(_t79 + 0xc8)));
					 *((char*)(_t80 - 0x19)) = _t63;
					if( *((char*)(_t79 + 0xda)) == 2) {
						_t47 =  *(_t79 + 0xd4);
					} else {
						_t47 = 0;
					}
					if(_t47 != 0) {
						_t77 = 0;
						goto L18;
					} else {
						if( *((intOrPtr*)(_t79 + 0xd8)) != 0) {
							_t77 = 0xc000001e;
							L18:
							 *((intOrPtr*)(_t80 - 0x20)) = _t77;
							L19:
							_t64 = 0xffff;
							L14:
							 *((intOrPtr*)(_t80 - 4)) = 0xfffffffe;
							E01385520(_t47, _t64, _t79);
							return E013AD0D1(_t77);
						}
						 *((short*)(_t79 + 0xd8)) = _t63;
						 *((char*)(_t80 - 0x1a)) = _t63;
						_t72 =  *0x1445cb4; // 0x4000
						_t69 = _t79;
						_t77 = E013855C8(_t79, (_t72 >> 3) + 2);
						 *((intOrPtr*)(_t80 - 0x20)) = _t77;
						if(_t77 < 0) {
							goto L19;
						}
						E01385539(_t79,  *((intOrPtr*)(_t79 + 0xb4)), _t69);
						 *(_t79 + 0xd4) =  *(_t79 + 0xd4) & 0x00000000;
						 *((char*)(_t79 + 0xda)) = 0;
						E0136EB70(_t79,  *((intOrPtr*)(_t79 + 0xc8)));
						 *((char*)(_t80 - 0x19)) = 0;
						_t71 = _t79;
						 *(_t80 - 0x24) = E01383C3E(_t79);
						E0136EEF0( *((intOrPtr*)(_t79 + 0xc8)));
						 *((char*)(_t80 - 0x19)) = _t63;
						_t56 =  *(_t80 - 0x24);
						if(_t56 == 0) {
							_t77 = 0xc0000017;
							 *((intOrPtr*)(_t80 - 0x20)) = 0xc0000017;
						} else {
							 *(_t79 + 0xd4) = _t56;
							 *((short*)(_t79 + 0xda)) = 0x202;
							if((E01384190() & 0x00010000) == 0) {
								_t58 =  *0x1445cb4; // 0x4000
								 *(_t79 + 0x6c) = _t58 >> 3;
							}
						}
						_t64 = 0xffff;
						 *((intOrPtr*)(_t79 + 0xd8)) =  *((intOrPtr*)(_t79 + 0xd8)) + 0xffff;
						 *((char*)(_t80 - 0x1a)) = 0;
						 *((char*)(_t80 - 0x19)) = 0;
						_t47 = E0136EB70(_t71,  *((intOrPtr*)(_t79 + 0xc8)));
						goto L14;
					}
				}
			}










                            0x013853c5
                            0x013853c7
                            0x013853cc
                            0x013853d1
                            0x013853d3
                            0x013853d8
                            0x013853db
                            0x013853de
                            0x013853e1
                            0x013853eb
                            0x013c70b0
                            0x013c70b4
                            0x0138540e
                            0x01385410
                            0x01385411
                            0x01385411
                            0x01385415
                            0x013c70ba
                            0x00000000
                            0x0138541b
                            0x01385421
                            0x01385426
                            0x01385432
                            0x013c70d3
                            0x01385438
                            0x01385438
                            0x01385438
                            0x0138543c
                            0x013c70de
                            0x00000000
                            0x01385442
                            0x01385449
                            0x013c70c1
                            0x013c70c6
                            0x013c70c6
                            0x013c70c9
                            0x013c70c9
                            0x0138550c
                            0x0138550c
                            0x01385513
                            0x0138551f
                            0x0138551f
                            0x0138544f
                            0x01385456
                            0x01385459
                            0x01385465
                            0x0138546c
                            0x0138546e
                            0x01385473
                            0x00000000
                            0x00000000
                            0x01385482
                            0x01385487
                            0x0138548e
                            0x0138549b
                            0x013854a0
                            0x013854a4
                            0x013854ab
                            0x013854b4
                            0x013854b9
                            0x013854bc
                            0x013854c1
                            0x013c70e2
                            0x013c70e7
                            0x013854c7
                            0x013854c7
                            0x013854cd
                            0x013854e0
                            0x013854e2
                            0x013854ea
                            0x013854ea
                            0x013854e0
                            0x013854ed
                            0x013854f2
                            0x013854f9
                            0x013854fd
                            0x01385507
                            0x00000000
                            0x01385507
                            0x0138543c

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: e612132be6b7aec86dc12f1147a3d07ca12192bac4bcdea9fad5e9344d33fa32
                            • Instruction ID: b700a1fd295f05dc239ec4e523ffb36ddd01f3b00e532c2c8a04690c03abcf91
                            • Opcode Fuzzy Hash: e612132be6b7aec86dc12f1147a3d07ca12192bac4bcdea9fad5e9344d33fa32
                            • Instruction Fuzzy Hash: 77410434A047558FDB21DFBC84103AFBAF2AF6170CF14452EC48AAB741DB755909CBA9
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0141A189 Relevance: .1, Instructions: 96COMMON
                            Download Yara Rule
                            C-Code - Quality: 85%
                            			E0141A189(signed int __ecx, signed char __edx) {
				char _v8;
				char _v12;
				intOrPtr _v16;
				intOrPtr* _v20;
				void* __ebx;
				void* __edi;
				intOrPtr _t29;
				intOrPtr* _t30;
				signed int* _t40;
				void* _t44;
				signed int _t50;
				intOrPtr* _t51;
				intOrPtr _t52;

				_v20 = __edx;
				_t50 = __ecx;
				if(__edx != 0) {
					E01372280(__edx, 0x1446220);
					_t42 = _t50;
					_t40 = E0141A166(_t50);
					if(_t40 != 0) {
						L15:
						E0136FFB0(_t40, _t50, 0x1446220);
						 *_v20 = _t40;
						return 0;
					}
					_t44 = E0141A166(_t42 ^ 0x00000100);
					if(_t44 != 0) {
						_v12 =  *((intOrPtr*)(_t44 + 4));
						_v8 =  *((intOrPtr*)(_t44 + 8));
						L7:
						_t51 = E01374620(_t44,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0x50);
						if(_t51 != 0) {
							_t10 = _t51 + 0xc; // 0xc
							_t40 = _t10;
							_t29 = E0140A708(_t50, _v12, _v8, _t40);
							_v16 = _t29;
							if(_t29 >= 0) {
								 *(_t51 + 8) = _t50;
								_t30 =  *0x14453d4; // 0x77e153d0
								if( *_t30 != 0x14453d0) {
									0x14453d0 = 3;
									asm("int 0x29");
								}
								 *_t51 = 0x14453d0;
								 *((intOrPtr*)(_t51 + 4)) = _t30;
								 *_t30 = _t51;
								 *0x14453d4 = _t51;
								goto L15;
							}
							L013777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t51);
							_t52 = _v16;
							L11:
							E0136FFB0(_t40, _t50, 0x1446220);
							return _t52;
						}
						_t52 = 0xc0000017;
						goto L11;
					}
					_push( &_v8);
					_push( &_v12);
					_push(_t44);
					_push(_t50 & 0xfffffeff);
					_push(0xc);
					_t52 = E0139A420();
					if(_t52 >= 0) {
						goto L7;
					}
					goto L11;
				}
				return 0xc00000f0;
			}
















                            0x0141a194
                            0x0141a199
                            0x0141a19d
                            0x0141a1ae
                            0x0141a1b3
                            0x0141a1ba
                            0x0141a1be
                            0x0141a27e
                            0x0141a283
                            0x0141a28b
                            0x00000000
                            0x0141a28d
                            0x0141a1cf
                            0x0141a1d3
                            0x0141a1f8
                            0x0141a1fe
                            0x0141a201
                            0x0141a213
                            0x0141a217
                            0x0141a223
                            0x0141a223
                            0x0141a22c
                            0x0141a231
                            0x0141a236
                            0x0141a25b
                            0x0141a263
                            0x0141a26a
                            0x0141a26e
                            0x0141a26f
                            0x0141a26f
                            0x0141a271
                            0x0141a273
                            0x0141a276
                            0x0141a278
                            0x00000000
                            0x0141a278
                            0x0141a245
                            0x0141a24a
                            0x0141a24d
                            0x0141a252
                            0x00000000
                            0x0141a257
                            0x0141a219
                            0x00000000
                            0x0141a219
                            0x0141a1d8
                            0x0141a1dc
                            0x0141a1dd
                            0x0141a1e5
                            0x0141a1e6
                            0x0141a1ed
                            0x0141a1f1
                            0x00000000
                            0x00000000
                            0x00000000
                            0x0141a1f3
                            0x00000000

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 9112697a94e6c394a6b2eda13deff4a76ac68e3e91bfa136472d96b4e5775aca
                            • Instruction ID: f0b4ad2acbdaae77099a76defc752028ba50bc848158844fbf1a732fc47f43ea
                            • Opcode Fuzzy Hash: 9112697a94e6c394a6b2eda13deff4a76ac68e3e91bfa136472d96b4e5775aca
                            • Instruction Fuzzy Hash: 73314731A01256EBDB22AF9DD840BAFBBF9EF55714F20006BE505EB364DAB0DD018790
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0138A70E Relevance: .1, Instructions: 96COMMON
                            Download Yara Rule
                            C-Code - Quality: 92%
                            			E0138A70E(intOrPtr* __ecx, char* __edx) {
				unsigned int _v8;
				intOrPtr* _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t16;
				intOrPtr _t17;
				intOrPtr _t28;
				char* _t33;
				intOrPtr _t37;
				intOrPtr _t38;
				void* _t50;
				intOrPtr _t52;

				_push(__ecx);
				_push(__ecx);
				_t52 =  *0x1447b10; // 0x0
				_t33 = __edx;
				_t48 = __ecx;
				_v12 = __ecx;
				if(_t52 == 0) {
					 *0x1447b10 = 8;
					 *0x1447b14 = 0x1447b0c;
					 *0x1447b18 = 1;
					L6:
					_t2 = _t52 + 1; // 0x1
					E0138A990(0x1447b10, _t2, 7);
					asm("bts ecx, eax");
					 *_t48 = _t52;
					 *_t33 = 1;
					L3:
					_t16 = 0;
					L4:
					return _t16;
				}
				_t17 = L0138A840(__edx, __ecx, __ecx, _t52, 0x1447b10, 1, 0);
				if(_t17 == 0xffffffff) {
					_t37 =  *0x1447b10; // 0x0
					_t3 = _t37 + 0x27; // 0x27
					__eflags = _t3 >> 5 -  *0x1447b18; // 0x0
					if(__eflags > 0) {
						_t38 =  *0x1447b9c; // 0x0
						_t4 = _t52 + 0x27; // 0x27
						_v8 = _t4 >> 5;
						_t50 = E01374620(_t38 + 0xc0000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0xc0000, _t4 >> 5 << 2);
						__eflags = _t50;
						if(_t50 == 0) {
							_t16 = 0xc0000017;
							goto L4;
						}
						 *0x1447b18 = _v8;
						_t8 = _t52 + 7; // 0x7
						E0139F3E0(_t50,  *0x1447b14, _t8 >> 3);
						_t28 =  *0x1447b14; // 0x0
						__eflags = _t28 - 0x1447b0c;
						if(_t28 != 0x1447b0c) {
							L013777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
						}
						_t9 = _t52 + 8; // 0x8
						 *0x1447b14 = _t50;
						_t48 = _v12;
						 *0x1447b10 = _t9;
						goto L6;
					}
					 *0x1447b10 = _t37 + 8;
					goto L6;
				}
				 *__ecx = _t17;
				 *_t33 = 0;
				goto L3;
			}
















                            0x0138a713
                            0x0138a714
                            0x0138a717
                            0x0138a71d
                            0x0138a720
                            0x0138a722
                            0x0138a727
                            0x0138a74a
                            0x0138a754
                            0x0138a75e
                            0x0138a768
                            0x0138a76a
                            0x0138a773
                            0x0138a78b
                            0x0138a790
                            0x0138a792
                            0x0138a741
                            0x0138a741
                            0x0138a743
                            0x0138a749
                            0x0138a749
                            0x0138a732
                            0x0138a73a
                            0x0138a797
                            0x0138a79d
                            0x0138a7a3
                            0x0138a7a9
                            0x0138a7b6
                            0x0138a7bc
                            0x0138a7ca
                            0x0138a7e0
                            0x0138a7e2
                            0x0138a7e4
                            0x013c9bf2
                            0x00000000
                            0x013c9bf2
                            0x0138a7ed
                            0x0138a7f2
                            0x0138a800
                            0x0138a805
                            0x0138a80d
                            0x0138a812
                            0x013c9c08
                            0x013c9c08
                            0x0138a818
                            0x0138a81b
                            0x0138a821
                            0x0138a824
                            0x00000000
                            0x0138a824
                            0x0138a7ae
                            0x00000000
                            0x0138a7ae
                            0x0138a73c
                            0x0138a73e
                            0x00000000

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 46f48f52abf7e986a18298862b17f0e79a1e42549a51e4fcc0249869a6951b23
                            • Instruction ID: 8f8f9c07ea595437c1db8fdd9e465fa0085377f7a86ded3cb0fbbd16f787c0b7
                            • Opcode Fuzzy Hash: 46f48f52abf7e986a18298862b17f0e79a1e42549a51e4fcc0249869a6951b23
                            • Instruction Fuzzy Hash: B231F3B9600685EFD721EF48DC80F257BF9FB8479EF14095AE205C7268D374AA02CB91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 013861A0 Relevance: .1, Instructions: 93COMMON
                            Download Yara Rule
                            C-Code - Quality: 97%
                            			E013861A0(signed int* __ecx) {
				intOrPtr _v8;
				char _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				intOrPtr _t30;
				intOrPtr _t31;
				void* _t32;
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t49;
				signed int _t51;
				intOrPtr _t52;
				signed int _t54;
				void* _t59;
				signed int* _t61;
				intOrPtr* _t64;

				_t61 = __ecx;
				_v12 = 0;
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
				_v16 = __ecx;
				_v8 = 0;
				if(_t30 == 0) {
					L6:
					_t31 = 0;
					L7:
					return _t31;
				}
				_t32 = _t30 + 0x5d8;
				if(_t32 == 0) {
					goto L6;
				}
				_t59 = _t32 + 0x30;
				if( *((intOrPtr*)(_t32 + 0x30)) == 0) {
					goto L6;
				}
				if(__ecx != 0) {
					 *((intOrPtr*)(__ecx)) = 0;
					 *((intOrPtr*)(__ecx + 4)) = 0;
				}
				if( *((intOrPtr*)(_t32 + 0xc)) != 0) {
					_t51 =  *(_t32 + 0x10);
					_t33 = _t32 + 0x10;
					_v20 = _t33;
					_t54 =  *(_t33 + 4);
					if((_t51 | _t54) == 0) {
						_t37 = E01385E50(0x13367cc, 0, 0,  &_v12);
						if(_t37 != 0) {
							goto L6;
						}
						_t52 = _v8;
						asm("lock cmpxchg8b [esi]");
						_t64 = _v16;
						_t49 = _t37;
						_v20 = 0;
						if(_t37 == 0) {
							if(_t64 != 0) {
								 *_t64 = _v12;
								 *((intOrPtr*)(_t64 + 4)) = _t52;
							}
							E01429D2E(_t59, 0, _v12, _v8,  *( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38) & 0x0000ffff,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x3c)));
							_t31 = 1;
							goto L7;
						}
						E0135F7C0(_t52, _v12, _t52, 0);
						if(_t64 != 0) {
							 *_t64 = _t49;
							 *((intOrPtr*)(_t64 + 4)) = _v20;
						}
						L12:
						_t31 = 1;
						goto L7;
					}
					if(_t61 != 0) {
						 *_t61 = _t51;
						_t61[1] = _t54;
					}
					goto L12;
				} else {
					goto L6;
				}
			}



















                            0x013861b3
                            0x013861b5
                            0x013861bd
                            0x013861c3
                            0x013861c7
                            0x013861d2
                            0x013861ff
                            0x013861ff
                            0x01386201
                            0x01386207
                            0x01386207
                            0x013861d4
                            0x013861d9
                            0x00000000
                            0x00000000
                            0x013861df
                            0x013861e2
                            0x00000000
                            0x00000000
                            0x013861e6
                            0x013861e8
                            0x013861ee
                            0x013861ee
                            0x013861f9
                            0x013c762f
                            0x013c7632
                            0x013c7635
                            0x013c7639
                            0x013c7640
                            0x013c766e
                            0x013c7675
                            0x00000000
                            0x00000000
                            0x013c7681
                            0x013c7689
                            0x013c768d
                            0x013c7691
                            0x013c7695
                            0x013c7699
                            0x013c76af
                            0x013c76b5
                            0x013c76b7
                            0x013c76b7
                            0x013c76d7
                            0x013c76dc
                            0x00000000
                            0x013c76dc
                            0x013c76a2
                            0x013c76a9
                            0x013c7651
                            0x013c7653
                            0x013c7653
                            0x013c7656
                            0x013c7656
                            0x00000000
                            0x013c7656
                            0x013c7644
                            0x013c7646
                            0x013c7648
                            0x013c7648
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 7273f42ea70ba4a891a14dbf8a878cecc54f1b2869fa88e9658ae4d9d0b2953c
                            • Instruction ID: ed7f0593bcfde4c660352b0dafcba6174c77a11873ba38068e9b160540b2638d
                            • Opcode Fuzzy Hash: 7273f42ea70ba4a891a14dbf8a878cecc54f1b2869fa88e9658ae4d9d0b2953c
                            • Instruction Fuzzy Hash: 66318DB16157018FE360DF1DC801B26BBE8FB88B18F05496DE9989B352E7B0EC04CB91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0138E730 Relevance: .1, Instructions: 89COMMON
                            Download Yara Rule
                            C-Code - Quality: 74%
                            			E0138E730(void* __edx, signed int _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr* _a40) {
				intOrPtr* _v0;
				signed char _v4;
				signed int _v8;
				void* __ecx;
				void* __ebp;
				void* _t37;
				intOrPtr _t38;
				signed int _t44;
				signed char _t52;
				void* _t54;
				intOrPtr* _t56;
				void* _t58;
				char* _t59;
				signed int _t62;

				_t58 = __edx;
				_push(0);
				_push(4);
				_push( &_v8);
				_push(0x24);
				_push(0xffffffff);
				if(E01399670() < 0) {
					E013ADF30(_t54, _t58, _t35);
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(_t54);
					_t52 = _v4;
					if(_t52 > 8) {
						_t37 = 0xc0000078;
					} else {
						_t38 =  *0x1447b9c; // 0x0
						_t62 = _t52 & 0x000000ff;
						_t59 = E01374620(8 + _t62 * 4,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0x140000, 8 + _t62 * 4);
						if(_t59 == 0) {
							_t37 = 0xc0000017;
						} else {
							_t56 = _v0;
							 *(_t59 + 1) = _t52;
							 *_t59 = 1;
							 *((intOrPtr*)(_t59 + 2)) =  *_t56;
							 *((short*)(_t59 + 6)) =  *((intOrPtr*)(_t56 + 4));
							_t44 = _t62 - 1;
							if(_t44 <= 7) {
								switch( *((intOrPtr*)(_t44 * 4 +  &M0138E810))) {
									case 0:
										L6:
										 *((intOrPtr*)(_t59 + 8)) = _a8;
										goto L7;
									case 1:
										L13:
										 *((intOrPtr*)(__edx + 0xc)) = _a12;
										goto L6;
									case 2:
										L12:
										 *((intOrPtr*)(__edx + 0x10)) = _a16;
										goto L13;
									case 3:
										L11:
										 *((intOrPtr*)(__edx + 0x14)) = _a20;
										goto L12;
									case 4:
										L10:
										 *((intOrPtr*)(__edx + 0x18)) = _a24;
										goto L11;
									case 5:
										L9:
										 *((intOrPtr*)(__edx + 0x1c)) = _a28;
										goto L10;
									case 6:
										L17:
										 *((intOrPtr*)(__edx + 0x20)) = _a32;
										goto L9;
									case 7:
										 *((intOrPtr*)(__edx + 0x24)) = _a36;
										goto L17;
								}
							}
							L7:
							 *_a40 = _t59;
							_t37 = 0;
						}
					}
					return _t37;
				} else {
					_push(0x20);
					asm("ror eax, cl");
					return _a4 ^ _v8;
				}
			}

















                            0x0138e730
                            0x0138e736
                            0x0138e738
                            0x0138e73d
                            0x0138e73e
                            0x0138e740
                            0x0138e749
                            0x0138e765
                            0x0138e76a
                            0x0138e76b
                            0x0138e76c
                            0x0138e76d
                            0x0138e76e
                            0x0138e76f
                            0x0138e775
                            0x0138e777
                            0x0138e77e
                            0x013cb675
                            0x0138e784
                            0x0138e784
                            0x0138e789
                            0x0138e7a8
                            0x0138e7ac
                            0x0138e807
                            0x0138e7ae
                            0x0138e7ae
                            0x0138e7b1
                            0x0138e7b4
                            0x0138e7b9
                            0x0138e7c0
                            0x0138e7c4
                            0x0138e7ca
                            0x0138e7cc
                            0x00000000
                            0x0138e7d3
                            0x0138e7d6
                            0x00000000
                            0x00000000
                            0x0138e7ff
                            0x0138e802
                            0x00000000
                            0x00000000
                            0x0138e7f9
                            0x0138e7fc
                            0x00000000
                            0x00000000
                            0x0138e7f3
                            0x0138e7f6
                            0x00000000
                            0x00000000
                            0x0138e7ed
                            0x0138e7f0
                            0x00000000
                            0x00000000
                            0x0138e7e7
                            0x0138e7ea
                            0x00000000
                            0x00000000
                            0x013cb685
                            0x013cb688
                            0x00000000
                            0x00000000
                            0x013cb682
                            0x00000000
                            0x00000000
                            0x0138e7cc
                            0x0138e7d9
                            0x0138e7dc
                            0x0138e7de
                            0x0138e7de
                            0x0138e7ac
                            0x0138e7e4
                            0x0138e74b
                            0x0138e751
                            0x0138e759
                            0x0138e761
                            0x0138e761

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 8f5c9db83320d7bce96d057b7b8e9f4eeee71c209cda12aae43b6b36eac00c7a
                            • Instruction ID: 98162a12d39b9f6ddb3b79c9c65e9df6d46c6aa13b287418828f621e46a12b1d
                            • Opcode Fuzzy Hash: 8f5c9db83320d7bce96d057b7b8e9f4eeee71c209cda12aae43b6b36eac00c7a
                            • Instruction Fuzzy Hash: E5318D75A14349EFD704DF58C841B9ABBE8FB09728F14826AF904CB741D631EC80CBA0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0138D715 Relevance: .1, Instructions: 89COMMON
                            Download Yara Rule
                            C-Code - Quality: 87%
                            			E0138D715(signed int __ecx, intOrPtr* __edx, char _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr* _a20, intOrPtr* _a24, signed int* _a28) {
				signed int _v8;
				char _v12;
				char _v16;
				signed int _v20;
				intOrPtr _v24;
				signed char* _t34;
				signed char* _t36;
				intOrPtr* _t52;
				signed int _t68;
				signed int _t70;
				void* _t71;

				_t70 = __ecx;
				_t52 = __edx;
				_v8 = __ecx;
				 *_a20 = 0;
				_v16 = 0;
				_v20 = 0;
				 *_a24 = 0;
				_v12 = 0;
				 *_a28 = 0;
				if(E01377D50() != 0) {
					_t34 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
				} else {
					_t34 = 0x7ffe0385;
				}
				if(( *_t34 & 0x00000001) != 0) {
					if(E01377D50() == 0) {
						_t36 = 0x7ffe0384;
					} else {
						_t36 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					E013E6715(_t52,  *_t36 & 0x000000ff);
				}
				_t71 = E0138D7CA(_t70, _t52, _a4,  &_v16,  &_v20,  &_v12);
				if(_t71 >= 0) {
					_t68 = _v20 | 0x00000001;
					if(E0136603D(_t68, _t52, _a12, _a8, _a16) == 0) {
						_push(_v20);
						_push(0xffffffff);
						E013997A0();
						_push(_v24);
						E013995D0();
						_t71 = 0xc00b0002;
					} else {
						 *_a20 = _v16;
						 *_a24 = _v12;
						 *_a28 = _t68;
					}
				}
				return _t71;
			}














                            0x0138d725
                            0x0138d727
                            0x0138d72b
                            0x0138d72f
                            0x0138d735
                            0x0138d739
                            0x0138d73d
                            0x0138d742
                            0x0138d746
                            0x0138d74f
                            0x013cb12b
                            0x0138d755
                            0x0138d755
                            0x0138d755
                            0x0138d75d
                            0x013cb13c
                            0x013cb14e
                            0x013cb13e
                            0x013cb147
                            0x013cb147
                            0x013cb158
                            0x013cb158
                            0x0138d77e
                            0x0138d782
                            0x0138d792
                            0x0138d7a2
                            0x013cb162
                            0x013cb166
                            0x013cb168
                            0x013cb16d
                            0x013cb171
                            0x013cb176
                            0x0138d7a8
                            0x0138d7af
                            0x0138d7b8
                            0x0138d7bd
                            0x0138d7bd
                            0x0138d7a2
                            0x0138d7c7

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 446c9dedb9c1a9153563e5c51f0489f9a265362357ab40cd9362941a3b1148d9
                            • Instruction ID: 6ce1f8329f316d84e8ce4e650cfae3ff681702ed8b2c2a5fbbd3bd00d75f6d99
                            • Opcode Fuzzy Hash: 446c9dedb9c1a9153563e5c51f0489f9a265362357ab40cd9362941a3b1148d9
                            • Instruction Fuzzy Hash: 10316DB260834A8FCB11EF58D841A5ABBE9EF98758F040569F855973A1D631DC04CBA2
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 01359100 Relevance: .1, Instructions: 87COMMON
                            Download Yara Rule
                            C-Code - Quality: 76%
                            			E01359100(signed int __ebx, void* __ecx, void* __edi, signed int __esi, void* __eflags) {
				signed int _t53;
				signed int _t56;
				signed int* _t60;
				signed int _t63;
				signed int _t66;
				signed int _t69;
				void* _t70;
				intOrPtr* _t72;
				void* _t78;
				void* _t79;
				signed int _t80;
				intOrPtr _t82;
				void* _t85;
				void* _t88;
				void* _t89;

				_t84 = __esi;
				_t70 = __ecx;
				_t68 = __ebx;
				_push(0x2c);
				_push(0x142f6e8);
				E013AD0E8(__ebx, __edi, __esi);
				 *((char*)(_t85 - 0x1d)) = 0;
				_t82 =  *((intOrPtr*)(_t85 + 8));
				if(_t82 == 0) {
					L4:
					if( *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) == 0) {
						E014288F5(_t68, _t70, _t78, _t82, _t84, __eflags);
					}
					L5:
					return E013AD130(_t68, _t82, _t84);
				}
				_t88 = _t82 -  *0x14486c0; // 0xe207b0
				if(_t88 == 0) {
					goto L4;
				}
				_t89 = _t82 -  *0x14486b8; // 0x0
				if(_t89 == 0 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L4;
				} else {
					E01372280(_t82 + 0xe0, _t82 + 0xe0);
					 *(_t85 - 4) =  *(_t85 - 4) & 0x00000000;
					__eflags =  *((char*)(_t82 + 0xe5));
					if(__eflags != 0) {
						E014288F5(__ebx, _t70, _t78, _t82, __esi, __eflags);
						goto L12;
					} else {
						__eflags =  *((char*)(_t82 + 0xe4));
						if( *((char*)(_t82 + 0xe4)) == 0) {
							 *((char*)(_t82 + 0xe4)) = 1;
							_push(_t82);
							_push( *((intOrPtr*)(_t82 + 0x24)));
							E0139AFD0();
						}
						while(1) {
							_t60 = _t82 + 8;
							 *(_t85 - 0x2c) = _t60;
							_t68 =  *_t60;
							_t80 = _t60[1];
							 *(_t85 - 0x28) = _t68;
							 *(_t85 - 0x24) = _t80;
							while(1) {
								L10:
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t84 = _t68;
								 *(_t85 - 0x30) = _t80;
								 *(_t85 - 0x24) = _t80 - 1;
								asm("lock cmpxchg8b [edi]");
								_t68 = _t84;
								 *(_t85 - 0x28) = _t68;
								 *(_t85 - 0x24) = _t80;
								__eflags = _t68 - _t84;
								_t82 =  *((intOrPtr*)(_t85 + 8));
								if(_t68 != _t84) {
									continue;
								}
								__eflags = _t80 -  *(_t85 - 0x30);
								if(_t80 !=  *(_t85 - 0x30)) {
									continue;
								}
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t63 = 0;
								 *(_t85 - 0x34) = 0;
								_t84 = 0;
								__eflags = 0;
								while(1) {
									 *(_t85 - 0x3c) = _t84;
									__eflags = _t84 - 3;
									if(_t84 >= 3) {
										break;
									}
									__eflags = _t63;
									if(_t63 != 0) {
										L40:
										_t84 =  *_t63;
										__eflags = _t84;
										if(_t84 != 0) {
											_t84 =  *(_t84 + 4);
											__eflags = _t84;
											if(_t84 != 0) {
												 *0x144b1e0(_t63, _t82);
												 *_t84();
											}
										}
										do {
											_t60 = _t82 + 8;
											 *(_t85 - 0x2c) = _t60;
											_t68 =  *_t60;
											_t80 = _t60[1];
											 *(_t85 - 0x28) = _t68;
											 *(_t85 - 0x24) = _t80;
											goto L10;
										} while (_t63 == 0);
										goto L40;
									}
									_t69 = 0;
									__eflags = 0;
									while(1) {
										 *(_t85 - 0x38) = _t69;
										__eflags = _t69 -  *0x14484c0;
										if(_t69 >=  *0x14484c0) {
											break;
										}
										__eflags = _t63;
										if(_t63 != 0) {
											break;
										}
										_t66 = E01429063(_t69 * 0xc +  *((intOrPtr*)(_t82 + 0x10 + _t84 * 4)), _t80, _t82);
										__eflags = _t66;
										if(_t66 == 0) {
											_t63 = 0;
											__eflags = 0;
										} else {
											_t63 = _t66 + 0xfffffff4;
										}
										 *(_t85 - 0x34) = _t63;
										_t69 = _t69 + 1;
									}
									_t84 = _t84 + 1;
								}
								__eflags = _t63;
							}
							 *((intOrPtr*)(_t82 + 0xf4)) =  *((intOrPtr*)(_t85 + 4));
							 *((char*)(_t82 + 0xe5)) = 1;
							 *((char*)(_t85 - 0x1d)) = 1;
							L12:
							 *(_t85 - 4) = 0xfffffffe;
							E0135922A(_t82);
							_t53 = E01377D50();
							__eflags = _t53;
							if(_t53 != 0) {
								_t56 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
							} else {
								_t56 = 0x7ffe0386;
							}
							__eflags =  *_t56;
							if( *_t56 != 0) {
								_t56 = E01428B58(_t82);
							}
							__eflags =  *((char*)(_t85 - 0x1d));
							if( *((char*)(_t85 - 0x1d)) != 0) {
								__eflags = _t82 -  *0x14486c0; // 0xe207b0
								if(__eflags != 0) {
									__eflags = _t82 -  *0x14486b8; // 0x0
									if(__eflags == 0) {
										_t79 = 0x14486bc;
										_t72 = 0x14486b8;
										goto L18;
									}
									__eflags = _t56 | 0xffffffff;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										E01359240(_t68, _t82, _t82, _t84, __eflags);
									}
								} else {
									_t79 = 0x14486c4;
									_t72 = 0x14486c0;
									L18:
									E01389B82(_t68, _t72, _t79, _t82, _t84, __eflags);
								}
							}
							goto L5;
						}
					}
				}
			}


















                            0x01359100
                            0x01359100
                            0x01359100
                            0x01359100
                            0x01359102
                            0x01359107
                            0x0135910c
                            0x01359110
                            0x01359115
                            0x01359136
                            0x01359143
                            0x013b37e4
                            0x013b37e4
                            0x01359149
                            0x0135914e
                            0x0135914e
                            0x01359117
                            0x0135911d
                            0x00000000
                            0x00000000
                            0x0135911f
                            0x01359125
                            0x00000000
                            0x01359151
                            0x01359158
                            0x0135915d
                            0x01359161
                            0x01359168
                            0x013b3715
                            0x00000000
                            0x0135916e
                            0x0135916e
                            0x01359175
                            0x01359177
                            0x0135917e
                            0x0135917f
                            0x01359182
                            0x01359182
                            0x01359187
                            0x01359187
                            0x0135918a
                            0x0135918d
                            0x0135918f
                            0x01359192
                            0x01359195
                            0x01359198
                            0x01359198
                            0x01359198
                            0x0135919a
                            0x00000000
                            0x00000000
                            0x013b371f
                            0x013b3721
                            0x013b3727
                            0x013b372f
                            0x013b3733
                            0x013b3735
                            0x013b3738
                            0x013b373b
                            0x013b373d
                            0x013b3740
                            0x00000000
                            0x00000000
                            0x013b3746
                            0x013b3749
                            0x00000000
                            0x00000000
                            0x013b374f
                            0x013b3751
                            0x00000000
                            0x00000000
                            0x013b3757
                            0x013b3759
                            0x013b375c
                            0x013b375c
                            0x013b375e
                            0x013b375e
                            0x013b3761
                            0x013b3764
                            0x00000000
                            0x00000000
                            0x013b3766
                            0x013b3768
                            0x013b37a3
                            0x013b37a3
                            0x013b37a5
                            0x013b37a7
                            0x013b37ad
                            0x013b37b0
                            0x013b37b2
                            0x013b37bc
                            0x013b37c2
                            0x013b37c2
                            0x013b37b2
                            0x01359187
                            0x01359187
                            0x0135918a
                            0x0135918d
                            0x0135918f
                            0x01359192
                            0x01359195
                            0x00000000
                            0x01359195
                            0x00000000
                            0x01359187
                            0x013b376a
                            0x013b376a
                            0x013b376c
                            0x013b376c
                            0x013b376f
                            0x013b3775
                            0x00000000
                            0x00000000
                            0x013b3777
                            0x013b3779
                            0x00000000
                            0x00000000
                            0x013b3782
                            0x013b3787
                            0x013b3789
                            0x013b3790
                            0x013b3790
                            0x013b378b
                            0x013b378b
                            0x013b378b
                            0x013b3792
                            0x013b3795
                            0x013b3795
                            0x013b3798
                            0x013b3798
                            0x013b379b
                            0x013b379b
                            0x013591a3
                            0x013591a9
                            0x013591b0
                            0x013591b4
                            0x013591b4
                            0x013591bb
                            0x013591c0
                            0x013591c5
                            0x013591c7
                            0x013b37da
                            0x013591cd
                            0x013591cd
                            0x013591cd
                            0x013591d2
                            0x013591d5
                            0x01359239
                            0x01359239
                            0x013591d7
                            0x013591db
                            0x013591e1
                            0x013591e7
                            0x013591fd
                            0x01359203
                            0x0135921e
                            0x01359223
                            0x00000000
                            0x01359223
                            0x01359205
                            0x01359208
                            0x0135920c
                            0x01359214
                            0x01359214
                            0x013591e9
                            0x013591e9
                            0x013591ee
                            0x013591f3
                            0x013591f3
                            0x013591f3
                            0x013591e7
                            0x00000000
                            0x013591db
                            0x01359187
                            0x01359168

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 5a7714eaa821b46cf498cc592c4616c18386d9a8c8df91928b1b3ab84be0c945
                            • Instruction ID: f25952f5005036209cad0680ade03ce1d99804d5dfea79a55902bb1eef96eac7
                            • Opcode Fuzzy Hash: 5a7714eaa821b46cf498cc592c4616c18386d9a8c8df91928b1b3ab84be0c945
                            • Instruction Fuzzy Hash: BD312B75A00266DFDBA1DFACC088FACBBF1BB5875CF18814EC90967251C334AA80CB51
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0138F527 Relevance: .1, Instructions: 87COMMON
                            Download Yara Rule
                            C-Code - Quality: 80%
                            			E0138F527(void* __ecx, void* __edx, signed int* _a4) {
				char _v8;
				signed int _v12;
				void* __ebx;
				signed int _t28;
				signed int _t32;
				signed int _t34;
				signed char* _t37;
				intOrPtr _t38;
				intOrPtr* _t50;
				signed int _t53;
				void* _t69;

				_push(__ecx);
				_push(__ecx);
				_t69 = __ecx;
				_t53 =  *(__ecx + 0x10);
				_t50 = __ecx + 0x14;
				_t28 = _t53 + __edx;
				_v12 = _t28;
				if(_t28 >  *_t50) {
					_v8 = _t28 -  *_t50;
					_push(E01380678( *((intOrPtr*)(__ecx + 0xc)), 1));
					_push(0x1000);
					_push( &_v8);
					_push(0);
					_push(_t50);
					_push(0xffffffff);
					_t32 = E01399660();
					__eflags = _t32;
					if(_t32 < 0) {
						 *_a4 =  *_a4 & 0x00000000;
						L2:
						return _t32;
					}
					 *((intOrPtr*)( *((intOrPtr*)(_t69 + 0xc)) + 0x1e8)) =  *((intOrPtr*)( *((intOrPtr*)(_t69 + 0xc)) + 0x1e8)) + _v8;
					_t34 = E01377D50();
					_t66 = 0x7ffe0380;
					__eflags = _t34;
					if(_t34 != 0) {
						_t37 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					} else {
						_t37 = 0x7ffe0380;
					}
					__eflags =  *_t37;
					if( *_t37 != 0) {
						_t38 =  *[fs:0x30];
						__eflags =  *(_t38 + 0x240) & 0x00000001;
						if(( *(_t38 + 0x240) & 0x00000001) == 0) {
							goto L7;
						}
						__eflags = E01377D50();
						if(__eflags != 0) {
							_t66 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
						}
						E01411582(_t50,  *((intOrPtr*)(_t69 + 0xc)),  *_t50, __eflags, _v8,  *( *((intOrPtr*)(_t69 + 0xc)) + 0x74) << 3,  *_t66 & 0x000000ff);
						E0141138A(_t50,  *((intOrPtr*)(_t69 + 0xc)),  *_t50, _v8, 9);
						goto L7;
					} else {
						L7:
						 *_t50 =  *_t50 + _v8;
						_t53 =  *(_t69 + 0x10);
						goto L1;
					}
				}
				L1:
				 *_a4 = _t53;
				 *(_t69 + 0x10) = _v12;
				_t32 = 0;
				goto L2;
			}














                            0x0138f52c
                            0x0138f52d
                            0x0138f530
                            0x0138f533
                            0x0138f536
                            0x0138f539
                            0x0138f53c
                            0x0138f541
                            0x0138f561
                            0x0138f569
                            0x0138f56a
                            0x0138f572
                            0x0138f573
                            0x0138f575
                            0x0138f576
                            0x0138f578
                            0x0138f57d
                            0x0138f57f
                            0x0138f5b7
                            0x0138f550
                            0x0138f556
                            0x0138f556
                            0x0138f587
                            0x0138f58d
                            0x0138f592
                            0x0138f597
                            0x0138f599
                            0x013cbcc9
                            0x0138f59f
                            0x0138f59f
                            0x0138f59f
                            0x0138f5a1
                            0x0138f5a4
                            0x013cbcd3
                            0x013cbcd9
                            0x013cbce0
                            0x00000000
                            0x00000000
                            0x013cbceb
                            0x013cbced
                            0x013cbcf8
                            0x013cbcf8
                            0x013cbcf8
                            0x013cbd11
                            0x013cbd20
                            0x00000000
                            0x0138f5aa
                            0x0138f5aa
                            0x0138f5ad
                            0x0138f5af
                            0x00000000
                            0x0138f5af
                            0x0138f5a4
                            0x0138f543
                            0x0138f546
                            0x0138f54b
                            0x0138f54e
                            0x00000000

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: a1964674c32ee0b8d0769a9c26bb8bd53e50b50cf439c01f9c98bc06a8389b4f
                            • Instruction ID: c9e1735d6357a2b84ef1e788cf38fd7cfde4692bc13eacef94f719ebbd1fbb2d
                            • Opcode Fuzzy Hash: a1964674c32ee0b8d0769a9c26bb8bd53e50b50cf439c01f9c98bc06a8389b4f
                            • Instruction Fuzzy Hash: 9D319A31600648EFDB21DF68C884F6AB7BCEF44398F2045A9E9158B694E730EE01CB60
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0135B233 Relevance: .1, Instructions: 85COMMON
                            Download Yara Rule
                            C-Code - Quality: 71%
                            			E0135B233(intOrPtr __ecx, signed int __edx) {
				intOrPtr _v8;
				signed int _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t18;
				intOrPtr _t19;
				void* _t24;
				intOrPtr* _t30;
				intOrPtr* _t34;
				intOrPtr* _t48;

				_t43 = __edx;
				_push(__ecx);
				_push(__ecx);
				_v8 = __ecx;
				_t45 = __edx * 0xc;
				_v12 = __edx;
				_t34 = 0x144b330 + __edx * 0xc;
				E01372280(__edx,  *((intOrPtr*)(0x144b32c + __edx * 0xc)));
				_t48 =  *_t34;
				if(_t48 == _t34) {
					L18:
					E0136FFB0(_t34, _t45,  *((intOrPtr*)(_t45 + 0x144b32c)));
					_t18 = 0;
				} else {
					_t19 = _v8;
					while(_t48 != _t19) {
						_t48 =  *_t48;
						if(_t48 != _t34) {
							continue;
						} else {
							goto L18;
						}
						goto L14;
					}
					E01395DBF(_t34, 0, _t43, _t45);
					_t6 = _t48 + 8;
					 *_t6 =  *((intOrPtr*)(_t48 + 8)) - 1;
					if( *_t6 != 0) {
						_t39 = 1;
						E01395DBF(_t34, 1, _t43, _t45);
						_t34 = 0;
						goto L9;
					} else {
						E0138BDFC(_t34, 0, _t43, _t45, _t48, 0);
						_t39 =  *_t48;
						_t30 =  *((intOrPtr*)(_t48 + 4));
						if( *((intOrPtr*)(_t39 + 4)) != _t48 ||  *_t30 != _t48) {
							_t39 = 3;
							asm("int 0x29");
							goto L16;
						} else {
							 *_t30 = _t39;
							 *((intOrPtr*)(_t39 + 4)) = _t30;
							if(_t30 == _t39) {
								_t39 = _v12 + 2;
								asm("lock btr [eax], ecx");
							}
							_t34 = _t48;
							L9:
							E0136FFB0(_t34, _t45,  *((intOrPtr*)(_t45 + 0x144b32c)));
							if(_t34 != 0) {
								_t24 = E013693A0();
								_push(_t48);
								_push(0);
								if(_t24 != 0) {
									L16:
									_push( *0x144b21c);
								} else {
									_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
								}
								L013777F0();
								E0138BDFC(_t34, _t39, _t43, _t45, _t48, 1);
								E01395DBF(_t34, 1, _t43, _t45);
							}
						}
					}
					_t18 = 1;
				}
				L14:
				return _t18;
			}














                            0x0135b233
                            0x0135b238
                            0x0135b239
                            0x0135b23e
                            0x0135b242
                            0x0135b245
                            0x0135b24e
                            0x0135b254
                            0x0135b259
                            0x0135b25d
                            0x013b4a7f
                            0x013b4a85
                            0x013b4a8a
                            0x0135b263
                            0x0135b263
                            0x0135b266
                            0x013b4a75
                            0x013b4a79
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x013b4a79
                            0x0135b270
                            0x0135b275
                            0x0135b275
                            0x0135b279
                            0x013b4a93
                            0x013b4a94
                            0x013b4a99
                            0x00000000
                            0x0135b27f
                            0x0135b281
                            0x0135b286
                            0x0135b288
                            0x0135b28e
                            0x0135b2f6
                            0x0135b2f7
                            0x00000000
                            0x0135b294
                            0x0135b294
                            0x0135b296
                            0x0135b29b
                            0x0135b2a6
                            0x0135b2ac
                            0x0135b2ac
                            0x0135b2b0
                            0x0135b2b2
                            0x0135b2b8
                            0x0135b2bf
                            0x0135b2c1
                            0x0135b2c6
                            0x0135b2c7
                            0x0135b2cb
                            0x0135b2f9
                            0x0135b2f9
                            0x0135b2cd
                            0x0135b2d3
                            0x0135b2d3
                            0x0135b2d6
                            0x0135b2dd
                            0x0135b2e5
                            0x0135b2e5
                            0x0135b2bf
                            0x0135b28e
                            0x0135b2ec
                            0x0135b2ec
                            0x0135b2ed
                            0x0135b2f3

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: b147fccb2fcb88b9b2263eac7edad1c476a4f49fa68cc3cb50b28be6a0877c4f
                            • Instruction ID: 51915717c7b0a5d2569205c2ee1d5896b2254e83ef93fa01986d542f2b84f31a
                            • Opcode Fuzzy Hash: b147fccb2fcb88b9b2263eac7edad1c476a4f49fa68cc3cb50b28be6a0877c4f
                            • Instruction Fuzzy Hash: 23210B31640203AFDB766F6DC981A7DF7AAEF0568CF004079EA1587215D771DC51C794
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0142F1B5 Relevance: .1, Instructions: 78COMMON
                            Download Yara Rule
                            C-Code - Quality: 68%
                            			E0142F1B5(intOrPtr __ecx, intOrPtr __edx, intOrPtr* _a4, void* _a8, intOrPtr* _a12) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				signed int _t26;
				intOrPtr* _t32;
				intOrPtr* _t34;
				void* _t36;
				void* _t38;
				void* _t39;

				_v8 = _v8 & 0x00000000;
				_t32 = _a12;
				_v12 = __edx;
				_v16 = __ecx;
				if(_t32 != 0) {
					_t38 =  *_t32 + 0xc;
					_t36 = E01374620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t38);
					if(_t36 != 0) {
						_t39 =  *0x1336cd4(_v16, _v12, 2, _t36, _t38,  &_v8);
						if(_t39 < 0) {
							L12:
							if(_t39 == 0x80000005 || _t39 == 0xc0000023) {
								L14:
								_t39 = 0xc0000023;
								 *_t32 =  *((intOrPtr*)(_t36 + 8));
								goto L15;
							} else {
								L15:
								L013777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t36);
								return _t39;
							}
						}
						_t26 =  *((intOrPtr*)(_t36 + 8));
						if(_t26 != 0) {
							if(_t26 >  *_t32) {
								goto L14;
							}
							 *_t32 = _t26;
							if(_a8 != 0) {
								_t12 = _t36 + 0xc; // 0xc
								E0139F3E0(_a8, _t12, _t26);
							}
							_t34 = _a4;
							if(_t34 != 0) {
								 *_t34 =  *((intOrPtr*)(_t36 + 4));
							}
							goto L12;
						}
						_t39 = 0xc000000d;
						goto L15;
					}
					return 0xc000009a;
				}
				return 0xc000000d;
			}












                            0x0142f1bd
                            0x0142f1c2
                            0x0142f1c5
                            0x0142f1c8
                            0x0142f1cf
                            0x0142f1e3
                            0x0142f1f1
                            0x0142f1f5
                            0x0142f212
                            0x0142f216
                            0x0142f24e
                            0x0142f254
                            0x0142f25e
                            0x0142f261
                            0x0142f266
                            0x00000000
                            0x0142f268
                            0x0142f268
                            0x0142f274
                            0x00000000
                            0x0142f279
                            0x0142f254
                            0x0142f218
                            0x0142f21d
                            0x0142f228
                            0x00000000
                            0x00000000
                            0x0142f22e
                            0x0142f230
                            0x0142f233
                            0x0142f23a
                            0x0142f23f
                            0x0142f242
                            0x0142f247
                            0x0142f24c
                            0x0142f24c
                            0x00000000
                            0x0142f247
                            0x0142f21f
                            0x00000000
                            0x0142f21f
                            0x00000000
                            0x0142f1f7
                            0x00000000

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: c91e9a2f246ff03a821b0e94933f4bc7ff942471c1906c23463b1014f01ea194
                            • Instruction ID: 5a9f6a524b34160c94a365aa085c0cb0fa7bcbb2e79bbc34470f68c51a09ce3d
                            • Opcode Fuzzy Hash: c91e9a2f246ff03a821b0e94933f4bc7ff942471c1906c23463b1014f01ea194
                            • Instruction Fuzzy Hash: D821D676900525EFDB219F49C884F5BBB74FF47750F814066E90497320D735AD88CBA0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 013990AF Relevance: .1, Instructions: 76COMMON
                            Download Yara Rule
                            C-Code - Quality: 82%
                            			E013990AF(intOrPtr __ecx, void* __edx, intOrPtr* _a4) {
				intOrPtr* _v0;
				void* _v8;
				signed int _v12;
				intOrPtr _v16;
				char _v36;
				void* _t38;
				intOrPtr _t41;
				void* _t44;
				signed int _t45;
				intOrPtr* _t49;
				signed int _t57;
				signed int _t58;
				intOrPtr* _t59;
				void* _t62;
				void* _t63;
				void* _t65;
				void* _t66;
				signed int _t69;
				intOrPtr* _t70;
				void* _t71;
				intOrPtr* _t72;
				intOrPtr* _t73;
				char _t74;

				_t65 = __edx;
				_t57 = _a4;
				_t32 = __ecx;
				_v8 = __edx;
				_t3 = _t32 + 0x14c; // 0x14c
				_t70 = _t3;
				_v16 = __ecx;
				_t72 =  *_t70;
				while(_t72 != _t70) {
					if( *((intOrPtr*)(_t72 + 0xc)) != _t57) {
						L24:
						_t72 =  *_t72;
						continue;
					}
					_t30 = _t72 + 0x10; // 0x10
					if(E013AD4F0(_t30, _t65, _t57) == _t57) {
						return 0xb7;
					}
					_t65 = _v8;
					goto L24;
				}
				_t61 = _t57;
				_push( &_v12);
				_t66 = 0x10;
				if(E0138E5E0(_t57, _t66) < 0) {
					return 0x216;
				}
				_t73 = E01374620(_t61,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v12);
				if(_t73 == 0) {
					_t38 = 0xe;
					return _t38;
				}
				_t9 = _t73 + 0x10; // 0x10
				 *((intOrPtr*)(_t73 + 0xc)) = _t57;
				E0139F3E0(_t9, _v8, _t57);
				_t41 =  *_t70;
				if( *((intOrPtr*)(_t41 + 4)) != _t70) {
					_t62 = 3;
					asm("int 0x29");
					_push(_t62);
					_push(_t57);
					_push(_t73);
					_push(_t70);
					_t71 = _t62;
					_t74 = 0;
					_v36 = 0;
					_t63 = E0138A2F0(_t62, _t71, 1, 6,  &_v36);
					if(_t63 == 0) {
						L20:
						_t44 = 0x57;
						return _t44;
					}
					_t45 = _v12;
					_t58 = 0x1c;
					if(_t45 < _t58) {
						goto L20;
					}
					_t69 = _t45 / _t58;
					if(_t69 == 0) {
						L19:
						return 0xe8;
					}
					_t59 = _v0;
					do {
						if( *((intOrPtr*)(_t63 + 0xc)) != 2) {
							goto L18;
						}
						_t49 =  *((intOrPtr*)(_t63 + 0x14)) + _t71;
						 *_t59 = _t49;
						if( *_t49 != 0x53445352) {
							goto L18;
						}
						 *_a4 =  *((intOrPtr*)(_t63 + 0x10));
						return 0;
						L18:
						_t63 = _t63 + 0x1c;
						_t74 = _t74 + 1;
					} while (_t74 < _t69);
					goto L19;
				}
				 *_t73 = _t41;
				 *((intOrPtr*)(_t73 + 4)) = _t70;
				 *((intOrPtr*)(_t41 + 4)) = _t73;
				 *_t70 = _t73;
				 *(_v16 + 0xdc) =  *(_v16 + 0xdc) | 0x00000010;
				return 0;
			}


























                            0x013990af
                            0x013990b8
                            0x013990bb
                            0x013990bf
                            0x013990c2
                            0x013990c2
                            0x013990c8
                            0x013990cb
                            0x013990cd
                            0x013d14d7
                            0x013d14eb
                            0x013d14eb
                            0x00000000
                            0x013d14eb
                            0x013d14db
                            0x013d14e6
                            0x00000000
                            0x013d14f2
                            0x013d14e8
                            0x00000000
                            0x013d14e8
                            0x013990d8
                            0x013990da
                            0x013990dd
                            0x013990e5
                            0x00000000
                            0x01399139
                            0x013990fa
                            0x013990fe
                            0x01399142
                            0x00000000
                            0x01399142
                            0x01399104
                            0x01399107
                            0x0139910b
                            0x01399110
                            0x01399118
                            0x01399147
                            0x01399148
                            0x0139914f
                            0x01399150
                            0x01399151
                            0x01399152
                            0x01399156
                            0x0139915d
                            0x01399160
                            0x01399168
                            0x0139916c
                            0x013991bc
                            0x013991be
                            0x00000000
                            0x013991be
                            0x0139916e
                            0x01399173
                            0x01399176
                            0x00000000
                            0x00000000
                            0x0139917c
                            0x01399180
                            0x013991b5
                            0x00000000
                            0x013991b5
                            0x01399182
                            0x01399185
                            0x01399189
                            0x00000000
                            0x00000000
                            0x0139918e
                            0x01399190
                            0x01399198
                            0x00000000
                            0x00000000
                            0x013991a0
                            0x00000000
                            0x013991ad
                            0x013991ad
                            0x013991b0
                            0x013991b1
                            0x00000000
                            0x01399185
                            0x0139911a
                            0x0139911c
                            0x0139911f
                            0x01399125
                            0x01399127
                            0x00000000

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                            • Instruction ID: ca88bcf408e7a059247d231d38ebfb28e015ad3e0de550271f385ff27af3793e
                            • Opcode Fuzzy Hash: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                            • Instruction Fuzzy Hash: DC2180B1A00209EFDB21DF59C844AAAFBF8EB58318F14886EE945A7610D330ED00CB90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 013E6652 Relevance: .1, Instructions: 74COMMON
                            Download Yara Rule
                            C-Code - Quality: 84%
                            			E013E6652(void* __ecx, void* __edx) {
				signed char _t23;
				void* _t35;
				signed int _t37;
				void* _t42;

				_t39 = __ecx;
				_push(__ecx);
				_t42 = __ecx;
				_t35 = __edx;
				if(__ecx != 0) {
					_t23 =  *0x1446db0; // 0x0
					_t45 = 0xc0000001;
					if(_t23 != 0) {
						if((_t23 & 0x00000001) != 0 &&  *(__ecx + 0x14) != 0) {
							_push( *(__ecx + 0x14));
							E013995D0();
							 *(__ecx + 0x14) =  *(__ecx + 0x14) & 0x00000000;
							_t45 = 0;
							_t23 =  *0x1446db0; // 0x0
						}
						if((_t23 & 0x00000006) != 0) {
							if( *(_t42 + 0x10) == 0 ||  *(_t42 + 0x10) == 0xffffffff || (_t23 & 0x00000004) != 0 || (_t23 & 0x00000002) == 0 || _t35 == 0) {
								L16:
								_t45 = 0;
							} else {
								_t45 = 0xc0000019;
								if( *((intOrPtr*)(_t42 + 0x1c)) != 0xc0000019) {
									_t37 = E01374620(_t39,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8,  *((intOrPtr*)(_t42 + 0x18)));
									if(_t37 != 0) {
										E0139F3E0(_t37,  *(_t42 + 0x10) & 0xfffffffc,  *((intOrPtr*)(_t42 + 0x18)));
										_push( *(_t42 + 0x10) & 0xfffffffc);
										_push(0xffffffff);
										E013997A0();
										 *((intOrPtr*)(_t42 + 0x1c)) = 0xc0000019;
										 *(_t42 + 0x10) = _t37 | 0x00000001;
										goto L16;
									} else {
										_t45 = 0xffffffffc0000017;
									}
								}
							}
						}
					}
				} else {
					_t45 = 0xc000000d;
				}
				return _t45;
			}







                            0x013e6652
                            0x013e6657
                            0x013e665b
                            0x013e665d
                            0x013e6661
                            0x013e666d
                            0x013e6672
                            0x013e6679
                            0x013e6681
                            0x013e6689
                            0x013e668c
                            0x013e6691
                            0x013e6695
                            0x013e6697
                            0x013e6697
                            0x013e669e
                            0x013e66a4
                            0x013e670a
                            0x013e670a
                            0x013e66b8
                            0x013e66b8
                            0x013e66c0
                            0x013e66d5
                            0x013e66d9
                            0x013e66eb
                            0x013e66f9
                            0x013e66fa
                            0x013e66fc
                            0x013e6704
                            0x013e6707
                            0x00000000
                            0x013e66db
                            0x013e66db
                            0x013e66db
                            0x013e66d9
                            0x013e66c0
                            0x013e66a4
                            0x013e669e
                            0x013e6663
                            0x013e6663
                            0x013e6663
                            0x013e6714

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 9b3193391ffe34949b03eac8458eebee42e161ae65f90fb98d16a3d56fa5b128
                            • Instruction ID: d6d82bc5e669a36660396f08995251107c953665e294fddfc1266a7a4f1a561f
                            • Opcode Fuzzy Hash: 9b3193391ffe34949b03eac8458eebee42e161ae65f90fb98d16a3d56fa5b128
                            • Instruction Fuzzy Hash: 9321D8F2640B22ABE7615F2C984A711BBA8BB2177CF050315ED60936D1D772E891CBE0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 013628AE Relevance: .1, Instructions: 73COMMON
                            Download Yara Rule
                            C-Code - Quality: 100%
                            			E013628AE(signed int __edx) {
				void* _t14;
				char* _t17;
				signed char* _t27;
				void* _t31;
				signed int _t35;
				signed char* _t37;
				char* _t39;

				_t35 = __edx;
				_t14 = E01377D50();
				_t39 = 0x7ffe0384;
				if(_t14 != 0) {
					_t17 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t17 = 0x7ffe0384;
				}
				_t37 = 0x7ffe0385;
				if( *_t17 != 0) {
					if(( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
						if(E01377D50() == 0) {
							_t27 = 0x7ffe0385;
						} else {
							_t27 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
						}
						if(( *_t27 & 0x00000020) != 0) {
							E013D7016(0x1480, _t35, 0xffffffff, 0xffffffff, 0, 0);
						}
					}
				}
				_t31 = E0136EEF0(0x1445350);
				if(E01377D50() != 0) {
					_t39 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				}
				if( *_t39 != 0) {
					if(( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
						if(E01377D50() != 0) {
							_t37 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
						}
						if(( *_t37 & 0x00000020) != 0) {
							E013D7016(0x1481, _t35 | 0xffffffff, 0xffffffff, 0xffffffff, 0, 0);
						}
					}
				}
				return _t31;
			}










                            0x013628ae
                            0x013628b3
                            0x013628b8
                            0x013628bf
                            0x013b7692
                            0x013628c5
                            0x013628c5
                            0x013628c5
                            0x013628ca
                            0x013628cf
                            0x013b76a9
                            0x013b76b6
                            0x013b76c8
                            0x013b76b8
                            0x013b76c1
                            0x013b76c1
                            0x013b76cd
                            0x013b76e3
                            0x013b76e3
                            0x013b76cd
                            0x013b76a9
                            0x013628df
                            0x013628e8
                            0x013b76f7
                            0x013b76f7
                            0x013628f1
                            0x013b770f
                            0x013b771c
                            0x013b7727
                            0x013b7727
                            0x013b7730
                            0x013b7746
                            0x013b7746
                            0x013b7730
                            0x013b770f
                            0x013628fc

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 768937de10621b1c4cdeb042b083930d0967adb79644f1d3fcd16d8016c51de9
                            • Instruction ID: e6fd0173991bb0f2138769df3c7dd6138b4804ac19fc443023c168dca1947b0b
                            • Opcode Fuzzy Hash: 768937de10621b1c4cdeb042b083930d0967adb79644f1d3fcd16d8016c51de9
                            • Instruction Fuzzy Hash: 6A21C9326057819BF732976C8C48F253F98EB4177CF294761FA209BAE2EB6C98408211
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0142070D Relevance: .1, Instructions: 72COMMON
                            Download Yara Rule
                            C-Code - Quality: 67%
                            			E0142070D(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				char _v8;
				intOrPtr _v11;
				signed int _v12;
				intOrPtr _v15;
				signed int _v16;
				intOrPtr _v28;
				void* __ebx;
				char* _t32;
				signed int* _t38;
				signed int _t60;

				_t38 = __ecx;
				_v16 = __edx;
				_t60 = E014207DF(__ecx, __edx,  &_a4,  &_a8, 2);
				if(_t60 != 0) {
					_t7 = _t38 + 0x38; // 0x29cd5903
					_push( *_t7);
					_t9 = _t38 + 0x34; // 0x6adeeb00
					_push( *_t9);
					_v12 = _a8 << 0xc;
					_t11 = _t38 + 4; // 0x5de58b5b
					_push(0x4000);
					_v8 = (_a4 << 0xc) + (_v16 - ( *__ecx & _v16) >> 4 <<  *_t11) + ( *__ecx & _v16);
					E0141AFDE( &_v8,  &_v12);
					E01421293(_t38, _v28, _t60);
					if(E01377D50() == 0) {
						_t32 = 0x7ffe0380;
					} else {
						_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t32 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						_t21 = _t38 + 0x3c; // 0xc3595e5f
						E014114FB(_t38,  *_t21, _v11, _v15, 0xd);
					}
				}
				return  ~_t60;
			}













                            0x0142071b
                            0x01420724
                            0x01420734
                            0x01420738
                            0x0142074b
                            0x0142074b
                            0x01420753
                            0x01420753
                            0x01420759
                            0x0142075d
                            0x01420774
                            0x01420779
                            0x0142077d
                            0x01420789
                            0x01420795
                            0x014207a7
                            0x01420797
                            0x014207a0
                            0x014207a0
                            0x014207af
                            0x014207c4
                            0x014207cd
                            0x014207cd
                            0x014207af
                            0x014207dc

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                            • Instruction ID: d47bf8b8df621516fa117928168456c1c828b2b95687b693e4b7f983c7a56c5a
                            • Opcode Fuzzy Hash: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                            • Instruction Fuzzy Hash: B5212F36204210AFD705DF2CC880A6BBBE5EBE0750F04862EF9948B3A5DB30D849CB91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0135519E Relevance: .1, Instructions: 70COMMON
                            Download Yara Rule
                            C-Code - Quality: 92%
                            			E0135519E(signed short* __ecx) {
				intOrPtr _v8;
				char _v12;
				intOrPtr _t17;
				signed int _t18;
				char _t27;
				signed short _t32;
				signed short* _t34;
				void* _t35;

				_t34 = __ecx;
				_t27 = 0;
				_t29 = 0;
				_t35 = E013552A5(0);
				if(_t35 == 0) {
					_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					_v12 =  *((intOrPtr*)(_t29 + 0x24));
					_t17 =  *((intOrPtr*)(_t29 + 0x28));
				} else {
					_v12 =  *((intOrPtr*)(_t35 + 0xc));
					_t17 =  *((intOrPtr*)(_t35 + 0x10));
				}
				_t32 = _v12;
				_v8 = _t17;
				_t18 =  *_t34 & 0x0000ffff;
				if(_t32 <= 6) {
					if(_t32 != _t18) {
						goto L4;
					}
					goto L10;
				} else {
					_t29 = (_t32 & 0x0000ffff) - 2;
					if((_t32 & 0x0000ffff) - 2 == _t18) {
						_v12 = _t32 + 0xfffe;
						L10:
						_t18 = E01379DA0(_t29,  &_v12, _t34, 1);
						if(_t18 != 0) {
							_t27 = 1;
						}
					}
					L4:
					if(_t35 == 0) {
						E0136EB70(_t29, 0x14479a0);
					} else {
						asm("lock xadd [esi], eax");
						if((_t18 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t35 + 4)));
							E013995D0();
							L013777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t35);
						}
					}
					return _t27;
				}
			}











                            0x013551a9
                            0x013551ab
                            0x013551ad
                            0x013551b4
                            0x013551b8
                            0x013b0c9c
                            0x013b0ca2
                            0x013b0ca5
                            0x013551be
                            0x013551c1
                            0x013551c4
                            0x013551c4
                            0x013551c7
                            0x013551cb
                            0x013551ce
                            0x013551d5
                            0x013b0cbe
                            0x00000000
                            0x00000000
                            0x00000000
                            0x013551db
                            0x013551de
                            0x013551e3
                            0x013b0cb5
                            0x013b0cc4
                            0x013b0ccb
                            0x013b0cd2
                            0x013b0cd8
                            0x013b0cd8
                            0x013b0cd2
                            0x013551e9
                            0x013551eb
                            0x013b0ce4
                            0x013551f1
                            0x013551f4
                            0x013551f8
                            0x013b0cee
                            0x013b0cf1
                            0x013b0d03
                            0x013b0d03
                            0x013551f8
                            0x01355206
                            0x01355206

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: de8e5b3558262107bf647f3c58077131a4bfd05d0f40b58b4f246e2c3d990efb
                            • Instruction ID: 52cab729fa5834b5638fab4e9ed7f96184e8761cc46634eefb610a2a57243a0e
                            • Opcode Fuzzy Hash: de8e5b3558262107bf647f3c58077131a4bfd05d0f40b58b4f246e2c3d990efb
                            • Instruction Fuzzy Hash: 8611E435941305ABCF749B6CC580AFABFF9EF14A18F14016AF94697A40E731E941C750
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 013D7794 Relevance: .1, Instructions: 70COMMON
                            Download Yara Rule
                            C-Code - Quality: 82%
                            			E013D7794(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, unsigned int _a8, void* _a12) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _t21;
				void* _t24;
				intOrPtr _t25;
				void* _t36;
				short _t39;
				signed char* _t42;
				unsigned int _t46;
				void* _t50;

				_push(__ecx);
				_push(__ecx);
				_t21 =  *0x1447b9c; // 0x0
				_t46 = _a8;
				_v12 = __edx;
				_v8 = __ecx;
				_t4 = _t46 + 0x2e; // 0x2e
				_t36 = _t4;
				_t24 = E01374620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t21 + 0x180000, _t36);
				_t50 = _t24;
				if(_t50 != 0) {
					_t25 = _a4;
					if(_t25 == 5) {
						L3:
						_t39 = 0x14b1;
					} else {
						_t39 = 0x14b0;
						if(_t25 == 6) {
							goto L3;
						}
					}
					 *((short*)(_t50 + 6)) = _t39;
					 *((intOrPtr*)(_t50 + 0x28)) = _t25;
					_t11 = _t50 + 0x2c; // 0x2c
					 *((intOrPtr*)(_t50 + 0x20)) = _v8;
					 *((intOrPtr*)(_t50 + 0x24)) = _v12;
					E0139F3E0(_t11, _a12, _t46);
					 *((short*)(_t50 + 0x2c + (_t46 >> 1) * 2)) = 0;
					if(E01377D50() == 0) {
						_t42 = 0x7ffe0384;
					} else {
						_t42 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					_push(_t50);
					_t19 = _t36 - 0x20; // 0xe
					_push(0x403);
					_push( *_t42 & 0x000000ff);
					E01399AE0();
					_t24 = L013777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t50);
				}
				return _t24;
			}













                            0x013d7799
                            0x013d779a
                            0x013d779b
                            0x013d77a3
                            0x013d77ab
                            0x013d77ae
                            0x013d77b1
                            0x013d77b1
                            0x013d77bf
                            0x013d77c4
                            0x013d77c8
                            0x013d77ce
                            0x013d77d4
                            0x013d77e0
                            0x013d77e0
                            0x013d77d6
                            0x013d77d6
                            0x013d77de
                            0x00000000
                            0x00000000
                            0x013d77de
                            0x013d77e5
                            0x013d77f0
                            0x013d77f3
                            0x013d77f6
                            0x013d77fd
                            0x013d7800
                            0x013d780c
                            0x013d7818
                            0x013d782b
                            0x013d781a
                            0x013d7823
                            0x013d7823
                            0x013d7830
                            0x013d7831
                            0x013d7838
                            0x013d783d
                            0x013d783e
                            0x013d784f
                            0x013d784f
                            0x013d785a

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 7acf76f28e3368372e153a4a7c44819190848e2c1c8fb27f622c486f6ee114d7
                            • Instruction ID: 29a7a5e41f00f7fa55c8a20767d35e32a23cd470fa82995e9db1b7d0236a8e15
                            • Opcode Fuzzy Hash: 7acf76f28e3368372e153a4a7c44819190848e2c1c8fb27f622c486f6ee114d7
                            • Instruction Fuzzy Hash: 0121AE72900644EFC725DF69D881E6BBBA8EF48348F10056DF60AC7750E638E900CBA4
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 013512D4 Relevance: .1, Instructions: 69COMMON
                            Download Yara Rule
                            C-Code - Quality: 80%
                            			E013512D4(intOrPtr __ecx, intOrPtr* _a4) {
				char _v8;
				char _v12;
				void* _t20;
				intOrPtr _t32;
				signed int _t35;
				void* _t39;
				void* _t41;
				intOrPtr* _t44;

				_push(__ecx);
				_push(__ecx);
				_t41 = 0;
				_t32 = __ecx;
				if( *_a4 != 0) {
					L8:
					_t20 = _t41;
					L9:
					return _t20;
				}
				if(__ecx <= 1) {
					_t32 = 0x25;
				}
				_t35 = 0x10;
				_t2 = _t32 - 1; // 0x24
				_t20 = E0138F3D5( &_v12, _t2 * _t35, _t2 * _t35 >> 0x20);
				if(_t20 < 0) {
					goto L9;
				} else {
					_t37 = _v12;
					_push( &_v8);
					_t39 = 0x34;
					_t41 = E01351C45(_v12, _t39);
					if(_t41 >= 0) {
						_t44 = E01374620(_t37,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v8);
						if(_t44 == 0) {
							_t41 = 0xc0000017;
						} else {
							E0139FA60(_t44, 0, _v8);
							 *((intOrPtr*)(_t44 + 0x2c)) = _t32;
							_t14 = _t44 + 0xc; // 0xc
							E013958F0(0x3fff, 0x80000008, _t14);
							 *(_t44 + 8) =  *(_t44 + 8) & 0x00000000;
							 *_t44 = 0x6d6f7441;
							 *((intOrPtr*)(_t44 + 4)) = 1;
							 *_a4 = _t44;
						}
					}
					goto L8;
				}
			}











                            0x013512d9
                            0x013512da
                            0x013512e0
                            0x013512e2
                            0x013512e6
                            0x01351374
                            0x01351374
                            0x01351376
                            0x0135137b
                            0x0135137b
                            0x013512ef
                            0x013512f3
                            0x013512f3
                            0x013512f6
                            0x013512f7
                            0x01351301
                            0x01351308
                            0x00000000
                            0x0135130a
                            0x0135130a
                            0x01351310
                            0x01351313
                            0x01351319
                            0x0135131d
                            0x01351333
                            0x01351337
                            0x0135137e
                            0x01351339
                            0x0135133f
                            0x01351347
                            0x0135134a
                            0x01351358
                            0x01351360
                            0x01351364
                            0x0135136a
                            0x01351371
                            0x01351371
                            0x01351373
                            0x00000000
                            0x0135131d

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 37527cf3eb25ade65d622f20ccdd91ad303ae4a54bb64dfc0495212d1a2f266d
                            • Instruction ID: 7044d3c8faa3c712e5a1a2db9c890a7f78d70cf2e335dbccf391cc44200a33d5
                            • Opcode Fuzzy Hash: 37527cf3eb25ade65d622f20ccdd91ad303ae4a54bb64dfc0495212d1a2f266d
                            • Instruction Fuzzy Hash: 2F11B273600609EFEB229F58D841FAABBACEB84B68F104029EE058F550D671EE44DB54
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 013812BD Relevance: .1, Instructions: 67COMMON
                            Download Yara Rule
                            C-Code - Quality: 95%
                            			E013812BD(intOrPtr __ecx) {
				signed int _v8;
				signed int _t22;
				signed int _t23;
				intOrPtr _t37;
				signed int _t40;
				signed int _t41;
				signed int _t44;
				intOrPtr _t47;

				_push(__ecx);
				_t47 =  *[fs:0x30];
				_t37 = __ecx;
				_t40 =  *(_t47 + 0x88);
				_t44 = ( *0x1448498 & 0x0000ffff) + _t40;
				if(_t44 >= 0xfffe) {
					L4:
					return _t22;
				}
				_t23 =  *(_t47 + 0x8c);
				if(_t44 == _t23) {
					 *(_t47 + 0x8c) = _t23 + _t23;
					_t22 = E01374620(_t40,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t23 + _t23 << 2);
					_t41 = _t22;
					_v8 = _t41;
					if(_t41 == 0) {
						 *(_t47 + 0x8c) = _t44;
						goto L4;
					}
					E0139F3E0(_t41,  *(_t47 + 0x90),  *(_t47 + 0x88) << 2);
					_t30 =  *(_t47 + 0x90);
					if( *(_t47 + 0x90) != 0x1446660) {
						L013777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t30);
					}
					_t40 =  *(_t47 + 0x88);
					 *(_t47 + 0x90) = _v8;
				}
				 *((intOrPtr*)( *(_t47 + 0x90) + _t40 * 4)) = _t37;
				_t22 =  *(_t47 + 0x88) + 1;
				 *(_t47 + 0x88) = _t22;
				if( *((intOrPtr*)(_t37 + 8)) == 0xddeeddee) {
					 *(_t37 + 0x24) = _t22;
				} else {
					 *(_t37 + 0x7c) = _t22;
				}
				goto L4;
			}











                            0x013812c2
                            0x013812c5
                            0x013812cc
                            0x013812d6
                            0x013812dc
                            0x013812e4
                            0x01381313
                            0x01381319
                            0x01381319
                            0x013812e6
                            0x013812ee
                            0x0138131c
                            0x01381331
                            0x01381336
                            0x01381338
                            0x0138133d
                            0x0138137d
                            0x00000000
                            0x0138137d
                            0x01381350
                            0x01381355
                            0x01381363
                            0x013c5512
                            0x013c5512
                            0x0138136c
                            0x01381372
                            0x01381372
                            0x013812f6
                            0x013812ff
                            0x01381300
                            0x0138130d
                            0x01381385
                            0x0138130f
                            0x0138130f
                            0x0138130f
                            0x00000000

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 093a5de88fb51b893d69f7db697eb19a5d4ed49d9e4d02b0fc5f098f2cbe1b75
                            • Instruction ID: afa08907e807b45f52f2c77082c56cb187abb3d2c01bf0ced1c2f1d4b39bd94f
                            • Opcode Fuzzy Hash: 093a5de88fb51b893d69f7db697eb19a5d4ed49d9e4d02b0fc5f098f2cbe1b75
                            • Instruction Fuzzy Hash: EB214A71600700EFD774EF6CC880B6AB7E9FB44654F10882DE59EC7651DB74A841CB60
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0138B390 Relevance: .1, Instructions: 63COMMON
                            Download Yara Rule
                            C-Code - Quality: 54%
                            			E0138B390(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				signed char _t12;
				signed int _t16;
				signed int _t21;
				void* _t28;
				signed int _t30;
				signed int _t36;
				signed int _t41;

				_push(__ecx);
				_t41 = _a4 + 0xffffffb8;
				E01372280(_t12, 0x1448608);
				 *(_t41 + 0x34) =  *(_t41 + 0x34) - 1;
				asm("sbb edi, edi");
				_t36 =  !( ~( *(_t41 + 0x34))) & _t41;
				_v8 = _t36;
				asm("lock cmpxchg [ebx], ecx");
				_t30 = 1;
				if(1 != 1) {
					while(1) {
						_t21 = _t30 & 0x00000006;
						_t16 = _t30;
						_t28 = (0 | _t21 == 0x00000002) * 4 - 1 + _t30;
						asm("lock cmpxchg [edi], esi");
						if(_t16 == _t30) {
							break;
						}
						_t30 = _t16;
					}
					_t36 = _v8;
					if(_t21 == 2) {
						_t16 = E013900C2(0x1448608, 0, _t28);
					}
				}
				if(_t36 != 0) {
					_t16 = L013777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t36);
				}
				return _t16;
			}











                            0x0138b395
                            0x0138b3a2
                            0x0138b3a5
                            0x0138b3aa
                            0x0138b3b2
                            0x0138b3ba
                            0x0138b3bd
                            0x0138b3c0
                            0x0138b3c4
                            0x0138b3c9
                            0x013ca3e9
                            0x013ca3ed
                            0x013ca3f0
                            0x013ca3ff
                            0x013ca403
                            0x013ca409
                            0x00000000
                            0x00000000
                            0x013ca40b
                            0x013ca40b
                            0x013ca40f
                            0x013ca415
                            0x013ca423
                            0x013ca423
                            0x013ca415
                            0x0138b3d1
                            0x0138b3e8
                            0x0138b3e8
                            0x0138b3d9

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: ae47141847723cd44fbf72d69f5945e14546d767d7a5d27864c9ad73e70253b1
                            • Instruction ID: 34981316f8f59338612835cea30b3d7dcc42ebaa6f781546fa90c748cf0fd385
                            • Opcode Fuzzy Hash: ae47141847723cd44fbf72d69f5945e14546d767d7a5d27864c9ad73e70253b1
                            • Instruction Fuzzy Hash: 4C116B333012159BCB29DB588D81A2BB25AEBC5774B28012DDD1AC7790DA719C02C790
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 01359240 Relevance: .1, Instructions: 63COMMON
                            Download Yara Rule
                            C-Code - Quality: 77%
                            			E01359240(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t41;
				intOrPtr* _t46;
				void* _t48;
				intOrPtr _t50;
				intOrPtr* _t60;
				void* _t61;
				intOrPtr _t62;
				intOrPtr _t65;
				void* _t66;
				void* _t68;

				_push(0xc);
				_push(0x142f708);
				E013AD08C(__ebx, __edi, __esi);
				_t65 = __ecx;
				 *((intOrPtr*)(_t68 - 0x1c)) = __ecx;
				if( *(__ecx + 0x24) != 0) {
					_push( *(__ecx + 0x24));
					E013995D0();
					 *(__ecx + 0x24) =  *(__ecx + 0x24) & 0x00000000;
				}
				L6();
				L6();
				_push( *((intOrPtr*)(_t65 + 0x28)));
				E013995D0();
				_t33 =  *0x14484c4; // 0x0
				L013777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t33 + 0xc0000,  *((intOrPtr*)(_t65 + 0x10)));
				_t37 =  *0x14484c4; // 0x0
				L013777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37 + 0xc0000,  *((intOrPtr*)(_t65 + 0x1c)));
				_t41 =  *0x14484c4; // 0x0
				E01372280(L013777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t41 + 0xc0000,  *((intOrPtr*)(_t65 + 0x20))), 0x14486b4);
				 *(_t68 - 4) =  *(_t68 - 4) & 0x00000000;
				_t46 = _t65 + 0xe8;
				_t62 =  *_t46;
				_t60 =  *((intOrPtr*)(_t46 + 4));
				if( *((intOrPtr*)(_t62 + 4)) != _t46 ||  *_t60 != _t46) {
					_t61 = 3;
					asm("int 0x29");
					_push(_t65);
					_t66 = _t61;
					_t23 = _t66 + 0x14; // 0x8df8084c
					_push( *_t23);
					E013995D0();
					_t24 = _t66 + 0x10; // 0x89e04d8b
					_push( *_t24);
					 *(_t66 + 0x38) =  *(_t66 + 0x38) & 0x00000000;
					_t48 = E013995D0();
					 *(_t66 + 0x14) =  *(_t66 + 0x14) & 0x00000000;
					 *(_t66 + 0x10) =  *(_t66 + 0x10) & 0x00000000;
					return _t48;
				} else {
					 *_t60 = _t62;
					 *((intOrPtr*)(_t62 + 4)) = _t60;
					 *(_t68 - 4) = 0xfffffffe;
					E01359325();
					_t50 =  *0x14484c4; // 0x0
					return E013AD0D1(L013777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t50 + 0xc0000, _t65));
				}
			}















                            0x01359240
                            0x01359242
                            0x01359247
                            0x0135924c
                            0x0135924e
                            0x01359255
                            0x01359257
                            0x0135925a
                            0x0135925f
                            0x0135925f
                            0x01359266
                            0x01359271
                            0x01359276
                            0x01359279
                            0x0135927e
                            0x01359295
                            0x0135929a
                            0x013592b1
                            0x013592b6
                            0x013592d7
                            0x013592dc
                            0x013592e0
                            0x013592e6
                            0x013592e8
                            0x013592ee
                            0x01359332
                            0x01359333
                            0x01359337
                            0x01359338
                            0x0135933a
                            0x0135933a
                            0x0135933d
                            0x01359342
                            0x01359342
                            0x01359345
                            0x01359349
                            0x0135934e
                            0x01359352
                            0x01359357
                            0x013592f4
                            0x013592f4
                            0x013592f6
                            0x013592f9
                            0x01359300
                            0x01359306
                            0x01359324
                            0x01359324

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 07b69db55278311166682a9c007abf47c40e447f1f9b74161de1a824dc59eec8
                            • Instruction ID: 43e155417580b74ab297fd9e599c736ef52e1a244696ba9228c33128124bc1e5
                            • Opcode Fuzzy Hash: 07b69db55278311166682a9c007abf47c40e447f1f9b74161de1a824dc59eec8
                            • Instruction Fuzzy Hash: 01213732041642DFC762EF6CCA40F1AB7B9FF28708F15466CE149866B2DB38E942CB44
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 01353138 Relevance: .1, Instructions: 62COMMON
                            Download Yara Rule
                            C-Code - Quality: 80%
                            			E01353138(void* __ecx) {
				signed int _v8;
				char _v12;
				void* _t18;
				intOrPtr _t19;
				void* _t26;
				intOrPtr* _t28;
				char* _t32;
				intOrPtr* _t34;
				intOrPtr _t41;
				void* _t43;
				void* _t45;

				_push(__ecx);
				_push(__ecx);
				_t43 = __ecx;
				if(( *(__ecx + 0xc) & 0x00000001) != 0) {
					_t18 = 0;
				} else {
					_t34 = __ecx + 0x10;
					_t19 =  *_t34;
					_t28 =  *((intOrPtr*)(_t34 + 4));
					_t40 =  *((intOrPtr*)(_t19 + 4));
					if( *_t28 !=  *((intOrPtr*)(_t19 + 4)) ||  *_t28 != _t34) {
						_push(_t28);
						_push( *_t28);
						E0141A80D(0, 0xd, _t34, _t40);
					} else {
						 *_t28 = _t19;
						 *((intOrPtr*)(_t19 + 4)) = _t28;
					}
					_t41 =  *((intOrPtr*)(_t43 + 0x18));
					_v8 = _v8 & 0x00000000;
					_v12 =  *((intOrPtr*)(_t43 + 0x1c));
					_t45 = E0138174B( &_v12,  &_v8, 0x8000);
					if(E01377D50() != 0) {
						_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
					} else {
						_t32 = 0x7ffe0388;
					}
					if( *_t32 != 0) {
						E0140FE3F(_t26, _t41, _v12, _v8);
					}
					_t18 = _t45;
				}
				return _t18;
			}














                            0x0135313d
                            0x0135313e
                            0x01353140
                            0x01353147
                            0x013531ac
                            0x01353149
                            0x01353149
                            0x0135314c
                            0x0135314e
                            0x01353151
                            0x01353156
                            0x013afdb3
                            0x013afdb4
                            0x013afdbd
                            0x01353164
                            0x01353164
                            0x01353166
                            0x01353166
                            0x0135316f
                            0x01353172
                            0x01353176
                            0x01353187
                            0x01353190
                            0x013afdd1
                            0x01353196
                            0x01353196
                            0x01353196
                            0x0135319e
                            0x013afde4
                            0x013afde4
                            0x013531a4
                            0x013531a4
                            0x013531ab

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: d4aeeff4ef93e10868052b9739ddbb58bbde280f33870a99f1aaca30df05f52d
                            • Instruction ID: f6f9db3f46c65c8ef8c2596cac08e910bc9e6ecc13a022e41db01222e7284b92
                            • Opcode Fuzzy Hash: d4aeeff4ef93e10868052b9739ddbb58bbde280f33870a99f1aaca30df05f52d
                            • Instruction Fuzzy Hash: 6B11E631900304EFDB26DF64C804F6AB7B9FB85758F14859DE8018B641EB71AD02CBD0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0141E962 Relevance: .1, Instructions: 62COMMON
                            Download Yara Rule
                            C-Code - Quality: 47%
                            			E0141E962(void* __ebx, void* __ecx, intOrPtr _a4, intOrPtr* _a8) {
				char _v8;
				signed int _v12;
				char* _t26;
				void* _t31;
				unsigned int _t33;
				intOrPtr _t49;
				intOrPtr* _t57;

				_t31 = __ebx;
				_push(__ecx);
				_push(__ecx);
				_t49 = _a4;
				_v12 =  *(_t49 + 0xc) & 0xffff0000;
				_t33 =  *(_t49 + 0x10);
				_t44 = 1 << (_t33 >> 0x00000002 & 0x0000003f);
				_t5 = _t44 - 1; // 0x0
				_t6 = _t44 - 1; // 0x0
				_t57 = _a8;
				_v8 = ((_t33 >> 0x00000001 & 1) + (_t33 >> 0xc) << 0xc) - 1 + (1 << (_t33 >> 0x00000002 & 0x0000003f)) - (_t5 + ((_t33 >> 0x00000001 & 1) + (_t33 >> 0x0000000c) << 0x0000000c) & _t6);
				_push( *((intOrPtr*)(_t57 + 4)));
				_push( *_t57);
				_push(0x8000);
				E0141AFDE( &_v12,  &_v8);
				if(E01377D50() == 0) {
					_t26 = 0x7ffe0388;
				} else {
					_t26 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				if( *_t26 != 0) {
					E0140FE3F(_t31, _t57, _v12, _v8);
				}
				return E0141BCD2(_t49,  *_t57,  *((intOrPtr*)(_t57 + 4)));
			}










                            0x0141e962
                            0x0141e967
                            0x0141e968
                            0x0141e96b
                            0x0141e976
                            0x0141e979
                            0x0141e990
                            0x0141e997
                            0x0141e99a
                            0x0141e9a4
                            0x0141e9b1
                            0x0141e9b4
                            0x0141e9b7
                            0x0141e9b9
                            0x0141e9be
                            0x0141e9ca
                            0x0141e9dc
                            0x0141e9cc
                            0x0141e9d5
                            0x0141e9d5
                            0x0141e9e4
                            0x0141e9ee
                            0x0141e9ee
                            0x0141ea04

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: f7107f8a9a6e1912d5495caaf0dffdb465e6b2ac924055a9a8be1b481ae2b641
                            • Instruction ID: b48301e33594e456498ae36ae143239024e5b1d5783e36ba4fb4aefa07d258cf
                            • Opcode Fuzzy Hash: f7107f8a9a6e1912d5495caaf0dffdb465e6b2ac924055a9a8be1b481ae2b641
                            • Instruction Fuzzy Hash: 06110836610519AFDB19CF59C805AAEBBF6EF84310F04826AEC45A7354EA31AD11CBC0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 013E4257 Relevance: .1, Instructions: 60COMMON
                            Download Yara Rule
                            C-Code - Quality: 90%
                            			E013E4257(void* __ebx, void* __ecx, intOrPtr* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t18;
				intOrPtr _t24;
				intOrPtr* _t27;
				intOrPtr* _t30;
				intOrPtr* _t31;
				intOrPtr _t33;
				intOrPtr* _t34;
				intOrPtr* _t35;
				void* _t37;
				void* _t38;
				void* _t39;
				void* _t43;

				_t39 = __eflags;
				_t35 = __edi;
				_push(8);
				_push(0x14308d0);
				E013AD08C(__ebx, __edi, __esi);
				_t37 = __ecx;
				E013E41E8(__ebx, __edi, __ecx, _t39);
				E0136EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				 *(_t38 - 4) =  *(_t38 - 4) & 0x00000000;
				_t18 = _t37 + 8;
				_t33 =  *_t18;
				_t27 =  *((intOrPtr*)(_t18 + 4));
				if( *((intOrPtr*)(_t33 + 4)) != _t18 ||  *_t27 != _t18) {
					L8:
					_push(3);
					asm("int 0x29");
				} else {
					 *_t27 = _t33;
					 *((intOrPtr*)(_t33 + 4)) = _t27;
					_t35 = 0x14487e4;
					_t18 =  *0x14487e0; // 0x0
					while(_t18 != 0) {
						_t43 = _t18 -  *0x1445cd0; // 0xffffffff
						if(_t43 >= 0) {
							_t31 =  *0x14487e4; // 0x0
							_t18 =  *_t31;
							if( *((intOrPtr*)(_t31 + 4)) != _t35 ||  *((intOrPtr*)(_t18 + 4)) != _t31) {
								goto L8;
							} else {
								 *0x14487e4 = _t18;
								 *((intOrPtr*)(_t18 + 4)) = _t35;
								L01357055(_t31 + 0xfffffff8);
								_t24 =  *0x14487e0; // 0x0
								_t18 = _t24 - 1;
								 *0x14487e0 = _t18;
								continue;
							}
						}
						goto L9;
					}
				}
				L9:
				__eflags =  *0x1445cd0;
				if( *0x1445cd0 <= 0) {
					L01357055(_t37);
				} else {
					_t30 = _t37 + 8;
					_t34 =  *0x14487e8; // 0x0
					__eflags =  *_t34 - _t35;
					if( *_t34 != _t35) {
						goto L8;
					} else {
						 *_t30 = _t35;
						 *((intOrPtr*)(_t30 + 4)) = _t34;
						 *_t34 = _t30;
						 *0x14487e8 = _t30;
						 *0x14487e0 = _t18 + 1;
					}
				}
				 *(_t38 - 4) = 0xfffffffe;
				return E013AD0D1(L013E4320());
			}















                            0x013e4257
                            0x013e4257
                            0x013e4257
                            0x013e4259
                            0x013e425e
                            0x013e4263
                            0x013e4265
                            0x013e4273
                            0x013e4278
                            0x013e427c
                            0x013e427f
                            0x013e4281
                            0x013e4287
                            0x013e42d7
                            0x013e42d7
                            0x013e42da
                            0x013e428d
                            0x013e428d
                            0x013e428f
                            0x013e4292
                            0x013e4297
                            0x013e429c
                            0x013e42a0
                            0x013e42a6
                            0x013e42a8
                            0x013e42ae
                            0x013e42b3
                            0x00000000
                            0x013e42ba
                            0x013e42ba
                            0x013e42bf
                            0x013e42c5
                            0x013e42ca
                            0x013e42cf
                            0x013e42d0
                            0x00000000
                            0x013e42d0
                            0x013e42b3
                            0x00000000
                            0x013e42a6
                            0x013e429c
                            0x013e42dc
                            0x013e42dc
                            0x013e42e3
                            0x013e4309
                            0x013e42e5
                            0x013e42e5
                            0x013e42e8
                            0x013e42ee
                            0x013e42f0
                            0x00000000
                            0x013e42f2
                            0x013e42f2
                            0x013e42f4
                            0x013e42f7
                            0x013e42f9
                            0x013e4300
                            0x013e4300
                            0x013e42f0
                            0x013e430e
                            0x013e431f

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: dcc6e030f2e4595ac89ce2d3c0a0b2616ca9a7c3548a07b8d680ea3980da08fa
                            • Instruction ID: c4767823cd2a1208c8c5bef9e120f6a9d5b11986b463f5222636fa867357c579
                            • Opcode Fuzzy Hash: dcc6e030f2e4595ac89ce2d3c0a0b2616ca9a7c3548a07b8d680ea3980da08fa
                            • Instruction Fuzzy Hash: 5A219D78500712CFDB25EFA8D814A24BBF1FB89358B60826EC109CB6E9DB31D491CB00
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 01382397 Relevance: .1, Instructions: 59COMMON
                            Download Yara Rule
                            C-Code - Quality: 29%
                            			E01382397(intOrPtr _a4) {
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t11;
				void* _t19;
				void* _t25;
				void* _t26;
				intOrPtr _t27;
				void* _t28;
				void* _t29;

				_t27 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294));
				if( *0x144848c != 0) {
					L0137FAD0(0x1448610);
					if( *0x144848c == 0) {
						E0137FA00(0x1448610, _t19, _t27, 0x1448610);
						goto L1;
					} else {
						_push(0);
						_push(_a4);
						_t26 = 4;
						_t29 = E01382581(0x1448610, 0x13350a0, _t26, _t27, _t28);
						E0137FA00(0x1448610, 0x13350a0, _t27, 0x1448610);
					}
				} else {
					L1:
					_t11 =  *0x1448614; // 0x0
					if(_t11 == 0) {
						_t11 = E01394886(0x1331088, 1, 0x1448614);
					}
					_push(0);
					_push(_a4);
					_t25 = 4;
					_t29 = E01382581(0x1448610, (_t11 << 4) + 0x1335070, _t25, _t27, _t28);
				}
				if(_t29 != 0) {
					 *((intOrPtr*)(_t29 + 0x38)) = _t27;
					 *((char*)(_t29 + 0x40)) = 0;
				}
				return _t29;
			}















                            0x013823b0
                            0x013823b6
                            0x01382409
                            0x01382415
                            0x013c5ae9
                            0x00000000
                            0x0138241b
                            0x0138241b
                            0x0138241d
                            0x01382427
                            0x0138242e
                            0x01382430
                            0x01382430
                            0x013823b8
                            0x013823b8
                            0x013823b8
                            0x013823bf
                            0x013823fc
                            0x013823fc
                            0x013823c1
                            0x013823c3
                            0x013823d0
                            0x013823d8
                            0x013823d8
                            0x013823dc
                            0x013823de
                            0x013823e1
                            0x013823e1
                            0x013823ec

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 1c7517b9a4f337852cbfd4788548e80350ee54c1229cbd020238cda330d30bd0
                            • Instruction ID: 94c7930a45cd3e973307640b3b8314f4e5e65adbbd9aec3ce3de45c37cbe1431
                            • Opcode Fuzzy Hash: 1c7517b9a4f337852cbfd4788548e80350ee54c1229cbd020238cda330d30bd0
                            • Instruction Fuzzy Hash: 92114975744306A7F770BB6E9C90B17F6DCFBA0619F14402AFA06A7290D6F4E805C768
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0135A63B Relevance: .1, Instructions: 59COMMON
                            Download Yara Rule
                            C-Code - Quality: 100%
                            			E0135A63B(intOrPtr __ecx) {
				signed int _t14;
				intOrPtr _t23;
				signed int _t24;
				intOrPtr _t27;
				void* _t31;
				signed short _t33;
				void* _t38;

				_t27 = __ecx;
				_t33 =  *0x1448498; // 0x0
				 *((short*)(((0 |  *((intOrPtr*)(__ecx + 8)) == 0xddeeddee) - 0x00000001 & 0x00000058) + __ecx + 0x24)) = 0xffff;
				_t38 = _t33 -  *0x1445cb0; // 0x4
				if(_t38 == 0) {
					_t14 =  *0x1445cb0; // 0x4
					 *0x1445cb0 = _t14 + _t14;
					_t31 = E01374620(0xffff,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, (_t14 + _t14 & 0x0000ffff) << 2);
					if(_t31 != 0) {
						_t33 =  *0x1448498; // 0x0
						E0139F3E0(_t31,  *0x14456f4, (_t33 & 0x0000ffff) << 2);
						_t23 =  *0x14456f4; // 0x77e16640
						if(_t23 != 0x1446640) {
							L013777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t23);
							_t33 =  *0x1448498; // 0x0
						}
						 *0x14456f4 = _t31;
						L2:
						_t24 = _t33 & 0x0000ffff;
						 *0x1448498 = _t33 + 1;
						 *((intOrPtr*)(_t31 + _t24 * 4)) = _t27;
						L3:
						return _t24;
					}
					_t24 =  *0x1448498; // 0x0
					 *0x1445cb0 = _t24;
					goto L3;
				}
				_t31 =  *0x14456f4; // 0x77e16640
				goto L2;
			}










                            0x0135a63e
                            0x0135a643
                            0x0135a65e
                            0x0135a663
                            0x0135a66a
                            0x013b42f5
                            0x013b42fc
                            0x013b4319
                            0x013b431d
                            0x013b4330
                            0x013b4345
                            0x013b434d
                            0x013b4357
                            0x013b4365
                            0x013b436a
                            0x013b436a
                            0x013b4371
                            0x0135a676
                            0x0135a676
                            0x0135a67b
                            0x0135a682
                            0x0135a685
                            0x0135a688
                            0x0135a688
                            0x013b431f
                            0x013b4325
                            0x00000000
                            0x013b4325
                            0x0135a670
                            0x00000000

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: cffc2fc10730510e4279c8f46cda332a46b4689c020f15a97a3204aa483c11bc
                            • Instruction ID: ddc0afb28b846438de0caf1b86b0d892c9f0214f5b6e0e20306da0fcad3c4e6c
                            • Opcode Fuzzy Hash: cffc2fc10730510e4279c8f46cda332a46b4689c020f15a97a3204aa483c11bc
                            • Instruction Fuzzy Hash: 9811E33F111142EBD735CF6CF980A7133A8FB84B69B540128EA08DF675E7348841D728
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 013D46A7 Relevance: .1, Instructions: 59COMMON
                            Download Yara Rule
                            C-Code - Quality: 93%
                            			E013D46A7(signed short* __ecx, unsigned int __edx, char* _a4) {
				signed short* _v8;
				unsigned int _v12;
				intOrPtr _v16;
				signed int _t22;
				signed char _t23;
				short _t32;
				void* _t38;
				char* _t40;

				_v12 = __edx;
				_t29 = 0;
				_v8 = __ecx;
				_v16 =  *((intOrPtr*)( *[fs:0x30] + 0x18));
				_t38 = E01374620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *__ecx & 0x0000ffff);
				if(_t38 != 0) {
					_t40 = _a4;
					 *_t40 = 1;
					E0139F3E0(_t38, _v8[2],  *_v8 & 0x0000ffff);
					_t22 = _v12 >> 1;
					_t32 = 0x2e;
					 *((short*)(_t38 + _t22 * 2)) = _t32;
					 *((short*)(_t38 + 2 + _t22 * 2)) = 0;
					_t23 = E0138D268(_t38, 1);
					asm("sbb al, al");
					 *_t40 =  ~_t23 + 1;
					L013777F0(_v16, 0, _t38);
				} else {
					 *_a4 = 0;
					_t29 = 0xc0000017;
				}
				return _t29;
			}











                            0x013d46b7
                            0x013d46ba
                            0x013d46c5
                            0x013d46c8
                            0x013d46d0
                            0x013d46d4
                            0x013d46e6
                            0x013d46e9
                            0x013d46f4
                            0x013d46ff
                            0x013d4705
                            0x013d4706
                            0x013d470c
                            0x013d4713
                            0x013d471b
                            0x013d4723
                            0x013d4725
                            0x013d46d6
                            0x013d46d9
                            0x013d46db
                            0x013d46db
                            0x013d4732

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                            • Instruction ID: 7d730a1bcce70aadc23fcf8db561d07c914bbf66769b1a69c821e8a11620ca27
                            • Opcode Fuzzy Hash: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                            • Instruction Fuzzy Hash: DF11E572504208FFCB159F5CE8808BEBBB9EF95318F10806AF944C7351DA359D55D7A4
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 013937F5 Relevance: .1, Instructions: 57COMMON
                            Download Yara Rule
                            C-Code - Quality: 87%
                            			E013937F5(void* __ecx, intOrPtr* __edx) {
				void* __ebx;
				void* __edi;
				signed char _t6;
				intOrPtr _t13;
				intOrPtr* _t20;
				intOrPtr* _t27;
				void* _t28;
				intOrPtr* _t29;

				_t27 = __edx;
				_t28 = __ecx;
				if(__edx == 0) {
					E01372280(_t6, 0x1448550);
				}
				_t29 = E0139387E(_t28);
				if(_t29 == 0) {
					L6:
					if(_t27 == 0) {
						E0136FFB0(0x1448550, _t27, 0x1448550);
					}
					if(_t29 == 0) {
						return 0xc0000225;
					} else {
						if(_t27 != 0) {
							goto L14;
						}
						L013777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t27, _t29);
						goto L11;
					}
				} else {
					_t13 =  *_t29;
					if( *((intOrPtr*)(_t13 + 4)) != _t29) {
						L13:
						_push(3);
						asm("int 0x29");
						L14:
						 *_t27 = _t29;
						L11:
						return 0;
					}
					_t20 =  *((intOrPtr*)(_t29 + 4));
					if( *_t20 != _t29) {
						goto L13;
					}
					 *_t20 = _t13;
					 *((intOrPtr*)(_t13 + 4)) = _t20;
					asm("btr eax, ecx");
					goto L6;
				}
			}











                            0x013937fa
                            0x013937fc
                            0x01393805
                            0x01393808
                            0x01393808
                            0x01393814
                            0x01393818
                            0x01393846
                            0x01393848
                            0x0139384b
                            0x0139384b
                            0x01393852
                            0x00000000
                            0x01393854
                            0x01393856
                            0x00000000
                            0x00000000
                            0x01393863
                            0x00000000
                            0x01393863
                            0x0139381a
                            0x0139381a
                            0x0139381f
                            0x0139386e
                            0x0139386e
                            0x01393871
                            0x01393873
                            0x01393873
                            0x01393868
                            0x00000000
                            0x01393868
                            0x01393821
                            0x01393826
                            0x00000000
                            0x00000000
                            0x01393828
                            0x0139382a
                            0x01393841
                            0x00000000
                            0x01393841

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 862b689e5ecfab396d11157988ed83037195b00de72263f249c9edfb96487dbf
                            • Instruction ID: a06df0ee987b288299d114142f42da82bb04c22bd15ddb99d454264912b3e63e
                            • Opcode Fuzzy Hash: 862b689e5ecfab396d11157988ed83037195b00de72263f249c9edfb96487dbf
                            • Instruction Fuzzy Hash: EF0126F29496219BCB379B2D9900E26BFEAFF81B587154069E9058F615C730C805C7C0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0138002D Relevance: .1, Instructions: 55COMMON
                            Download Yara Rule
                            C-Code - Quality: 100%
                            			E0138002D() {
				void* _t11;
				char* _t14;
				signed char* _t16;
				char* _t27;
				signed char* _t29;

				_t11 = E01377D50();
				_t27 = 0x7ffe0384;
				if(_t11 != 0) {
					_t14 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t14 = 0x7ffe0384;
				}
				_t29 = 0x7ffe0385;
				if( *_t14 != 0) {
					if(E01377D50() == 0) {
						_t16 = 0x7ffe0385;
					} else {
						_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t16 & 0x00000040) != 0) {
						goto L18;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(E01377D50() != 0) {
						_t27 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					if( *_t27 != 0) {
						if(( *( *[fs:0x30] + 0x240) & 0x00000004) == 0) {
							goto L5;
						}
						if(E01377D50() != 0) {
							_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
						}
						if(( *_t29 & 0x00000020) == 0) {
							goto L5;
						}
						L18:
						return 1;
					} else {
						L5:
						return 0;
					}
				}
			}








                            0x01380032
                            0x01380037
                            0x01380043
                            0x013c4b3a
                            0x01380049
                            0x01380049
                            0x01380049
                            0x0138004e
                            0x01380053
                            0x013c4b48
                            0x013c4b5a
                            0x013c4b4a
                            0x013c4b53
                            0x013c4b53
                            0x013c4b5f
                            0x00000000
                            0x013c4b61
                            0x00000000
                            0x013c4b61
                            0x01380059
                            0x01380059
                            0x01380060
                            0x013c4b6f
                            0x013c4b6f
                            0x01380069
                            0x013c4b83
                            0x00000000
                            0x00000000
                            0x013c4b90
                            0x013c4b9b
                            0x013c4b9b
                            0x013c4ba4
                            0x00000000
                            0x00000000
                            0x013c4baa
                            0x00000000
                            0x0138006f
                            0x0138006f
                            0x00000000
                            0x0138006f
                            0x01380069

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                            • Instruction ID: c3cd6f7740274e7a461956c5ff827dbed4212a88f4bf790d0883e84ccfd602ba
                            • Opcode Fuzzy Hash: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                            • Instruction Fuzzy Hash: 0411C8726057818FE727A76CC568B357BD8AF41B9CF0900A4ED5487B92E72DDC42C360
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0135A745 Relevance: .1, Instructions: 55COMMON
                            Download Yara Rule
                            C-Code - Quality: 71%
                            			E0135A745(void* __ebx, void* __ecx, void* __edx, void* __edi) {
				signed int _v12;
				void* __esi;
				intOrPtr _t7;
				signed int _t9;
				intOrPtr* _t12;
				intOrPtr _t15;
				void* _t19;
				intOrPtr _t20;
				intOrPtr _t23;
				intOrPtr* _t28;
				intOrPtr _t30;
				intOrPtr _t32;
				void* _t34;
				intOrPtr _t35;
				signed int _t37;

				_push(__ecx);
				_t7 =  *0x14484cc; // 0x0
				_t34 = __ecx;
				_t9 = E01372280(_t7 + 0x18, _t7 + 0x18);
				asm("lock xadd [esi+0x14], eax");
				if((_t9 | 0xffffffff) == 1) {
					_t2 = _t34 + 8; // 0x8
					_t12 = _t2;
					_t30 =  *_t12;
					if( *((intOrPtr*)(_t30 + 4)) != _t12) {
						L7:
						asm("int 0x29");
						_t32 = 3;
						_pop(_t35);
						_pop(_t23);
						return E0139B640(0xc00000f0, _t23, _v12 ^ _t37, _t30, _t32, _t35);
					} else {
						_t28 =  *((intOrPtr*)(_t12 + 4));
						if( *_t28 != _t12) {
							goto L7;
						} else {
							_t15 =  *0x14484cc; // 0x0
							 *_t28 = _t30;
							 *((intOrPtr*)(_t30 + 4)) = _t28;
							E0136FFB0(__ebx, __edi, _t15 + 0x18);
							_t19 = L013777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t34);
							goto L2;
						}
					}
				} else {
					_t20 =  *0x14484cc; // 0x0
					_t19 = E0136FFB0(__ebx, __edi, _t20 + 0x18);
					L2:
					return _t19;
				}
			}


















                            0x0135a74a
                            0x0135a74b
                            0x0135a754
                            0x0135a757
                            0x0135a75f
                            0x0135a765
                            0x013b440f
                            0x013b440f
                            0x013b4412
                            0x013b4417
                            0x013b4449
                            0x013b444c
                            0x0135a86a
                            0x0135a86b
                            0x0135a86e
                            0x0135a877
                            0x013b4419
                            0x013b4419
                            0x013b441e
                            0x00000000
                            0x013b4420
                            0x013b4420
                            0x013b4428
                            0x013b442b
                            0x013b442e
                            0x013b443f
                            0x00000000
                            0x013b443f
                            0x013b441e
                            0x0135a76b
                            0x0135a76b
                            0x0135a774
                            0x0135a779
                            0x0135a77d
                            0x0135a77d

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 9802749dcd10f55bd0704f488b1a9cd4d402daee16e5f15933b7efd48bc3db2d
                            • Instruction ID: 7b1142ad2bd1a7707c06b8db13409683b72b0dddfb37bd9f74ea6d142bf8eed5
                            • Opcode Fuzzy Hash: 9802749dcd10f55bd0704f488b1a9cd4d402daee16e5f15933b7efd48bc3db2d
                            • Instruction Fuzzy Hash: E401B532201206DBC320EF6DFC40E6AB7BDEB51329B05826EE509CB652EE79D855C7D4
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0136766D Relevance: .1, Instructions: 54COMMON
                            Download Yara Rule
                            C-Code - Quality: 94%
                            			E0136766D(void* __ecx, signed int __edx, signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16) {
				char _v8;
				void* _t22;
				void* _t24;
				intOrPtr _t29;
				intOrPtr* _t30;
				void* _t42;
				intOrPtr _t47;

				_push(__ecx);
				_t36 =  &_v8;
				if(E0138F3D5( &_v8, __edx * _a4, __edx * _a4 >> 0x20) < 0) {
					L10:
					_t22 = 0;
				} else {
					_t24 = _v8 + __ecx;
					_t42 = _t24;
					if(_t24 < __ecx) {
						goto L10;
					} else {
						if(E0138F3D5( &_v8, _a8 * _a12, _a8 * _a12 >> 0x20) < 0) {
							goto L10;
						} else {
							_t29 = _v8 + _t42;
							if(_t29 < _t42) {
								goto L10;
							} else {
								_t47 = _t29;
								_t30 = _a16;
								if(_t30 != 0) {
									 *_t30 = _t47;
								}
								if(_t47 == 0) {
									goto L10;
								} else {
									_t22 = E01374620(_t36,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t47);
								}
							}
						}
					}
				}
				return _t22;
			}










                            0x01367672
                            0x0136767f
                            0x01367689
                            0x013676de
                            0x013676de
                            0x0136768b
                            0x01367691
                            0x01367693
                            0x01367697
                            0x00000000
                            0x01367699
                            0x013676a8
                            0x00000000
                            0x013676aa
                            0x013676ad
                            0x013676b1
                            0x00000000
                            0x013676b3
                            0x013676b3
                            0x013676b5
                            0x013676ba
                            0x013676bc
                            0x013676bc
                            0x013676c0
                            0x00000000
                            0x013676c2
                            0x013676ce
                            0x013676ce
                            0x013676c0
                            0x013676b1
                            0x013676a8
                            0x01367697
                            0x013676d9

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                            • Instruction ID: e55503672053b2230b45428649cd4da0bf2d601968257e56736d35cd8fee083e
                            • Opcode Fuzzy Hash: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                            • Instruction Fuzzy Hash: 1101FC32310119ABC720DE5ECC40E5BBBADEF84678F544124BA08DB244DA30DC01C3A0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 013586A0 Relevance: .1, Instructions: 54COMMON
                            Download Yara Rule
                            C-Code - Quality: 100%
                            			E013586A0(signed short* _a4, signed int _a8) {
				signed char _t20;
				intOrPtr* _t21;
				signed short* _t30;
				void* _t32;
				signed int _t36;
				intOrPtr* _t37;

				if((_a8 & 0xfffffffe) != 0) {
					return 0;
				}
				_t30 = _a4;
				_t20 =  *_t30 & 0x0000ffff;
				if(_t20 == 0 || (_t20 & 0x00000001) != 0) {
					L10:
					_t21 = 0;
					goto L6;
				} else {
					_t36 = _t20 + 0x0000001f & 0xfffffff8;
					_t37 = E01374620(_t32,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t36);
					if(_t37 == 0) {
						goto L10;
					}
					 *(_t37 + 8) = _t36;
					 *((intOrPtr*)(_t37 + 4)) = 1;
					 *_t37 = 1;
					if((_a8 & 1) != 0) {
						 *((intOrPtr*)(_t37 + 0xc)) = 1;
					}
					 *((intOrPtr*)(_t37 + 0x10)) = 1;
					 *((intOrPtr*)(_t37 + 0x14)) = ( *_t30 & 0x0000ffff) + 8;
					_t17 = _t37 + 0x18; // 0x18
					E0139F3E0(_t17, _t30[2],  *_t30 & 0x0000ffff);
					_t21 = _t37;
					L6:
					return _t21;
				}
			}









                            0x013586ae
                            0x00000000
                            0x0135871a
                            0x013586b1
                            0x013586b4
                            0x013586ba
                            0x0135871e
                            0x0135871e
                            0x00000000
                            0x013586c0
                            0x013586c9
                            0x013586d7
                            0x013586db
                            0x00000000
                            0x00000000
                            0x013586df
                            0x013586e3
                            0x013586e6
                            0x013586eb
                            0x01358715
                            0x01358715
                            0x013586f3
                            0x013586f6
                            0x01358700
                            0x01358704
                            0x0135870c
                            0x0135870e
                            0x00000000
                            0x0135870e

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 2838a12bfa7fb0c301611d14f3f4a56a391a4934558db612db6c0909e9ac3aae
                            • Instruction ID: e2a1ff0bc8c2230ad4f8f05e6957afe0f8c8dc5b71017110ab467537011b3613
                            • Opcode Fuzzy Hash: 2838a12bfa7fb0c301611d14f3f4a56a391a4934558db612db6c0909e9ac3aae
                            • Instruction Fuzzy Hash: 0D110472505B56EBCB718F1A9840D22BBE8FF55B6870085ADFCD5CBA81D734D520CB60
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 01359080 Relevance: .1, Instructions: 53COMMON
                            Download Yara Rule
                            C-Code - Quality: 69%
                            			E01359080(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi) {
				intOrPtr* _t51;
				intOrPtr _t59;
				signed int _t64;
				signed int _t67;
				signed int* _t71;
				signed int _t74;
				signed int _t77;
				signed int _t82;
				intOrPtr* _t84;
				void* _t85;
				intOrPtr* _t87;
				void* _t94;
				signed int _t95;
				intOrPtr* _t97;
				signed int _t99;
				signed int _t102;
				void* _t104;

				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t97 = __ecx;
				_t102 =  *(__ecx + 0x14);
				if((_t102 & 0x02ffffff) == 0x2000000) {
					_t102 = _t102 | 0x000007d0;
				}
				_t48 =  *[fs:0x30];
				if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
					_t102 = _t102 & 0xff000000;
				}
				_t80 = 0x14485ec;
				E01372280(_t48, 0x14485ec);
				_t51 =  *_t97 + 8;
				if( *_t51 != 0) {
					L6:
					return E0136FFB0(_t80, _t97, _t80);
				} else {
					 *(_t97 + 0x14) = _t102;
					_t84 =  *0x144538c; // 0x77e16828
					if( *_t84 != 0x1445388) {
						_t85 = 3;
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x2c);
						_push(0x142f6e8);
						E013AD0E8(0x14485ec, _t97, _t102);
						 *((char*)(_t104 - 0x1d)) = 0;
						_t99 =  *(_t104 + 8);
						__eflags = _t99;
						if(_t99 == 0) {
							L13:
							__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
							if(__eflags == 0) {
								E014288F5(_t80, _t85, 0x1445388, _t99, _t102, __eflags);
							}
						} else {
							__eflags = _t99 -  *0x14486c0; // 0xe207b0
							if(__eflags == 0) {
								goto L13;
							} else {
								__eflags = _t99 -  *0x14486b8; // 0x0
								if(__eflags == 0) {
									goto L13;
								} else {
									_t59 =  *((intOrPtr*)( *[fs:0x30] + 0xc));
									__eflags =  *((char*)(_t59 + 0x28));
									if( *((char*)(_t59 + 0x28)) == 0) {
										E01372280(_t99 + 0xe0, _t99 + 0xe0);
										 *(_t104 - 4) =  *(_t104 - 4) & 0x00000000;
										__eflags =  *((char*)(_t99 + 0xe5));
										if(__eflags != 0) {
											E014288F5(0x14485ec, _t85, 0x1445388, _t99, _t102, __eflags);
										} else {
											__eflags =  *((char*)(_t99 + 0xe4));
											if( *((char*)(_t99 + 0xe4)) == 0) {
												 *((char*)(_t99 + 0xe4)) = 1;
												_push(_t99);
												_push( *((intOrPtr*)(_t99 + 0x24)));
												E0139AFD0();
											}
											while(1) {
												_t71 = _t99 + 8;
												 *(_t104 - 0x2c) = _t71;
												_t80 =  *_t71;
												_t95 = _t71[1];
												 *(_t104 - 0x28) = _t80;
												 *(_t104 - 0x24) = _t95;
												while(1) {
													L19:
													__eflags = _t95;
													if(_t95 == 0) {
														break;
													}
													_t102 = _t80;
													 *(_t104 - 0x30) = _t95;
													 *(_t104 - 0x24) = _t95 - 1;
													asm("lock cmpxchg8b [edi]");
													_t80 = _t102;
													 *(_t104 - 0x28) = _t80;
													 *(_t104 - 0x24) = _t95;
													__eflags = _t80 - _t102;
													_t99 =  *(_t104 + 8);
													if(_t80 != _t102) {
														continue;
													} else {
														__eflags = _t95 -  *(_t104 - 0x30);
														if(_t95 !=  *(_t104 - 0x30)) {
															continue;
														} else {
															__eflags = _t95;
															if(_t95 != 0) {
																_t74 = 0;
																 *(_t104 - 0x34) = 0;
																_t102 = 0;
																__eflags = 0;
																while(1) {
																	 *(_t104 - 0x3c) = _t102;
																	__eflags = _t102 - 3;
																	if(_t102 >= 3) {
																		break;
																	}
																	__eflags = _t74;
																	if(_t74 != 0) {
																		L49:
																		_t102 =  *_t74;
																		__eflags = _t102;
																		if(_t102 != 0) {
																			_t102 =  *(_t102 + 4);
																			__eflags = _t102;
																			if(_t102 != 0) {
																				 *0x144b1e0(_t74, _t99);
																				 *_t102();
																			}
																		}
																		do {
																			_t71 = _t99 + 8;
																			 *(_t104 - 0x2c) = _t71;
																			_t80 =  *_t71;
																			_t95 = _t71[1];
																			 *(_t104 - 0x28) = _t80;
																			 *(_t104 - 0x24) = _t95;
																			goto L19;
																		} while (_t74 == 0);
																		goto L49;
																	} else {
																		_t82 = 0;
																		__eflags = 0;
																		while(1) {
																			 *(_t104 - 0x38) = _t82;
																			__eflags = _t82 -  *0x14484c0;
																			if(_t82 >=  *0x14484c0) {
																				break;
																			}
																			__eflags = _t74;
																			if(_t74 == 0) {
																				_t77 = E01429063(_t82 * 0xc +  *((intOrPtr*)(_t99 + 0x10 + _t102 * 4)), _t95, _t99);
																				__eflags = _t77;
																				if(_t77 == 0) {
																					_t74 = 0;
																					__eflags = 0;
																				} else {
																					_t74 = _t77 + 0xfffffff4;
																				}
																				 *(_t104 - 0x34) = _t74;
																				_t82 = _t82 + 1;
																				continue;
																			}
																			break;
																		}
																		_t102 = _t102 + 1;
																		continue;
																	}
																	goto L20;
																}
																__eflags = _t74;
															}
														}
													}
													break;
												}
												L20:
												 *((intOrPtr*)(_t99 + 0xf4)) =  *((intOrPtr*)(_t104 + 4));
												 *((char*)(_t99 + 0xe5)) = 1;
												 *((char*)(_t104 - 0x1d)) = 1;
												goto L21;
											}
										}
										L21:
										 *(_t104 - 4) = 0xfffffffe;
										E0135922A(_t99);
										_t64 = E01377D50();
										__eflags = _t64;
										if(_t64 != 0) {
											_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
										} else {
											_t67 = 0x7ffe0386;
										}
										__eflags =  *_t67;
										if( *_t67 != 0) {
											_t67 = E01428B58(_t99);
										}
										__eflags =  *((char*)(_t104 - 0x1d));
										if( *((char*)(_t104 - 0x1d)) != 0) {
											__eflags = _t99 -  *0x14486c0; // 0xe207b0
											if(__eflags != 0) {
												__eflags = _t99 -  *0x14486b8; // 0x0
												if(__eflags == 0) {
													_t94 = 0x14486bc;
													_t87 = 0x14486b8;
													goto L27;
												} else {
													__eflags = _t67 | 0xffffffff;
													asm("lock xadd [edi], eax");
													if(__eflags == 0) {
														E01359240(_t80, _t99, _t99, _t102, __eflags);
													}
												}
											} else {
												_t94 = 0x14486c4;
												_t87 = 0x14486c0;
												L27:
												E01389B82(_t80, _t87, _t94, _t99, _t102, __eflags);
											}
										}
									} else {
										goto L13;
									}
								}
							}
						}
						return E013AD130(_t80, _t99, _t102);
					} else {
						 *_t51 = 0x1445388;
						 *((intOrPtr*)(_t51 + 4)) = _t84;
						 *_t84 = _t51;
						 *0x144538c = _t51;
						goto L6;
					}
				}
			}




















                            0x01359082
                            0x01359083
                            0x01359084
                            0x01359085
                            0x01359087
                            0x01359096
                            0x01359098
                            0x01359098
                            0x0135909e
                            0x013590a8
                            0x013590e7
                            0x013590e7
                            0x013590aa
                            0x013590b0
                            0x013590b7
                            0x013590bd
                            0x013590dd
                            0x013590e6
                            0x013590bf
                            0x013590bf
                            0x013590c7
                            0x013590cf
                            0x013590f1
                            0x013590f2
                            0x013590f4
                            0x013590f5
                            0x013590f6
                            0x013590f7
                            0x013590f8
                            0x013590f9
                            0x013590fa
                            0x013590fb
                            0x013590fc
                            0x013590fd
                            0x013590fe
                            0x013590ff
                            0x01359100
                            0x01359102
                            0x01359107
                            0x0135910c
                            0x01359110
                            0x01359113
                            0x01359115
                            0x01359136
                            0x0135913f
                            0x01359143
                            0x013b37e4
                            0x013b37e4
                            0x01359117
                            0x01359117
                            0x0135911d
                            0x00000000
                            0x0135911f
                            0x0135911f
                            0x01359125
                            0x00000000
                            0x01359127
                            0x0135912d
                            0x01359130
                            0x01359134
                            0x01359158
                            0x0135915d
                            0x01359161
                            0x01359168
                            0x013b3715
                            0x0135916e
                            0x0135916e
                            0x01359175
                            0x01359177
                            0x0135917e
                            0x0135917f
                            0x01359182
                            0x01359182
                            0x01359187
                            0x01359187
                            0x0135918a
                            0x0135918d
                            0x0135918f
                            0x01359192
                            0x01359195
                            0x01359198
                            0x01359198
                            0x01359198
                            0x0135919a
                            0x00000000
                            0x00000000
                            0x013b371f
                            0x013b3721
                            0x013b3727
                            0x013b372f
                            0x013b3733
                            0x013b3735
                            0x013b3738
                            0x013b373b
                            0x013b373d
                            0x013b3740
                            0x00000000
                            0x013b3746
                            0x013b3746
                            0x013b3749
                            0x00000000
                            0x013b374f
                            0x013b374f
                            0x013b3751
                            0x013b3757
                            0x013b3759
                            0x013b375c
                            0x013b375c
                            0x013b375e
                            0x013b375e
                            0x013b3761
                            0x013b3764
                            0x00000000
                            0x00000000
                            0x013b3766
                            0x013b3768
                            0x013b37a3
                            0x013b37a3
                            0x013b37a5
                            0x013b37a7
                            0x013b37ad
                            0x013b37b0
                            0x013b37b2
                            0x013b37bc
                            0x013b37c2
                            0x013b37c2
                            0x013b37b2
                            0x01359187
                            0x01359187
                            0x0135918a
                            0x0135918d
                            0x0135918f
                            0x01359192
                            0x01359195
                            0x00000000
                            0x01359195
                            0x00000000
                            0x013b376a
                            0x013b376a
                            0x013b376a
                            0x013b376c
                            0x013b376c
                            0x013b376f
                            0x013b3775
                            0x00000000
                            0x00000000
                            0x013b3777
                            0x013b3779
                            0x013b3782
                            0x013b3787
                            0x013b3789
                            0x013b3790
                            0x013b3790
                            0x013b378b
                            0x013b378b
                            0x013b378b
                            0x013b3792
                            0x013b3795
                            0x00000000
                            0x013b3795
                            0x00000000
                            0x013b3779
                            0x013b3798
                            0x00000000
                            0x013b3798
                            0x00000000
                            0x013b3768
                            0x013b379b
                            0x013b379b
                            0x013b3751
                            0x013b3749
                            0x00000000
                            0x013b3740
                            0x013591a0
                            0x013591a3
                            0x013591a9
                            0x013591b0
                            0x00000000
                            0x013591b0
                            0x01359187
                            0x013591b4
                            0x013591b4
                            0x013591bb
                            0x013591c0
                            0x013591c5
                            0x013591c7
                            0x013b37da
                            0x013591cd
                            0x013591cd
                            0x013591cd
                            0x013591d2
                            0x013591d5
                            0x01359239
                            0x01359239
                            0x013591d7
                            0x013591db
                            0x013591e1
                            0x013591e7
                            0x013591fd
                            0x01359203
                            0x0135921e
                            0x01359223
                            0x00000000
                            0x01359205
                            0x01359205
                            0x01359208
                            0x0135920c
                            0x01359214
                            0x01359214
                            0x0135920c
                            0x013591e9
                            0x013591e9
                            0x013591ee
                            0x013591f3
                            0x013591f3
                            0x013591f3
                            0x013591e7
                            0x00000000
                            0x00000000
                            0x00000000
                            0x01359134
                            0x01359125
                            0x0135911d
                            0x0135914e
                            0x013590d1
                            0x013590d1
                            0x013590d3
                            0x013590d6
                            0x013590d8
                            0x00000000
                            0x013590d8
                            0x013590cf

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 0927e498efcc2c2d5c67c6a52a7efed0df6f527c0ffd658020fcb475d9e4ac19
                            • Instruction ID: e7c6a49f7f7702161aec20c52b7a2488b014d59ca1bdcc1beefbf82a55d8f953
                            • Opcode Fuzzy Hash: 0927e498efcc2c2d5c67c6a52a7efed0df6f527c0ffd658020fcb475d9e4ac19
                            • Instruction Fuzzy Hash: C501AFB2601605CFD7659F18D840B22BBF9EB85B2DF254466E9058F6A6C374DC41CBD0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 013EC450 Relevance: .1, Instructions: 53COMMON
                            Download Yara Rule
                            C-Code - Quality: 46%
                            			E013EC450(intOrPtr* _a4) {
				signed char _t25;
				intOrPtr* _t26;
				intOrPtr* _t27;

				_t26 = _a4;
				_t25 =  *(_t26 + 0x10);
				if((_t25 & 0x00000003) != 1) {
					_push(0);
					_push(0);
					_push(0);
					_push( *((intOrPtr*)(_t26 + 8)));
					_push(0);
					_push( *_t26);
					E01399910();
					_t25 =  *(_t26 + 0x10);
				}
				if((_t25 & 0x00000001) != 0) {
					_push(4);
					_t7 = _t26 + 4; // 0x4
					_t27 = _t7;
					_push(_t27);
					_push(5);
					_push(0xfffffffe);
					E013995B0();
					if( *_t27 != 0) {
						_push( *_t27);
						E013995D0();
					}
				}
				_t8 = _t26 + 0x14; // 0x14
				if( *((intOrPtr*)(_t26 + 8)) != _t8) {
					L013777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t26 + 8)));
				}
				_push( *_t26);
				E013995D0();
				return L013777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t26);
			}






                            0x013ec458
                            0x013ec45d
                            0x013ec466
                            0x013ec468
                            0x013ec469
                            0x013ec46a
                            0x013ec46b
                            0x013ec46e
                            0x013ec46f
                            0x013ec471
                            0x013ec476
                            0x013ec476
                            0x013ec47c
                            0x013ec47e
                            0x013ec480
                            0x013ec480
                            0x013ec483
                            0x013ec484
                            0x013ec486
                            0x013ec488
                            0x013ec48f
                            0x013ec491
                            0x013ec493
                            0x013ec493
                            0x013ec48f
                            0x013ec498
                            0x013ec49e
                            0x013ec4ad
                            0x013ec4ad
                            0x013ec4b2
                            0x013ec4b4
                            0x013ec4cd

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                            • Instruction ID: b9abb407452583a3d5c06575221f6b231ca2065df2d772aeed9ec9b17cf8425f
                            • Opcode Fuzzy Hash: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                            • Instruction Fuzzy Hash: 98018472140616FFEB21AF69CC84E67FB6DFB54359F004529F214525A0C721ACA1CBA0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 01358190 Relevance: .1, Instructions: 52COMMON
                            Download Yara Rule
                            C-Code - Quality: 82%
                            			E01358190(void* __ecx, void* __eflags, intOrPtr _a4) {
				void* __ebx;
				void* __edi;
				signed char _t10;
				intOrPtr _t15;
				intOrPtr* _t24;
				void* _t26;
				intOrPtr* _t27;

				E01372280(_t10, 0x144864c);
				_t27 = E0135820E(_a4);
				if(_t27 == 0) {
					_t26 = 0xc000002a;
				} else {
					_t2 = _t27 + 0x10;
					 *_t2 =  *((intOrPtr*)(_t27 + 0x10)) - 1;
					if( *_t2 != 0) {
						L8:
						_t26 = 0;
					} else {
						_t15 =  *_t27;
						if( *((intOrPtr*)(_t15 + 4)) != _t27) {
							L7:
							_push(3);
							asm("int 0x29");
							goto L8;
						} else {
							_t24 =  *((intOrPtr*)(_t27 + 4));
							if( *_t24 != _t27) {
								goto L7;
							} else {
								 *_t24 = _t15;
								 *((intOrPtr*)(_t15 + 4)) = _t24;
								_t7 = _t27 + 0xc; // 0xc
								_push(1);
								_t8 = _t27 + 8; // 0x8
								_push(0xffffffff);
								_t26 = E0139B130();
								L013777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t27);
							}
						}
					}
				}
				E0136FFB0(0x144864c, _t26, 0x144864c);
				return _t26;
			}










                            0x0135819e
                            0x013581ab
                            0x013581af
                            0x013581fe
                            0x013581b1
                            0x013581b1
                            0x013581b1
                            0x013581b5
                            0x0135820a
                            0x0135820a
                            0x013581b7
                            0x013581b7
                            0x013581bc
                            0x01358205
                            0x01358205
                            0x01358208
                            0x00000000
                            0x013581be
                            0x013581be
                            0x013581c3
                            0x00000000
                            0x013581c5
                            0x013581c5
                            0x013581c7
                            0x013581ca
                            0x013581cd
                            0x013581d0
                            0x013581d4
                            0x013581e2
                            0x013581ea
                            0x013581ea
                            0x013581c3
                            0x013581bc
                            0x013581b5
                            0x013581f0
                            0x013581fb

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: beb38b1da4545fc6c81ba8fb0a7d8daccf401935e23b515f182c42f31bd600e1
                            • Instruction ID: 1056535ce8c9b74553e686097706e355647663edf294a02119340cc3a5d4102b
                            • Opcode Fuzzy Hash: beb38b1da4545fc6c81ba8fb0a7d8daccf401935e23b515f182c42f31bd600e1
                            • Instruction Fuzzy Hash: 5601FC72101605EBD3729B5ACC44F67BBADEF81BA8F154169F9254B651CB30DD02C790
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 013531E0 Relevance: .0, Instructions: 49COMMON
                            Download Yara Rule
                            C-Code - Quality: 100%
                            			E013531E0(intOrPtr _a4, intOrPtr _a8) {
				char* _t12;
				signed int* _t13;
				signed int _t26;
				intOrPtr _t28;

				_t28 = _a4;
				_t26 = 0;
				_t12 = E0135354C(_t28, 0);
				if(_t12 == 0) {
					L3:
					return _t12;
				}
				if(_a8 != 0) {
					_t13 = _t28 + 0xa8;
					_t26 =  *_t13;
					 *_t13 = 0;
				}
				_t12 = E01389ED0(_t28 + 0x20,  ~_t26, 1);
				if(_t26 != 0) {
					if(E01377D50() == 0) {
						_t12 = 0x7ffe0386;
					} else {
						_t12 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					}
					if( *_t12 == 0) {
						goto L3;
					}
					return E01428966( *((intOrPtr*)(_t28 + 0x5c)), _t28 + 0x78, _t28 + 0x30,  *((intOrPtr*)(_t28 + 0x34)),  *((intOrPtr*)(_t28 + 0x3c)), _t26);
				} else {
					goto L3;
				}
			}







                            0x013531e6
                            0x013531ec
                            0x013531f1
                            0x013531f8
                            0x0135321c
                            0x0135321c
                            0x0135321c
                            0x013531fd
                            0x013afe1e
                            0x013afe24
                            0x013afe24
                            0x013afe24
                            0x0135320c
                            0x01353213
                            0x013afe32
                            0x013afe44
                            0x013afe34
                            0x013afe3d
                            0x013afe3d
                            0x013afe4c
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: cd41840913fde36b44aca51169ed52aaca1c3c379bf37e85e3a76e03a02823ec
                            • Instruction ID: e85131a374c7f6804e859a83f83c66dc97a8f589a514b3ff296f6f1d9c56c3bf
                            • Opcode Fuzzy Hash: cd41840913fde36b44aca51169ed52aaca1c3c379bf37e85e3a76e03a02823ec
                            • Instruction Fuzzy Hash: 1601D832200B459FEB72D66ED900EAB77EDFFD1B98F444419AF4687551DA30E841C750
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 01424015 Relevance: .0, Instructions: 49COMMON
                            Download Yara Rule
                            C-Code - Quality: 86%
                            			E01424015(signed int __eax, signed int __ecx) {
				void* __ebx;
				void* __edi;
				signed char _t10;
				signed int _t28;

				_push(__ecx);
				_t28 = __ecx;
				asm("lock xadd [edi+0x24], eax");
				_t10 = (__eax | 0xffffffff) - 1;
				if(_t10 == 0) {
					_t1 = _t28 + 0x1c; // 0x1e
					E01372280(_t10, _t1);
					 *((intOrPtr*)(_t28 + 0x20)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
					E01372280( *((intOrPtr*)( *[fs:0x18] + 0x24)), 0x14486ac);
					E0135F900(0x14486d4, _t28);
					E0136FFB0(0x14486ac, _t28, 0x14486ac);
					 *((intOrPtr*)(_t28 + 0x20)) = 0;
					E0136FFB0(0, _t28, _t1);
					_t18 =  *((intOrPtr*)(_t28 + 0x94));
					if( *((intOrPtr*)(_t28 + 0x94)) != 0) {
						L013777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t18);
					}
					_t10 = L013777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
				}
				return _t10;
			}







                            0x0142401a
                            0x0142401e
                            0x01424023
                            0x01424028
                            0x01424029
                            0x0142402b
                            0x0142402f
                            0x01424043
                            0x01424046
                            0x01424051
                            0x01424057
                            0x0142405f
                            0x01424062
                            0x01424067
                            0x0142406f
                            0x0142407c
                            0x0142407c
                            0x0142408c
                            0x0142408c
                            0x01424097

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 34919147d1bcddaa483cc4905961b64d820c762e4e5fffa1e55fd6670c7ded71
                            • Instruction ID: 55d7127165b0dd06a3510279587253bb462fa8d91cad0f037fbc5a4a3d57b3ad
                            • Opcode Fuzzy Hash: 34919147d1bcddaa483cc4905961b64d820c762e4e5fffa1e55fd6670c7ded71
                            • Instruction Fuzzy Hash: 6701A771201946BFD361AB7DCD84E13F7ACFF55664B000226F50887A21DB38EC52C6E4
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 013E3019 Relevance: .0, Instructions: 48COMMON
                            Download Yara Rule
                            C-Code - Quality: 58%
                            			E013E3019(intOrPtr __ecx, intOrPtr __edx, signed int _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				signed int _v8;
				intOrPtr _v20;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				short _v70;
				char _v76;
				void* __edi;
				void* __esi;
				signed char* _t25;
				intOrPtr _t27;
				intOrPtr _t31;
				intOrPtr _t40;
				intOrPtr _t43;
				signed int _t44;

				_t46 = (_t44 & 0xfffffff8) - 0x48;
				_v8 =  *0x144d360 ^ (_t44 & 0xfffffff8) - 0x00000048;
				_v36 = __ecx;
				_v70 = 0xd21;
				_v44 = _a16;
				_v24 = _a4;
				_t37 = _a20;
				_v40 = _a20;
				_v32 = __edx;
				_v28 = _a8;
				_v20 = _a12;
				if(E01377D50() == 0) {
					_t25 = 0x7ffe038e;
				} else {
					_t25 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x234;
				}
				_push( &_v76);
				_push(0x1c);
				_push( *_t25 & 0x000000ff);
				_t27 = E01399AE0();
				_pop(_t40);
				_t43 = 0x20402;
				return E0139B640(_t27, _t31, _v24 ^ _t46, _t37, _t40, _t43);
			}





















                            0x013e3021
                            0x013e302b
                            0x013e3034
                            0x013e3038
                            0x013e3044
                            0x013e304e
                            0x013e3052
                            0x013e3058
                            0x013e305c
                            0x013e3060
                            0x013e3064
                            0x013e306f
                            0x013e3081
                            0x013e3071
                            0x013e307a
                            0x013e307a
                            0x013e308d
                            0x013e308e
                            0x013e3095
                            0x013e3096
                            0x013e309f
                            0x013e30a0
                            0x013e30ab

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 93c70ae0efc552c827159744ee48290dd0be5e278eca6b633e981cdb6c6a7995
                            • Instruction ID: c028fe0f5cc9a8cc054899015e32cbdf9eaaac64331833955fe03872dad3a826
                            • Opcode Fuzzy Hash: 93c70ae0efc552c827159744ee48290dd0be5e278eca6b633e981cdb6c6a7995
                            • Instruction Fuzzy Hash: AD1179B1A083089FC710DF6DC44595BBBE8EF98714F00851EB998D7390E630E900CB92
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 013570C0 Relevance: .0, Instructions: 48COMMON
                            Download Yara Rule
                            C-Code - Quality: 95%
                            			E013570C0(signed int* __ecx) {
				signed int _t27;
				intOrPtr _t34;
				signed int _t38;
				signed int* _t40;

				_t40 = __ecx;
				if(__ecx == 0) {
					return _t27;
				}
				_t38 = 0;
				if( *((intOrPtr*)(__ecx + 4)) <= 0) {
					L6:
					if(( *_t40 & 0x00000001) != 0) {
						_t27 = L013777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t40[2]);
					}
					_t40[2] = _t40[2] & 0x00000000;
					_t40[1] = _t40[1] & 0x00000000;
					 *_t40 =  *_t40 & 0x00000000;
					return _t27;
				}
				do {
					_t27 = _t40[2];
					_t34 =  *((intOrPtr*)(_t27 + _t38 * 4));
					if(_t34 != 0) {
						 *(_t34 + 8) =  *(_t34 + 8) & 0;
						 *((intOrPtr*)(_t34 + 4)) = 0;
						if( *(_t34 + 0xc) != 0) {
							_push( *(_t34 + 0xc));
							E013995D0();
							 *(_t34 + 0xc) =  *(_t34 + 0xc) & 0x00000000;
						}
						 *(_t40[2] + _t38 * 4) =  *(_t40[2] + _t38 * 4) & 0x00000000;
						_t27 = L013777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t34);
					}
					_t38 = _t38 + 1;
				} while (_t38 < _t40[1]);
				goto L6;
			}







                            0x013570c3
                            0x013570c7
                            0x013570f9
                            0x013570f9
                            0x013570ca
                            0x013570cf
                            0x013570e3
                            0x013570e7
                            0x013b22e0
                            0x013b22e0
                            0x013570ed
                            0x013570f1
                            0x013570f5
                            0x00000000
                            0x013570f5
                            0x013570d2
                            0x013570d2
                            0x013570d5
                            0x013570da
                            0x013570fc
                            0x013570ff
                            0x01357105
                            0x01357107
                            0x0135710a
                            0x0135710f
                            0x0135710f
                            0x01357119
                            0x01357126
                            0x01357126
                            0x013570dc
                            0x013570dd
                            0x00000000

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 06d75836c9573aa0e55f1f59fba811012c8e74f5e68e5d7ca759bd447d74ee88
                            • Instruction ID: 53c9944878b1dbaad99f41e211a3edd84830daf3a7f5a96248fff6ab894a4efd
                            • Opcode Fuzzy Hash: 06d75836c9573aa0e55f1f59fba811012c8e74f5e68e5d7ca759bd447d74ee88
                            • Instruction Fuzzy Hash: 3B115B32510B02DFD7729E19C880F22B7E5BB50B2AF158869D9994B962D778E882CB50
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0141138A Relevance: .0, Instructions: 48COMMON
                            Download Yara Rule
                            C-Code - Quality: 61%
                            			E0141138A(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x144d360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E0139FA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1033;
				if(E01377D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E0139B640(E01399AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

















                            0x0141138a
                            0x0141138a
                            0x01411399
                            0x014113a3
                            0x014113a8
                            0x014113aa
                            0x014113b5
                            0x014113bb
                            0x014113c3
                            0x014113c6
                            0x014113c9
                            0x014113d4
                            0x014113e6
                            0x014113d6
                            0x014113df
                            0x014113df
                            0x014113f1
                            0x014113f2
                            0x014113f4
                            0x014113f9
                            0x0141140e

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: ef5db7dff163351064ff504fbb8a0987882e9202fd9dd438b5ab81cd0e7062db
                            • Instruction ID: 5cd6e403bce79f6765b9420682fbe800b579c0934fbe2e41521cabf6b5940d70
                            • Opcode Fuzzy Hash: ef5db7dff163351064ff504fbb8a0987882e9202fd9dd438b5ab81cd0e7062db
                            • Instruction Fuzzy Hash: AA015271E0121DAFDB14DFA9D885FAEBBB8EF54714F004056B904EB394D6749A01CB94
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 01428450 Relevance: .0, Instructions: 48COMMON
                            Download Yara Rule
                            C-Code - Quality: 92%
                            			E01428450(intOrPtr _a4) {
				void* __ecx;
				unsigned int _t10;
				unsigned int* _t20;

				_t28 = _a4;
				_t20 = _a4 + 0x8c;
				_t10 =  *_t20;
				if(_t10 >= 2) {
					_t10 =  *_t20;
					do {
						asm("lock cmpxchg [edx], ecx");
					} while ((_t10 & 1) != 0);
					_t27 = _t10 >> 1;
					if(_t10 >> 1 != 0) {
						E01389ED0(_t28 + 0x20,  ~_t27, 0);
						if(E01377D50() == 0) {
							_t10 = 0x7ffe0386;
						} else {
							_t10 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						}
						if( *_t10 != 0) {
							return E01428966( *((intOrPtr*)(_t28 + 0x5c)), _t28 + 0x78,  *((intOrPtr*)(_t28 + 0x30)),  *((intOrPtr*)(_t28 + 0x34)),  *((intOrPtr*)(_t28 + 0x3c)), _t27);
						}
					}
				}
				return _t10;
			}






                            0x01428457
                            0x0142845b
                            0x01428461
                            0x01428466
                            0x0142846b
                            0x0142846d
                            0x01428471
                            0x01428471
                            0x01428479
                            0x0142847b
                            0x01428486
                            0x01428492
                            0x014284a4
                            0x01428494
                            0x0142849d
                            0x0142849d
                            0x014284ac
                            0x00000000
                            0x014284be
                            0x014284ac
                            0x0142847b
                            0x014284c7

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: fab0c485f60ad926169880dc8cf1c2acbb4a6bb70ced4fcaa2074de596fe31cb
                            • Instruction ID: 439ecc97259b209896444816f020b0f2a8083afd23e2e2bf14f4b80ae8b844cf
                            • Opcode Fuzzy Hash: fab0c485f60ad926169880dc8cf1c2acbb4a6bb70ced4fcaa2074de596fe31cb
                            • Instruction Fuzzy Hash: 1301D8322006129FD7219B69D804F6BB7EAFFD5214F48452EE6468B760EA70F880CB50
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 014114FB Relevance: .0, Instructions: 48COMMON
                            Download Yara Rule
                            C-Code - Quality: 61%
                            			E014114FB(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x144d360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E0139FA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1034;
				if(E01377D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E0139B640(E01399AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

















                            0x014114fb
                            0x014114fb
                            0x0141150a
                            0x01411514
                            0x01411519
                            0x0141151b
                            0x01411526
                            0x0141152c
                            0x01411534
                            0x01411537
                            0x0141153a
                            0x01411545
                            0x01411557
                            0x01411547
                            0x01411550
                            0x01411550
                            0x01411562
                            0x01411563
                            0x01411565
                            0x0141156a
                            0x0141157f

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: e031e31486f485f10ca4d6f92da9fbd875265a230d2feadc7cfccf81c5e261f5
                            • Instruction ID: 6a192027984705f5607803d005e8608e2ec2149332ac4a11c5ffddd671d90c09
                            • Opcode Fuzzy Hash: e031e31486f485f10ca4d6f92da9fbd875265a230d2feadc7cfccf81c5e261f5
                            • Instruction Fuzzy Hash: 40019E71A00248AFDB10EFACD845EAEBBB8EF44714F00406AF905EB380DA74DA00CB94
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 01411951 Relevance: .0, Instructions: 48COMMON
                            Download Yara Rule
                            C-Code - Quality: 61%
                            			E01411951(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x144d360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E0139FA60( &_v60, 0, 0x30);
				_v28 = _t34;
				_v54 = 0x1030;
				_v20 = _a4;
				_v24 = _t33;
				_v16 = _a8;
				if(E01377D50() == 0) {
					_t21 = 0x7ffe0380;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E0139B640(E01399AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

















                            0x01411951
                            0x01411951
                            0x01411960
                            0x0141196a
                            0x0141196f
                            0x01411971
                            0x0141197b
                            0x0141197e
                            0x01411988
                            0x0141198e
                            0x01411991
                            0x0141199b
                            0x014119ad
                            0x0141199d
                            0x014119a6
                            0x014119a6
                            0x014119b8
                            0x014119b9
                            0x014119bb
                            0x014119c0
                            0x014119d5

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 0d2b1d31f9112e086e19000a6b31acdc55d11f7141c69507dd5d125a7c7592a7
                            • Instruction ID: 1cc3a5d3eddc6fe10e6dbc8870eee80dd4fdd1e3025d7628d4b163cc984566f8
                            • Opcode Fuzzy Hash: 0d2b1d31f9112e086e19000a6b31acdc55d11f7141c69507dd5d125a7c7592a7
                            • Instruction Fuzzy Hash: CD01B571E11209AFDB10DFA8D845EAFBBB8EF44710F004056F910EB380D674DA00CB94
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 014119D8 Relevance: .0, Instructions: 48COMMON
                            Download Yara Rule
                            C-Code - Quality: 61%
                            			E014119D8(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x144d360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E0139FA60( &_v60, 0, 0x30);
				_v28 = _t34;
				_v54 = 0x1032;
				_v20 = _a4;
				_v24 = _t33;
				_v16 = _a8;
				if(E01377D50() == 0) {
					_t21 = 0x7ffe0380;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E0139B640(E01399AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

















                            0x014119d8
                            0x014119d8
                            0x014119e7
                            0x014119f1
                            0x014119f6
                            0x014119f8
                            0x01411a02
                            0x01411a05
                            0x01411a0f
                            0x01411a15
                            0x01411a18
                            0x01411a22
                            0x01411a34
                            0x01411a24
                            0x01411a2d
                            0x01411a2d
                            0x01411a3f
                            0x01411a40
                            0x01411a42
                            0x01411a47
                            0x01411a5c

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: e4c6f1706389de611cd8d7c71947b5ce33f8e4ae32ae984914bf14622503ebc0
                            • Instruction ID: a40ba7217147074c7f492e03ba1cc26a4ce24467bc68868e1b198645fe4fa120
                            • Opcode Fuzzy Hash: e4c6f1706389de611cd8d7c71947b5ce33f8e4ae32ae984914bf14622503ebc0
                            • Instruction Fuzzy Hash: F2015271A01259AFDB14DFA9D845EAFBBB8EF54750F404056B900EB390D6749A01CB94
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 01411843 Relevance: .0, Instructions: 48COMMON
                            Download Yara Rule
                            C-Code - Quality: 61%
                            			E01411843(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x144d360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E0139FA60( &_v60, 0, 0x30);
				_v28 = _t34;
				_v54 = 0x102f;
				_v20 = _a4;
				_v24 = _t33;
				_v16 = _a8;
				if(E01377D50() == 0) {
					_t21 = 0x7ffe0380;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E0139B640(E01399AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

















                            0x01411843
                            0x01411843
                            0x01411852
                            0x0141185c
                            0x01411861
                            0x01411863
                            0x0141186d
                            0x01411870
                            0x0141187a
                            0x01411880
                            0x01411883
                            0x0141188d
                            0x0141189f
                            0x0141188f
                            0x01411898
                            0x01411898
                            0x014118aa
                            0x014118ab
                            0x014118ad
                            0x014118b2
                            0x014118c7

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 61354b3767f8049dd28db344ce761e15890b80fcf99ab0e53a899abaa6497733
                            • Instruction ID: 55f82b92c12ff2d92eb4e2c98bfa082f626996c039708579999c49f9aa6adbb1
                            • Opcode Fuzzy Hash: 61354b3767f8049dd28db344ce761e15890b80fcf99ab0e53a899abaa6497733
                            • Instruction Fuzzy Hash: CE015271E01259AFDB14EFA9D845EAFBBB8EF54710F044056F904EB390D6749A00CB95
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 014118CA Relevance: .0, Instructions: 48COMMON
                            Download Yara Rule
                            C-Code - Quality: 61%
                            			E014118CA(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x144d360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E0139FA60( &_v60, 0, 0x30);
				_v28 = _t34;
				_v54 = 0x1031;
				_v20 = _a4;
				_v24 = _t33;
				_v16 = _a8;
				if(E01377D50() == 0) {
					_t21 = 0x7ffe0380;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E0139B640(E01399AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

















                            0x014118ca
                            0x014118ca
                            0x014118d9
                            0x014118e3
                            0x014118e8
                            0x014118ea
                            0x014118f4
                            0x014118f7
                            0x01411901
                            0x01411907
                            0x0141190a
                            0x01411914
                            0x01411926
                            0x01411916
                            0x0141191f
                            0x0141191f
                            0x01411931
                            0x01411932
                            0x01411934
                            0x01411939
                            0x0141194e

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: b889f18cf17bbf4d8bf362bba2a52c007d64ba349acc55ba667f400d2fbe983d
                            • Instruction ID: 612de086fcb67662f5b2eb246a3c735de7586d82711b48e620193d63818f1eee
                            • Opcode Fuzzy Hash: b889f18cf17bbf4d8bf362bba2a52c007d64ba349acc55ba667f400d2fbe983d
                            • Instruction Fuzzy Hash: FB01B571E01209AFDB10EFA9D845EAFBBB8EF44710F004056F901EB380D674DA01CB90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 013595F0 Relevance: .0, Instructions: 47COMMON
                            Download Yara Rule
                            C-Code - Quality: 67%
                            			E013595F0(intOrPtr _a4, char _a8) {
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t10;
				void* _t17;
				void* _t18;
				char* _t21;
				void* _t23;
				void* _t25;
				void* _t27;
				intOrPtr _t29;

				_t29 = _a4;
				_push(_t25);
				if(_t29 == 0 || _a8 < 0 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					E014288F5(_t17, _t18, _t23, _t25, _t29, __eflags);
					_t10 = 0xc000000d;
				} else {
					_push(4);
					_push( &_a8);
					_push(4);
					_push( *((intOrPtr*)(_t29 + 0x24)));
					_t27 = E0139AE70();
					if(E01377D50() != 0) {
						_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					} else {
						_t21 = 0x7ffe0386;
					}
					if( *_t21 != 0) {
						__eflags = _t27;
						if(_t27 >= 0) {
							E01428C75(_t29, _a8);
						}
					}
					_t10 = _t27;
				}
				return _t10;
			}














                            0x013595f9
                            0x013595fc
                            0x013595ff
                            0x0135964d
                            0x01359652
                            0x01359616
                            0x01359616
                            0x0135961b
                            0x0135961c
                            0x0135961e
                            0x01359626
                            0x0135962f
                            0x013b3a8b
                            0x01359635
                            0x01359635
                            0x01359635
                            0x0135963d
                            0x013b3a96
                            0x013b3a98
                            0x013b3aa3
                            0x013b3aa3
                            0x013b3a98
                            0x01359643
                            0x01359643
                            0x0135964a

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: df440c5ad6587ecde6a58862a94a30d5b418c81cae08247646cab741cad8c4bd
                            • Instruction ID: 117d4a57dab79e096ad865f612d463d8e4fcaf70fe6a16fc35582aca17373fa9
                            • Opcode Fuzzy Hash: df440c5ad6587ecde6a58862a94a30d5b418c81cae08247646cab741cad8c4bd
                            • Instruction Fuzzy Hash: 74017B32A00145EBDB219B5CC840F693799EB91F3CF10415AEE098B690DB74ED44C7A0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0136B02A Relevance: .0, Instructions: 46COMMON
                            Download Yara Rule
                            C-Code - Quality: 100%
                            			E0136B02A(intOrPtr __ecx, signed short* __edx, short _a4) {
				signed char _t11;
				signed char* _t12;
				intOrPtr _t24;
				signed short* _t25;

				_t25 = __edx;
				_t24 = __ecx;
				_t11 = ( *[fs:0x30])[0x50];
				if(_t11 != 0) {
					if( *_t11 == 0) {
						goto L1;
					}
					_t12 = ( *[fs:0x30])[0x50] + 0x22a;
					L2:
					if( *_t12 != 0) {
						_t12 =  *[fs:0x30];
						if((_t12[0x240] & 0x00000004) == 0) {
							goto L3;
						}
						if(E01377D50() == 0) {
							_t12 = 0x7ffe0385;
						} else {
							_t12 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t12 & 0x00000020) == 0) {
							goto L3;
						}
						return E013D7016(_a4, _t24, 0, 0, _t25, 0);
					}
					L3:
					return _t12;
				}
				L1:
				_t12 = 0x7ffe0384;
				goto L2;
			}







                            0x0136b037
                            0x0136b039
                            0x0136b03b
                            0x0136b040
                            0x013ba60e
                            0x00000000
                            0x00000000
                            0x013ba61d
                            0x0136b04b
                            0x0136b04e
                            0x013ba627
                            0x013ba634
                            0x00000000
                            0x00000000
                            0x013ba641
                            0x013ba653
                            0x013ba643
                            0x013ba64c
                            0x013ba64c
                            0x013ba65b
                            0x00000000
                            0x00000000
                            0x00000000
                            0x013ba66c
                            0x0136b057
                            0x0136b057
                            0x0136b057
                            0x0136b046
                            0x0136b046
                            0x00000000

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                            • Instruction ID: 19dc39c69190b0ff22327a869ab7cc07ec2227aa747f616da5e1fb305f9e84ec
                            • Opcode Fuzzy Hash: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                            • Instruction Fuzzy Hash: 7E0184B2300984DFE326871CC988F66BBDCEB85758F0940A1FA15CBA55E728DC40CA20
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 01421074 Relevance: .0, Instructions: 46COMMON
                            Download Yara Rule
                            C-Code - Quality: 100%
                            			E01421074(intOrPtr __ebx, signed int* __ecx, char __edx, void* __edi, intOrPtr _a4) {
				char _v8;
				void* _v11;
				unsigned int _v12;
				void* _v15;
				void* __esi;
				void* __ebp;
				char* _t16;
				signed int* _t35;

				_t22 = __ebx;
				_t35 = __ecx;
				_v8 = __edx;
				_t13 =  !( *__ecx) + 1;
				_v12 =  !( *__ecx) + 1;
				if(_a4 != 0) {
					E0142165E(__ebx, 0x1448ae4, (__edx -  *0x1448b04 >> 0x14) + (__edx -  *0x1448b04 >> 0x14), __edi, __ecx, (__edx -  *0x1448b04 >> 0x14) + (__edx -  *0x1448b04 >> 0x14), (_t13 >> 0x14) + (_t13 >> 0x14));
				}
				E0141AFDE( &_v8,  &_v12, 0x8000,  *((intOrPtr*)(_t35 + 0x34)),  *((intOrPtr*)(_t35 + 0x38)));
				if(E01377D50() == 0) {
					_t16 = 0x7ffe0388;
				} else {
					_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				if( *_t16 != 0) {
					_t16 = E0140FE3F(_t22, _t35, _v8, _v12);
				}
				return _t16;
			}











                            0x01421074
                            0x01421080
                            0x01421082
                            0x0142108a
                            0x0142108f
                            0x01421093
                            0x014210ab
                            0x014210ab
                            0x014210c3
                            0x014210cf
                            0x014210e1
                            0x014210d1
                            0x014210da
                            0x014210da
                            0x014210e9
                            0x014210f5
                            0x014210f5
                            0x014210fe

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 52085e056403d2045d2b2bbff3af9916dbb29667552a3241dda6e9fddfdd21af
                            • Instruction ID: 50a0c1a5a359f67dd596fccb6f49513574d7142152622837a86b942891951068
                            • Opcode Fuzzy Hash: 52085e056403d2045d2b2bbff3af9916dbb29667552a3241dda6e9fddfdd21af
                            • Instruction Fuzzy Hash: EA014CB26047429FD721DF69C844B1B7BD5BB94710F04C52AF985837B1EE74D980CB92
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0141129A Relevance: .0, Instructions: 46COMMON
                            Download Yara Rule
                            C-Code - Quality: 63%
                            			E0141129A(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				short _v46;
				char _v52;
				void* __edi;
				void* __esi;
				void* _t17;
				signed char* _t18;
				intOrPtr _t24;
				void* _t30;
				intOrPtr _t31;
				intOrPtr _t32;
				void* _t33;
				intOrPtr _t34;
				intOrPtr _t35;
				signed int _t36;

				_t29 = __edx;
				_t24 = __ebx;
				_v8 =  *0x144d360 ^ _t36;
				_t31 = __edx;
				_t34 = __ecx;
				E0139FA60( &_v52, 0, 0x2c);
				_v20 = _t34;
				_v46 = 0x1039;
				_v16 = _t31;
				_v12 = _a4;
				_t17 = E01377D50();
				_t32 = _t30;
				_t35 = _t33;
				if(_t17 == 0) {
					_t18 = 0x7ffe0380;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v52);
				_push(0xc);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E0139B640(E01399AE0(), _t24, _v8 ^ _t36, _t29, _t32, _t35);
			}





















                            0x0141129a
                            0x0141129a
                            0x014112a9
                            0x014112b3
                            0x014112b8
                            0x014112ba
                            0x014112c4
                            0x014112ca
                            0x014112d1
                            0x014112d4
                            0x014112d7
                            0x014112dc
                            0x014112dd
                            0x014112e0
                            0x014112f2
                            0x014112e2
                            0x014112eb
                            0x014112eb
                            0x014112fd
                            0x014112fe
                            0x01411300
                            0x01411305
                            0x01411318

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 376a4c9049fe145a9ea0bc926ba046b6bab181e5b33e9b1ff53149c59360fe56
                            • Instruction ID: 445990a6d2f7849c28989ecdc28f12c0aaabef294a189419baf89d935ecfcd9f
                            • Opcode Fuzzy Hash: 376a4c9049fe145a9ea0bc926ba046b6bab181e5b33e9b1ff53149c59360fe56
                            • Instruction Fuzzy Hash: 8A018471A00259ABDB10EFA9D805FAFBBB8EF54704F00406AF905EB390D674D900C794
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 01411751 Relevance: .0, Instructions: 46COMMON
                            Download Yara Rule
                            C-Code - Quality: 63%
                            			E01411751(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				short _v46;
				char _v52;
				void* __edi;
				void* __esi;
				void* _t17;
				signed char* _t18;
				intOrPtr _t24;
				void* _t30;
				intOrPtr _t31;
				intOrPtr _t32;
				void* _t33;
				intOrPtr _t34;
				intOrPtr _t35;
				signed int _t36;

				_t29 = __edx;
				_t24 = __ebx;
				_v8 =  *0x144d360 ^ _t36;
				_t31 = __edx;
				_t34 = __ecx;
				E0139FA60( &_v52, 0, 0x2c);
				_v20 = _t34;
				_v46 = 0x103a;
				_v16 = _t31;
				_v12 = _a4;
				_t17 = E01377D50();
				_t32 = _t30;
				_t35 = _t33;
				if(_t17 == 0) {
					_t18 = 0x7ffe0380;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v52);
				_push(0xc);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E0139B640(E01399AE0(), _t24, _v8 ^ _t36, _t29, _t32, _t35);
			}





















                            0x01411751
                            0x01411751
                            0x01411760
                            0x0141176a
                            0x0141176f
                            0x01411771
                            0x0141177b
                            0x01411781
                            0x01411788
                            0x0141178b
                            0x0141178e
                            0x01411793
                            0x01411794
                            0x01411797
                            0x014117a9
                            0x01411799
                            0x014117a2
                            0x014117a2
                            0x014117b4
                            0x014117b5
                            0x014117b7
                            0x014117bc
                            0x014117cf

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 0c31dc5b39dd96eec0bca9688cda8a51958d3638461d6a4f1b791724d51e4f02
                            • Instruction ID: 1187f802307e97c222d8d74e6a601274bfcec0dc216a58adcc5b45646b7291b1
                            • Opcode Fuzzy Hash: 0c31dc5b39dd96eec0bca9688cda8a51958d3638461d6a4f1b791724d51e4f02
                            • Instruction Fuzzy Hash: 6E018475E00218ABDB10EBA9D805FAFBBB8EF94704F04406AF915EB390EA749901C794
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 01428966 Relevance: .0, Instructions: 46COMMON
                            Download Yara Rule
                            C-Code - Quality: 55%
                            			E01428966(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				short _v62;
				char _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed char* _t21;
				signed int _t35;

				_t32 = __edx;
				_v8 =  *0x144d360 ^ _t35;
				_t34 = _a8;
				_t33 = _a12;
				_v28 = _a4;
				_v62 = 0x1c24;
				_v36 = __ecx;
				_v32 = __edx;
				_v24 = _a8;
				_v20 = _a12;
				_v16 = _a16;
				if(E01377D50() == 0) {
					_t21 = 0x7ffe0386;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v68);
				_push(0x18);
				_push(0x403);
				_push( *_t21 & 0x000000ff);
				return E0139B640(E01399AE0(), 0x1c24, _v8 ^ _t35, _t32, _t33, _t34);
			}

















                            0x01428966
                            0x01428975
                            0x0142897d
                            0x01428986
                            0x01428989
                            0x0142898f
                            0x01428993
                            0x01428996
                            0x01428999
                            0x0142899c
                            0x0142899f
                            0x014289a9
                            0x014289bb
                            0x014289ab
                            0x014289b4
                            0x014289b4
                            0x014289c6
                            0x014289c7
                            0x014289c9
                            0x014289ce
                            0x014289e4

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: c97ce8689ee90a7a401e2e52706a7596395dd691a4d1a4675666d5b4be453ba8
                            • Instruction ID: d64f9e1f9e687b001e58b6c2cc703c4e595379532eea4a8b778a225d3b346c8d
                            • Opcode Fuzzy Hash: c97ce8689ee90a7a401e2e52706a7596395dd691a4d1a4675666d5b4be453ba8
                            • Instruction Fuzzy Hash: A9014CB1E0021DAFDB00DFA9D8419AEB7F8FF58304F10445AE901E7350D774AA00CBA4
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 014289E7 Relevance: .0, Instructions: 44COMMON
                            Download Yara Rule
                            C-Code - Quality: 54%
                            			E014289E7(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				short _v66;
				char _v72;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed char* _t18;
				signed int _t32;

				_t29 = __edx;
				_v12 =  *0x144d360 ^ _t32;
				_t31 = _a8;
				_t30 = _a12;
				_v66 = 0x1c21;
				_v40 = __ecx;
				_v36 = __edx;
				_v32 = _a4;
				_v28 = _a8;
				_v24 = _a12;
				if(E01377D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v72);
				_push(0x14);
				_push(0x403);
				_push( *_t18 & 0x000000ff);
				return E0139B640(E01399AE0(), 0x1c21, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                            0x014289e7
                            0x014289f6
                            0x014289fe
                            0x01428a07
                            0x01428a0a
                            0x01428a0e
                            0x01428a11
                            0x01428a14
                            0x01428a17
                            0x01428a1a
                            0x01428a24
                            0x01428a36
                            0x01428a26
                            0x01428a2f
                            0x01428a2f
                            0x01428a41
                            0x01428a42
                            0x01428a44
                            0x01428a49
                            0x01428a5f

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 2f0a245a9d0413b755853b936b39509200f710baa488a78c1bdcbdba389e9157
                            • Instruction ID: ecce86c053d822e6db58b6a4e7cea19dff202069e005ae322e6006712ba110d5
                            • Opcode Fuzzy Hash: 2f0a245a9d0413b755853b936b39509200f710baa488a78c1bdcbdba389e9157
                            • Instruction Fuzzy Hash: AC017171A0021D9FDB00DFA8D9419AEBBF8EF58310F50405AF900E7350D634AA01CBA0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0135B1E1 Relevance: .0, Instructions: 42COMMON
                            Download Yara Rule
                            C-Code - Quality: 100%
                            			E0135B1E1(intOrPtr __ecx, char __edx, char _a4, signed short* _a8) {
				signed char* _t13;
				intOrPtr _t22;
				char _t23;

				_t23 = __edx;
				_t22 = __ecx;
				if(E01377D50() != 0) {
					_t13 = ( *[fs:0x30])[0x50] + 0x22a;
				} else {
					_t13 = 0x7ffe0384;
				}
				if( *_t13 != 0) {
					_t13 =  *[fs:0x30];
					if((_t13[0x240] & 0x00000004) == 0) {
						goto L3;
					}
					if(E01377D50() == 0) {
						_t13 = 0x7ffe0385;
					} else {
						_t13 = ( *[fs:0x30])[0x50] + 0x22b;
					}
					if(( *_t13 & 0x00000020) == 0) {
						goto L3;
					}
					return E013D7016(0x14a4, _t22, _t23, _a4, _a8, 0);
				} else {
					L3:
					return _t13;
				}
			}






                            0x0135b1e8
                            0x0135b1ea
                            0x0135b1f3
                            0x013b4a17
                            0x0135b1f9
                            0x0135b1f9
                            0x0135b1f9
                            0x0135b201
                            0x013b4a21
                            0x013b4a2e
                            0x00000000
                            0x00000000
                            0x013b4a3b
                            0x013b4a4d
                            0x013b4a3d
                            0x013b4a46
                            0x013b4a46
                            0x013b4a55
                            0x00000000
                            0x00000000
                            0x00000000
                            0x0135b20a
                            0x0135b20a
                            0x0135b20a
                            0x0135b20a

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                            • Instruction ID: 2c16093f04fd8972ee59d0b511f5b865d319917759a567f8252930a756b52950
                            • Opcode Fuzzy Hash: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                            • Instruction Fuzzy Hash: 2001A9322005849BE332975DC848FA9BF99EF5179CF094061FE158BAB2E679C800C329
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 01411229 Relevance: .0, Instructions: 42COMMON
                            Download Yara Rule
                            C-Code - Quality: 59%
                            			E01411229(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				short _v42;
				char _v48;
				void* __edi;
				void* __esi;
				signed char* _t16;
				intOrPtr _t22;
				signed int _t24;
				intOrPtr _t29;
				void* _t30;
				intOrPtr _t31;
				intOrPtr _t32;
				signed int _t33;

				_t29 = __edx;
				_v8 =  *0x144d360 ^ _t33;
				_t32 = __ecx;
				_t30 =  &_v48;
				_t24 = 0xa;
				memset(_t30, 0, _t24 << 2);
				_t31 = _t30 + _t24;
				_v16 = _t32;
				_v42 = 0x1036;
				_v12 = _t29;
				if(E01377D50() == 0) {
					_t16 = 0x7ffe0380;
				} else {
					_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v48);
				_push(8);
				_push(0x20402);
				_push( *_t16 & 0x000000ff);
				return E0139B640(E01399AE0(), _t22, _v8 ^ _t33, _t29, _t31, _t32);
			}


















                            0x01411229
                            0x01411238
                            0x0141123d
                            0x0141123f
                            0x01411246
                            0x01411247
                            0x01411247
                            0x0141124e
                            0x01411251
                            0x01411255
                            0x0141125f
                            0x01411271
                            0x01411261
                            0x0141126a
                            0x0141126a
                            0x0141127c
                            0x0141127d
                            0x0141127f
                            0x01411284
                            0x01411299

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 2236594e7bc278d5fc4430688c3286465f0a928ddbb3e7f57c39ab826463ee51
                            • Instruction ID: 4fc100489b4f4c6ab2f5d5b51cb4831841ab3e95f39bd387e8f1c71f0378264e
                            • Opcode Fuzzy Hash: 2236594e7bc278d5fc4430688c3286465f0a928ddbb3e7f57c39ab826463ee51
                            • Instruction Fuzzy Hash: C801A472E00218AFDB14DBFDD805AEFB7B8EF54710F00809AE911FB290EA7499018790
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 01351480 Relevance: .0, Instructions: 42COMMON
                            Download Yara Rule
                            C-Code - Quality: 100%
                            			E01351480(intOrPtr* __ecx, intOrPtr __edx) {
				void* _v8;
				void* _v12;
				char _v16;
				void* _t12;
				intOrPtr* _t18;
				intOrPtr _t23;
				intOrPtr* _t25;

				_v8 = __ecx;
				_t23 = __edx;
				_t12 = E0135187D(__edx, __ecx + 0xe, __ecx,  &_v12, 0,  &_v16,  &_v8);
				if(_t12 >= 0) {
					_t25 = _v8;
					if(_t25 != 0) {
						_t18 = _v12;
						if(_t18 != 0) {
							 *_t18 =  *_t25;
						}
						E013514DE(_t23, _t25);
						_t12 = L013777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t25);
					}
					return _t12;
				}
				return _t12;
			}










                            0x0135148c
                            0x01351493
                            0x013514a2
                            0x013514a9
                            0x013514ac
                            0x013514b1
                            0x013514b3
                            0x013514b8
                            0x013514bc
                            0x013514bc
                            0x013514c2
                            0x013514d3
                            0x013514d3
                            0x00000000
                            0x013514d8
                            0x013514dd

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: cf7d4663d62046aefbf398c2601a6ef7ccf85a2c444bb44e9c472d1d2916286d
                            • Instruction ID: b5cac9c616a71a6e81f500cc5a7119712deed66972bbeed4ced12f6fb9ad4d79
                            • Opcode Fuzzy Hash: cf7d4663d62046aefbf398c2601a6ef7ccf85a2c444bb44e9c472d1d2916286d
                            • Instruction Fuzzy Hash: AAF0AF76B01108ABDB25DA49C840FBEBBBDDF84A04F1541AAAD05F7740DA31AE02C7D0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 014117D2 Relevance: .0, Instructions: 42COMMON
                            Download Yara Rule
                            C-Code - Quality: 59%
                            			E014117D2(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				short _v42;
				char _v48;
				void* __edi;
				void* __esi;
				signed char* _t16;
				intOrPtr _t22;
				signed int _t24;
				intOrPtr _t29;
				void* _t30;
				intOrPtr _t31;
				intOrPtr _t32;
				signed int _t33;

				_t29 = __edx;
				_v8 =  *0x144d360 ^ _t33;
				_t32 = __ecx;
				_t30 =  &_v48;
				_t24 = 0xa;
				memset(_t30, 0, _t24 << 2);
				_t31 = _t30 + _t24;
				_v16 = _t32;
				_v42 = 0x1038;
				_v12 = _t29;
				if(E01377D50() == 0) {
					_t16 = 0x7ffe0380;
				} else {
					_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v48);
				_push(8);
				_push(0x20402);
				_push( *_t16 & 0x000000ff);
				return E0139B640(E01399AE0(), _t22, _v8 ^ _t33, _t29, _t31, _t32);
			}


















                            0x014117d2
                            0x014117e1
                            0x014117e6
                            0x014117e8
                            0x014117ef
                            0x014117f0
                            0x014117f0
                            0x014117f7
                            0x014117fa
                            0x014117fe
                            0x01411808
                            0x0141181a
                            0x0141180a
                            0x01411813
                            0x01411813
                            0x01411825
                            0x01411826
                            0x01411828
                            0x0141182d
                            0x01411842

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 1f855c8f20e262ed42032a76443dbd01e4472e59c268f2eaff9b546caf2c5ffd
                            • Instruction ID: 6cc61a21036397c39f78cf14664de25e66fae3b6886767a892fae78b8e39d225
                            • Opcode Fuzzy Hash: 1f855c8f20e262ed42032a76443dbd01e4472e59c268f2eaff9b546caf2c5ffd
                            • Instruction Fuzzy Hash: 6C01A432E00258AFDB14DFBDD805AAEB7B9EF54710F00C09AFA11EB290DA7499058791
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 01353591 Relevance: .0, Instructions: 41COMMON
                            Download Yara Rule
                            C-Code - Quality: 70%
                            			E01353591(void* __ecx, intOrPtr __edx, intOrPtr _a4) {
				intOrPtr _v8;
				char _v12;
				char _v20;
				void* __esi;
				void* __ebp;
				void* _t16;
				void* _t19;
				void* _t25;
				intOrPtr _t26;

				_t22 = __edx;
				_t20 = __ecx;
				if(__ecx == 0 || __edx == 0) {
					L7:
					E014288F5(_t19, _t20, _t22, _t25, _t26, __eflags);
					return 0xc000000d;
				}
				_t26 = _a4;
				if(_t26 == 0 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L7;
				}
				_push(0x1e);
				_v12 =  *((intOrPtr*)(_t26 + 0x28));
				_push(8);
				_push( &_v12);
				_v8 = __edx;
				_push( &_v20);
				_push(__ecx);
				_t16 = E01399770();
				if(_t16 >= 0) {
					E0137F0AE(_t26, 1);
					return 0;
				}
				return _t16;
			}












                            0x01353591
                            0x01353591
                            0x0135359c
                            0x013535ea
                            0x013535ea
                            0x00000000
                            0x013535ef
                            0x013535a2
                            0x013535a7
                            0x00000000
                            0x00000000
                            0x013535bb
                            0x013535bd
                            0x013535c3
                            0x013535c5
                            0x013535c9
                            0x013535cc
                            0x013535cd
                            0x013535ce
                            0x013535d5
                            0x013535dc
                            0x00000000
                            0x013535e1
                            0x013535e7

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: d03d260d01ce357f0602aa94a8546785f0ff55cdf9f4f89ff7566860e2396e50
                            • Instruction ID: 44cde25004fcc758083eba5753b534fcb370520246d5f3d63703c20f41aa0c02
                            • Opcode Fuzzy Hash: d03d260d01ce357f0602aa94a8546785f0ff55cdf9f4f89ff7566860e2396e50
                            • Instruction Fuzzy Hash: 2AF04C31A02209DBEB60DB6D8850FAE7BA8FF50B5CF048595DE01D7200DA71D8409394
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0141131B Relevance: .0, Instructions: 36COMMON
                            Download Yara Rule
                            C-Code - Quality: 48%
                            			E0141131B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_v8 =  *0x144d360 ^ _t32;
				_v20 = _a4;
				_v12 = _a8;
				_v24 = __ecx;
				_v16 = __edx;
				_v50 = 0x1021;
				if(E01377D50() == 0) {
					_t18 = 0x7ffe0380;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v56);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E0139B640(E01399AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
			}















                            0x0141131b
                            0x0141132a
                            0x01411330
                            0x01411336
                            0x0141133e
                            0x01411341
                            0x01411344
                            0x0141134f
                            0x01411361
                            0x01411351
                            0x0141135a
                            0x0141135a
                            0x0141136c
                            0x0141136d
                            0x0141136f
                            0x01411374
                            0x01411387

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 6fc3813dafaf138ad1671ce80e1a424ba0b41256d96df54afab3ba3777ece978
                            • Instruction ID: 10083df0ff4602ad09c24cc8d01e630515ae5a07eb91f4e2b9e0a1b3f2f72be9
                            • Opcode Fuzzy Hash: 6fc3813dafaf138ad1671ce80e1a424ba0b41256d96df54afab3ba3777ece978
                            • Instruction Fuzzy Hash: 90013C71E0120DAFDB14EFA9D545AAEB7F4FF18700F00405AB905EB395E634AA00CB94
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 01386B90 Relevance: .0, Instructions: 36COMMON
                            Download Yara Rule
                            C-Code - Quality: 90%
                            			E01386B90(void* __ecx, intOrPtr* _a4) {
				signed int _v8;
				signed int _t11;
				signed int _t12;
				intOrPtr _t19;
				void* _t20;
				intOrPtr* _t21;

				_t21 = _a4;
				_t19 =  *_t21;
				if(_t19 != 0) {
					if(_t19 < 0x1fff) {
						_t19 = _t19 + _t19;
					}
					L3:
					 *_t21 = _t19;
					asm("rdtsc");
					_v8 = 0;
					_t12 = _t11 & _t19 - 0x00000001;
					_t20 = _t19 + _t12;
					if(_t20 == 0) {
						L5:
						return _t12;
					} else {
						goto L4;
					}
					do {
						L4:
						asm("pause");
						_t12 = _v8 + 1;
						_v8 = _t12;
					} while (_t12 < _t20);
					goto L5;
				}
				_t12 =  *( *[fs:0x18] + 0x30);
				if( *((intOrPtr*)(_t12 + 0x64)) == 1) {
					goto L5;
				}
				_t19 = 0x40;
				goto L3;
			}









                            0x01386b96
                            0x01386b99
                            0x01386b9d
                            0x01386be9
                            0x01386beb
                            0x01386beb
                            0x01386bb3
                            0x01386bb3
                            0x01386bb5
                            0x01386bba
                            0x01386bc1
                            0x01386bc3
                            0x01386bc5
                            0x01386be0
                            0x01386be0
                            0x00000000
                            0x00000000
                            0x00000000
                            0x01386bc7
                            0x01386bc7
                            0x01386bd0
                            0x01386bd5
                            0x01386bd6
                            0x01386bd9
                            0x00000000
                            0x01386bc7
                            0x01386ba5
                            0x01386bac
                            0x00000000
                            0x00000000
                            0x01386bae
                            0x00000000

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 81643371c3d383621713f4ac5897031efe5d79de90dbf9db909a2b6cb50fdbef
                            • Instruction ID: 61e3ea998df1bae2e190323a8bbf99221b8c72e1e32a2a2d353f3aabd82b2b18
                            • Opcode Fuzzy Hash: 81643371c3d383621713f4ac5897031efe5d79de90dbf9db909a2b6cb50fdbef
                            • Instruction Fuzzy Hash: F3F049B5A00248DFDB1ADF4AC691AACBBB5EB44318F2440ACE6069B701D6399E00DB40
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 01411608 Relevance: .0, Instructions: 34COMMON
                            Download Yara Rule
                            C-Code - Quality: 46%
                            			E01411608(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t15;
				intOrPtr _t21;
				intOrPtr _t27;
				intOrPtr _t28;
				signed int _t29;

				_t26 = __edx;
				_v8 =  *0x144d360 ^ _t29;
				_v12 = _a4;
				_v20 = __ecx;
				_v16 = __edx;
				_v46 = 0x1024;
				if(E01377D50() == 0) {
					_t15 = 0x7ffe0380;
				} else {
					_t15 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v52);
				_push(0xc);
				_push(0x20402);
				_push( *_t15 & 0x000000ff);
				return E0139B640(E01399AE0(), _t21, _v8 ^ _t29, _t26, _t27, _t28);
			}














                            0x01411608
                            0x01411617
                            0x0141161d
                            0x01411625
                            0x01411628
                            0x0141162b
                            0x01411636
                            0x01411648
                            0x01411638
                            0x01411641
                            0x01411641
                            0x01411653
                            0x01411654
                            0x01411656
                            0x0141165b
                            0x0141166e

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: ea907cec9ea175cf512f968c358ae29b8f240fbdc59cdc225f29cb8787835695
                            • Instruction ID: 151bcb4793c681d71969e76079f373cca46dd135b427a2997dae9e3a2d21af2a
                            • Opcode Fuzzy Hash: ea907cec9ea175cf512f968c358ae29b8f240fbdc59cdc225f29cb8787835695
                            • Instruction Fuzzy Hash: 83F06271E00248EFDB14DFE8D405E6EB7F4EF14700F044059A905EB391E6349900CB94
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0137C577 Relevance: .0, Instructions: 33COMMON
                            Download Yara Rule
                            C-Code - Quality: 100%
                            			E0137C577(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = __ecx;
				_t21 = __ecx;
				if(__ecx == 0 ||  *((char*)(__ecx + 0xdd)) != 0 || E0137C5D5(__ecx, _t19) == 0 ||  *((intOrPtr*)(__ecx + 4)) != 0x13311cc ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					__eflags = _a4;
					if(__eflags != 0) {
						L10:
						E014288F5(_t17, _t18, _t19, _t20, _t21, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags == 0) {
						goto L10;
					}
					goto L9;
				} else {
					return 1;
				}
			}









                            0x0137c577
                            0x0137c57d
                            0x0137c581
                            0x0137c5b5
                            0x0137c5b9
                            0x0137c5ce
                            0x0137c5ce
                            0x0137c5ca
                            0x00000000
                            0x0137c5ca
                            0x0137c5c4
                            0x0137c5c8
                            0x00000000
                            0x00000000
                            0x00000000
                            0x0137c5ad
                            0x00000000
                            0x0137c5af

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 68b970c5f8ad596aecfb24a3f457a9b2c3118e7e20c27f78451886810e7e4078
                            • Instruction ID: 7c6c701b920f07459f48cfb161a3b93ab96ab142b08f6a4c6f25b42592d97d59
                            • Opcode Fuzzy Hash: 68b970c5f8ad596aecfb24a3f457a9b2c3118e7e20c27f78451886810e7e4078
                            • Instruction Fuzzy Hash: 2DF024B2811A97CFE732CB1EC004B217FD89B0473CF446467D40583502C2AECC84CA40
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 01412073 Relevance: .0, Instructions: 32COMMON
                            Download Yara Rule
                            C-Code - Quality: 94%
                            			E01412073(void* __ebx, void* __ecx, void* __edi, void* __eflags) {
				void* __esi;
				signed char _t3;
				signed char _t7;
				void* _t19;

				_t17 = __ecx;
				_t3 = E0140FD22(__ecx);
				_t19 =  *0x144849c - _t3; // 0x0
				if(_t19 == 0) {
					__eflags = _t17 -  *0x1448748; // 0x0
					if(__eflags <= 0) {
						E01411C06();
						_t3 =  *((intOrPtr*)( *[fs:0x30] + 2));
						__eflags = _t3;
						if(_t3 != 0) {
							L5:
							__eflags =  *0x1448724 & 0x00000004;
							if(( *0x1448724 & 0x00000004) == 0) {
								asm("int3");
								return _t3;
							}
						} else {
							_t3 =  *0x7ffe02d4 & 0x00000003;
							__eflags = _t3 - 3;
							if(_t3 == 3) {
								goto L5;
							}
						}
					}
					return _t3;
				} else {
					_t7 =  *0x1448724; // 0x0
					return E01408DF1(__ebx, 0xc0000374, 0x1445890, __edi, __ecx,  !_t7 >> 0x00000002 & 0x00000001,  !_t7 >> 0x00000002 & 0x00000001);
				}
			}







                            0x01412076
                            0x01412078
                            0x0141207d
                            0x01412083
                            0x014120a4
                            0x014120aa
                            0x014120ac
                            0x014120b7
                            0x014120ba
                            0x014120bc
                            0x014120c9
                            0x014120c9
                            0x014120d0
                            0x014120d2
                            0x00000000
                            0x014120d2
                            0x014120be
                            0x014120c3
                            0x014120c5
                            0x014120c7
                            0x00000000
                            0x00000000
                            0x014120c7
                            0x014120bc
                            0x014120d4
                            0x01412085
                            0x01412085
                            0x014120a3
                            0x014120a3

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 63c162bdf7be46b938287208eff331c55a846459986a62ca41383082f8335258
                            • Instruction ID: a2d9cd4379645b6a942bfdfb72c5eb7e74af28061946924debc75089b52ba8aa
                            • Opcode Fuzzy Hash: 63c162bdf7be46b938287208eff331c55a846459986a62ca41383082f8335258
                            • Instruction Fuzzy Hash: 8EF027BE41118A4BEE339B7925116D27F82DB65110B29019BD6509733EC5748893CB10
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0139927A Relevance: .0, Instructions: 32COMMON
                            Download Yara Rule
                            C-Code - Quality: 54%
                            			E0139927A(void* __ecx) {
				signed int _t11;
				void* _t14;

				_t11 = E01374620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x98);
				if(_t11 != 0) {
					E0139FA60(_t11, 0, 0x98);
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *(_t11 + 0x1c) =  *(_t11 + 0x1c) & 0x00000000;
					 *((intOrPtr*)(_t11 + 0x24)) = 1;
					E013992C6(_t11, _t14);
				}
				return _t11;
			}





                            0x01399295
                            0x01399299
                            0x0139929f
                            0x013992aa
                            0x013992ad
                            0x013992ae
                            0x013992af
                            0x013992b0
                            0x013992b4
                            0x013992bb
                            0x013992bb
                            0x013992c5

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                            • Instruction ID: 08abe2756569c5521482e82499222cfdf7b04bb9f14ec6fcd3d6e95d986f115a
                            • Opcode Fuzzy Hash: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                            • Instruction Fuzzy Hash: 3CE09B323405416BEB21AE5DDC84F57775DDF92729F0440BDB5045E242C6EADD0987A4
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0137746D Relevance: .0, Instructions: 31COMMON
                            Download Yara Rule
                            C-Code - Quality: 88%
                            			E0137746D(short* __ebx, void* __ecx, void* __edi, intOrPtr __esi) {
				signed int _t8;
				void* _t10;
				short* _t17;
				void* _t19;
				intOrPtr _t20;
				void* _t21;

				_t20 = __esi;
				_t19 = __edi;
				_t17 = __ebx;
				if( *((char*)(_t21 - 0x25)) != 0) {
					if(__ecx == 0) {
						E0136EB70(__ecx, 0x14479a0);
					} else {
						asm("lock xadd [ecx], eax");
						if((_t8 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(__ecx + 4)));
							E013995D0();
							L013777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t21 - 0x50)));
							_t17 =  *((intOrPtr*)(_t21 - 0x2c));
							_t20 =  *((intOrPtr*)(_t21 - 0x3c));
						}
					}
					L10:
				}
				_t10 = _t19 + _t19;
				if(_t20 >= _t10) {
					if(_t19 != 0) {
						 *_t17 = 0;
						return 0;
					}
				}
				return _t10;
				goto L10;
			}









                            0x0137746d
                            0x0137746d
                            0x0137746d
                            0x01377471
                            0x01377488
                            0x013bf92d
                            0x0137748e
                            0x01377491
                            0x01377495
                            0x013bf937
                            0x013bf93a
                            0x013bf94e
                            0x013bf953
                            0x013bf956
                            0x013bf956
                            0x01377495
                            0x00000000
                            0x01377488
                            0x01377473
                            0x01377478
                            0x0137747d
                            0x01377481
                            0x00000000
                            0x01377481
                            0x0137747d
                            0x0137747a
                            0x00000000

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 6ba676e9ac7c8182310614c3f5af05020e311879319d6b37e5d31b2cc81031c1
                            • Instruction ID: cf5fdb058da6b59b468001c37db3ab74612a0363a74828a88755515f38558649
                            • Opcode Fuzzy Hash: 6ba676e9ac7c8182310614c3f5af05020e311879319d6b37e5d31b2cc81031c1
                            • Instruction Fuzzy Hash: 9EF0BE35904189EADF229B6CC884BFABFB9AF1421CF04021DD951BB561E72DD801C7C5
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0135B540 Relevance: .0, Instructions: 30COMMON
                            Download Yara Rule
                            C-Code - Quality: 92%
                            			E0135B540(intOrPtr _a4) {
				void* __ebp;
				signed int _t9;
				signed int _t10;
				void* _t13;
				intOrPtr _t17;
				void* _t18;
				void* _t19;

				_t17 = _a4;
				if(_t17 == 0) {
					L6:
					return E014288F5(_t13, _t14, _t17, _t18, _t19, __eflags);
				}
				_t9 =  *( *[fs:0x30] + 0xc);
				if( *((char*)(_t9 + 0x28)) == 0) {
					_t10 = _t17 + 4;
					_t14 =  *_t10;
					 *_t10 = 1;
					if( *_t10 != 0) {
						goto L6;
					}
					_t9 = _t10 | 0xffffffff;
					asm("lock xadd [edx], eax");
					if(_t9 == 0) {
						return L013777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)),  *0x14484c4, _t17);
					}
				}
				return _t9;
			}










                            0x0135b548
                            0x0135b54d
                            0x0135b58e
                            0x00000000
                            0x0135b58e
                            0x0135b555
                            0x0135b55c
                            0x0135b560
                            0x0135b564
                            0x0135b564
                            0x0135b568
                            0x00000000
                            0x00000000
                            0x0135b56a
                            0x0135b56d
                            0x0135b571
                            0x00000000
                            0x0135b583
                            0x0135b571
                            0x0135b58b

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: c3bd60a5a1733e0bfc74100728c933726b146a153b67c6d617eb69e4b5498fc0
                            • Instruction ID: b655a6d2a28a0cfb47e36f6a4ea535ae868ddbba78a2a117946e22027e7a4af3
                            • Opcode Fuzzy Hash: c3bd60a5a1733e0bfc74100728c933726b146a153b67c6d617eb69e4b5498fc0
                            • Instruction Fuzzy Hash: 0FF0BE3110058ACFCB6B8B1CC941F25F76AEB51B28F254768F8254B5A6DA20D841C7C0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0135354C Relevance: .0, Instructions: 30COMMON
                            Download Yara Rule
                            C-Code - Quality: 100%
                            			E0135354C(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t16;
				void* _t18;
				void* _t19;
				void* _t20;

				_t17 = __ecx;
				_t20 = __ecx;
				if(__ecx == 0 || E0137C5D5(__ecx, _t18) == 0 ||  *((intOrPtr*)(__ecx + 4)) != 0x1331008 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					__eflags = _a4;
					if(__eflags != 0) {
						L8:
						E014288F5(_t16, _t17, _t18, _t19, _t20, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags != 0) {
						goto L9;
					}
					goto L8;
				} else {
					return 1;
				}
			}









                            0x0135354c
                            0x01353552
                            0x01353556
                            0x013afef1
                            0x013afef5
                            0x013aff06
                            0x013aff06
                            0x013aff0b
                            0x00000000
                            0x013aff0b
                            0x013aff00
                            0x013aff04
                            0x00000000
                            0x00000000
                            0x00000000
                            0x01353589
                            0x00000000
                            0x0135358b

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 5bc7f33f3eef47e1f563ae7ccd785fdc596c5784fbb2e00d7852b36827358f0d
                            • Instruction ID: f53212e1d1063bbedf6735f233471cca1315bb69bdfcc6e82836baf85f9d256d
                            • Opcode Fuzzy Hash: 5bc7f33f3eef47e1f563ae7ccd785fdc596c5784fbb2e00d7852b36827358f0d
                            • Instruction Fuzzy Hash: 7DF08C329116999FD732972CC144F2ABBDCEB01BB8FA54465EA0987913D768D884C790
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0138A44B Relevance: .0, Instructions: 29COMMON
                            Download Yara Rule
                            C-Code - Quality: 100%
                            			E0138A44B(signed int __ecx) {
				intOrPtr _t13;
				signed int _t15;
				signed int* _t16;
				signed int* _t17;

				_t13 =  *0x1447b9c; // 0x0
				_t15 = __ecx;
				_t16 = E01374620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13 + 0xc0000, 8 + __ecx * 4);
				if(_t16 == 0) {
					return 0;
				}
				 *_t16 = _t15;
				_t17 =  &(_t16[2]);
				E0139FA60(_t17, 0, _t15 << 2);
				return _t17;
			}







                            0x0138a44b
                            0x0138a453
                            0x0138a472
                            0x0138a476
                            0x00000000
                            0x0138a493
                            0x0138a47a
                            0x0138a47f
                            0x0138a486
                            0x00000000

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: a01a59eb620c7f905ae7e67c5734df29d6b48ae2a875a5b4c049d7687f075676
                            • Instruction ID: 83ddbf28cb5575d6a62957436fcf36fe72a6015756341fccf1ad5dc6990748a9
                            • Opcode Fuzzy Hash: a01a59eb620c7f905ae7e67c5734df29d6b48ae2a875a5b4c049d7687f075676
                            • Instruction Fuzzy Hash: 9FE092B2A05421ABD7226B1CAC00F66779DDBE4659F094035E604D7224D62CDD02C7E0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0135F358 Relevance: .0, Instructions: 28COMMON
                            Download Yara Rule
                            C-Code - Quality: 79%
                            			E0135F358(void* __ecx, signed int __edx) {
				char _v8;
				signed int _t9;
				void* _t20;

				_push(__ecx);
				_t9 = 2;
				_t20 = 0;
				if(E0138F3D5( &_v8, _t9 * __edx, _t9 * __edx >> 0x20) >= 0 && _v8 != 0) {
					_t20 = E01374620( &_v8,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				}
				return _t20;
			}






                            0x0135f35d
                            0x0135f361
                            0x0135f367
                            0x0135f372
                            0x0135f38c
                            0x0135f38c
                            0x0135f394

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                            • Instruction ID: 9978cdb07dfddafb4083c60a4adfe2b3e7288226285c63cc65b5d38c10d65387
                            • Opcode Fuzzy Hash: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                            • Instruction Fuzzy Hash: 3AE0DF32A42218FBEB71AADD9E05FAABFACDB58E64F000195BE04D7150D564AE00C2D0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 013515C1 Relevance: .0, Instructions: 28COMMON
                            Download Yara Rule
                            C-Code - Quality: 100%
                            			E013515C1(intOrPtr* __ecx, intOrPtr* __edx, intOrPtr _a4) {
				intOrPtr* _t17;

				_t14 = __ecx;
				_t17 = __ecx;
				if(( *(__edx + 2) & 0x00000001) != 0) {
					L5:
					return 0;
				}
				 *__edx =  *__edx + 0xffff;
				if( *__edx != 0) {
					goto L5;
				}
				_t4 = _t17 + 8; // 0x8
				if(__edx != _t4) {
					L013777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __edx);
					_t14 = _t17;
				}
				E01351480(_t14, _a4);
				return 1;
			}




                            0x013515c1
                            0x013515cb
                            0x013515cd
                            0x013515f3
                            0x00000000
                            0x013515f3
                            0x013515d4
                            0x013515d7
                            0x00000000
                            0x00000000
                            0x013515d9
                            0x013515de
                            0x013aef10
                            0x013aef15
                            0x013aef15
                            0x013515e7
                            0x00000000

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: abd4c1e868dd77add1da121991445beedef88028e086df1525fa9b969b472fc7
                            • Instruction ID: c27e1be8a4172bd627770236c4451b2061b9be27f9c3018a28446a5cf3541d8a
                            • Opcode Fuzzy Hash: abd4c1e868dd77add1da121991445beedef88028e086df1525fa9b969b472fc7
                            • Instruction Fuzzy Hash: 92E02B71200186D3CF72AA48C400FB6B7ADEF51B0CF088571ED028B541D670DC42C3D0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 01384710 Relevance: .0, Instructions: 28COMMON
                            Download Yara Rule
                            C-Code - Quality: 100%
                            			E01384710(intOrPtr* _a4) {
				void* _t5;
				intOrPtr _t12;
				intOrPtr* _t14;

				_t5 = E01377D50();
				if(_t5 != 0) {
					_t12 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x10));
					L3:
					 *_a4 = _t12;
					L4:
					return 1;
				}
				if( *0x7ffe0268 == _t5) {
					_t14 = _a4;
					if(E014064FB(_t14) >= 0) {
						goto L4;
					}
					 *_t14 = 1;
					return 0;
				}
				_t12 =  *0x7ffe0264;
				goto L3;
			}






                            0x01384716
                            0x0138471d
                            0x013c6655
                            0x01384735
                            0x01384738
                            0x0138473a
                            0x00000000
                            0x0138473a
                            0x01384729
                            0x013c662d
                            0x013c6639
                            0x00000000
                            0x00000000
                            0x013c6641
                            0x00000000
                            0x013c6641
                            0x0138472f
                            0x00000000

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 0df256ba2b9307f516b5a4f7d47ef3065f2fd7a7a153fc2d55d4bb558cf3f2de
                            • Instruction ID: 9b91612d5341dd8a21e47790d5f64d337d5616b7033dc0432902b8a3af42feab
                            • Opcode Fuzzy Hash: 0df256ba2b9307f516b5a4f7d47ef3065f2fd7a7a153fc2d55d4bb558cf3f2de
                            • Instruction Fuzzy Hash: 95F0E5762043459FCB16EF1AD040AA57BE9EB96368F010069FC528B751E735EC51CB44
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0137E760 Relevance: .0, Instructions: 28COMMON
                            Download Yara Rule
                            C-Code - Quality: 100%
                            			E0137E760(void* __ecx, void* __eflags, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t16;
				void* _t18;
				void* _t19;
				void* _t20;

				_t17 = __ecx;
				_t20 = __ecx;
				if(E0137C5D5(__ecx, _t18) == 0 ||  *((intOrPtr*)(__ecx + 4)) != 0x13311dc ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					__eflags = _a4;
					if(__eflags != 0) {
						L7:
						E014288F5(_t16, _t17, _t18, _t19, _t20, __eflags);
						L8:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags != 0) {
						goto L8;
					}
					goto L7;
				} else {
					return 1;
				}
			}









                            0x0137e760
                            0x0137e766
                            0x0137e76f
                            0x013c4014
                            0x013c4018
                            0x013c4029
                            0x013c4029
                            0x013c402e
                            0x00000000
                            0x013c402e
                            0x013c4023
                            0x013c4027
                            0x00000000
                            0x00000000
                            0x00000000
                            0x0137e795
                            0x00000000
                            0x0137e797

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: e768c3d8c91c1c1f0b2affda30515574be88b4d6df0890a587e39479d8654d1f
                            • Instruction ID: 9fff4f420136e097ca865c91b6593946b174192a15590729681e7bf34458ec72
                            • Opcode Fuzzy Hash: e768c3d8c91c1c1f0b2affda30515574be88b4d6df0890a587e39479d8654d1f
                            • Instruction Fuzzy Hash: BCF0E5719946A4DFE732D72DC054B21FBD89B04B78F04447DD50687522C779DC80C360
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0135B990 Relevance: .0, Instructions: 27COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 43813ccb43d4cd4eba5abca0e17c2f5ec1697c5b64b25aab5ce0cd23bc154d9d
                            • Instruction ID: 9b5416023350f77ffdc0477cf8df80a30fa1bb1905083383384cae0ea24b2f2a
                            • Opcode Fuzzy Hash: 43813ccb43d4cd4eba5abca0e17c2f5ec1697c5b64b25aab5ce0cd23bc154d9d
                            • Instruction Fuzzy Hash: B8E0ED366042045FE3149A09C410F62B7AAFBD0A58F0981A5EA058B395DA71E80483E0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 013E41E8 Relevance: .0, Instructions: 21COMMON
                            Download Yara Rule
                            C-Code - Quality: 82%
                            			E013E41E8(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t5;
				void* _t14;

				_push(8);
				_push(0x14308f0);
				_t5 = E013AD08C(__ebx, __edi, __esi);
				if( *0x14487ec == 0) {
					E0136EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *(_t14 - 4) =  *(_t14 - 4) & 0x00000000;
					if( *0x14487ec == 0) {
						 *0x14487f0 = 0x14487ec;
						 *0x14487ec = 0x14487ec;
						 *0x14487e8 = 0x14487e4;
						 *0x14487e4 = 0x14487e4;
					}
					 *(_t14 - 4) = 0xfffffffe;
					_t5 = L013E4248();
				}
				return E013AD0D1(_t5);
			}





                            0x013e41e8
                            0x013e41ea
                            0x013e41ef
                            0x013e41fb
                            0x013e4206
                            0x013e420b
                            0x013e4216
                            0x013e421d
                            0x013e4222
                            0x013e422c
                            0x013e4231
                            0x013e4231
                            0x013e4236
                            0x013e423d
                            0x013e423d
                            0x013e4247

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: a77c684e28d686e3e8ebab20962c4903292054aef516828a6f68263566ea6049
                            • Instruction ID: 32de2d53058e39c978ccfca819de01de4cdffc603328155b9918669f2facd334
                            • Opcode Fuzzy Hash: a77c684e28d686e3e8ebab20962c4903292054aef516828a6f68263566ea6049
                            • Instruction Fuzzy Hash: F6F01578890702CFEBB0EFE9AD24728BAE4F79831AF50412A9104876A8D73444A4CF01
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0140D380 Relevance: .0, Instructions: 21COMMON
                            Download Yara Rule
                            C-Code - Quality: 100%
                            			E0140D380(void* __ecx, void* __edx, intOrPtr _a4) {
				void* _t5;

				if(_a4 != 0) {
					_t5 = L0135E8B0(__ecx, _a4, 0xfff);
					L013777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
					return _t5;
				}
				return 0xc000000d;
			}




                            0x0140d38a
                            0x0140d39b
                            0x0140d3b1
                            0x00000000
                            0x0140d3b6
                            0x00000000

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                            • Instruction ID: b1c4950593da4a825a5af2e3f0e1372ac5dadb53dacb0db12f8c3972ce8ec2ea
                            • Opcode Fuzzy Hash: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                            • Instruction Fuzzy Hash: 6FE0C231280245FBDB235E88CC00F79BB1ADF50BA5F104032FE085ABE0C6759D92D6C4
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0138A185 Relevance: .0, Instructions: 20COMMON
                            Download Yara Rule
                            C-Code - Quality: 100%
                            			E0138A185() {
				void* __ecx;
				intOrPtr* _t5;

				if( *0x14467e4 >= 0xa) {
					if(_t5 < 0x1446800 || _t5 >= 0x1446900) {
						return L013777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t5);
					} else {
						goto L1;
					}
				} else {
					L1:
					return E01370010(0x14467e0, _t5);
				}
			}





                            0x0138a190
                            0x0138a1a6
                            0x0138a1c2
                            0x00000000
                            0x00000000
                            0x00000000
                            0x0138a192
                            0x0138a192
                            0x0138a19f
                            0x0138a19f

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: f23bd0685407e12c8d3da7e2c8a2a1166b48082a1a6bad744c965c45acaedc0b
                            • Instruction ID: 54e6e638090aca901c1dc996170833a6cbf1f64be560554738e9fe07a097ba36
                            • Opcode Fuzzy Hash: f23bd0685407e12c8d3da7e2c8a2a1166b48082a1a6bad744c965c45acaedc0b
                            • Instruction Fuzzy Hash: 03D02E611712006BF73EB304C818B257212F782B6CF3A080FF2034B9B0EBB888D28208
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 013816E0 Relevance: .0, Instructions: 17COMMON
                            Download Yara Rule
                            C-Code - Quality: 100%
                            			E013816E0(void* __edx, void* __eflags) {
				void* __ecx;
				void* _t3;

				_t3 = E01381710(0x14467e0);
				if(_t3 == 0) {
					_t6 =  *[fs:0x30];
					if( *((intOrPtr*)( *[fs:0x30] + 0x18)) == 0) {
						goto L1;
					} else {
						return E01374620(_t6,  *((intOrPtr*)(_t6 + 0x18)), 0, 0x20);
					}
				} else {
					L1:
					return _t3;
				}
			}





                            0x013816e8
                            0x013816ef
                            0x013816f3
                            0x013816fe
                            0x00000000
                            0x01381700
                            0x0138170d
                            0x0138170d
                            0x013816f2
                            0x013816f2
                            0x013816f2
                            0x013816f2

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 058f1698bd9323a00379d2e9dbbec6baad423fd7006ad422160f9e1f24efbebe
                            • Instruction ID: 8c99b5168e86be6ce43f3fe148340c19950e9b1295b28923760fd8c1c02dc1e2
                            • Opcode Fuzzy Hash: 058f1698bd9323a00379d2e9dbbec6baad423fd7006ad422160f9e1f24efbebe
                            • Instruction Fuzzy Hash: 42D0A931200302ABFA2DBB189804B143652EB90BADF38006CF60B498D0CFB8DCA3E048
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 013D53CA Relevance: .0, Instructions: 16COMMON
                            Download Yara Rule
                            C-Code - Quality: 100%
                            			E013D53CA(void* __ebx) {
				intOrPtr _t7;
				void* _t13;
				void* _t14;
				intOrPtr _t15;
				void* _t16;

				_t13 = __ebx;
				if( *((char*)(_t16 - 0x65)) != 0) {
					E0136EB70(_t14,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					_t7 =  *((intOrPtr*)(_t16 - 0x64));
					_t15 =  *((intOrPtr*)(_t16 - 0x6c));
				}
				if(_t15 != 0) {
					L013777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13, _t15);
					return  *((intOrPtr*)(_t16 - 0x64));
				}
				return _t7;
			}








                            0x013d53ca
                            0x013d53ce
                            0x013d53d9
                            0x013d53de
                            0x013d53e1
                            0x013d53e1
                            0x013d53e6
                            0x013d53f3
                            0x00000000
                            0x013d53f8
                            0x013d53fb

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                            • Instruction ID: 8947ff4bfe809210439dbd54198eb2f20d718cdfd40a4fee263173c4c7fe3b36
                            • Opcode Fuzzy Hash: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                            • Instruction Fuzzy Hash: 4BE08C329446809BCF12DB4CC654F5EBBF9FB44B04F140014A1085B620CA34AC01CB00
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 01359515 Relevance: .0, Instructions: 15COMMON
                            Download Yara Rule
                            C-Code - Quality: 100%
                            			E01359515(void* __ecx) {
				signed int _t6;
				signed int _t7;

				_t7 = _t6 ^ _t6;
				if(__ecx == 0) {
					_t7 = 0xc000000d;
				} else {
					L013777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t7, __ecx);
				}
				return _t7;
			}





                            0x01359518
                            0x0135951c
                            0x01359533
                            0x0135951e
                            0x0135952a
                            0x0135952a
                            0x01359532

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: c0c16d2f1afa17dba0d206c0069360ca6c78a37c15bc0f17052bee8c994bb9e9
                            • Instruction ID: 53fc683d1d89d5b26972b2054b1a68034608d5a1f82535c32322a63405eb733c
                            • Opcode Fuzzy Hash: c0c16d2f1afa17dba0d206c0069360ca6c78a37c15bc0f17052bee8c994bb9e9
                            • Instruction Fuzzy Hash: 23D022322020B0D3CF285A4CB904F63AA09DF80E5CF0A006C3D0983900C0148C03C3E0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 01358410 Relevance: .0, Instructions: 14COMMON
                            Download Yara Rule
                            C-Code - Quality: 86%
                            			E01358410(intOrPtr _a4) {
				void* __ebp;
				intOrPtr _t5;
				void* _t9;
				void* _t11;
				void* _t12;
				void* _t13;

				E013899BC(_t9, _a4, _t11, _t12, _t13);
				_t5 =  *0x14484c4; // 0x0
				return L013777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t5 + 0x200000, _a4);
			}









                            0x01358418
                            0x01358420
                            0x0135843a

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 29a439d312cbdb3c972f25f586f8730acbc6ee323620a14bb30a740111ab4ce7
                            • Instruction ID: 5321e72c020649225c068e86ebbe6ecc966a5c6708355fad3fdd1be87510c650
                            • Opcode Fuzzy Hash: 29a439d312cbdb3c972f25f586f8730acbc6ee323620a14bb30a740111ab4ce7
                            • Instruction Fuzzy Hash: F3D0C732150245ABC711FF4CDD40F157B6DEBA4754F054024B50887662DA35ED61D754
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 013835A1 Relevance: .0, Instructions: 12COMMON
                            Download Yara Rule
                            C-Code - Quality: 100%
                            			E013835A1(void* __eax, void* __ebx, void* __ecx) {
				void* _t6;
				void* _t10;
				void* _t11;

				_t10 = __ecx;
				_t6 = __eax;
				if( *((intOrPtr*)(_t11 - 0x34)) >= 0 && __ebx != 0) {
					 *((intOrPtr*)(__ecx + 0x294)) =  *((intOrPtr*)(__ecx + 0x294)) + 1;
				}
				if( *((char*)(_t11 - 0x1a)) != 0) {
					return E0136EB70(_t10,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				}
				return _t6;
			}






                            0x013835a1
                            0x013835a1
                            0x013835a5
                            0x013835ab
                            0x013835ab
                            0x013835b5
                            0x00000000
                            0x013835c1
                            0x013835b7

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                            • Instruction ID: 02df7b0dcc1015c4c3f19d1305b3d496cd6b248e08f059beb90db4f09d3141f7
                            • Opcode Fuzzy Hash: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                            • Instruction Fuzzy Hash: CCD0A931401385DAEB02FB18C2187683BB6BB00A0CF582465800206B52C33ACA0ED720
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 013DA537 Relevance: .0, Instructions: 11COMMON
                            Download Yara Rule
                            C-Code - Quality: 100%
                            			E013DA537(intOrPtr _a4, intOrPtr _a8) {

				return L01378E10( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a8, _a4);
			}



                            0x013da553

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                            • Instruction ID: b6c79b99f8c6b20641fe8d69e436f1fedc89126ddfbb6e2544511e4c3deed7fa
                            • Opcode Fuzzy Hash: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                            • Instruction Fuzzy Hash: 41C08C33080248BBCB226F85CC00F06BF2AFBA4B60F108410FA080B970C636E970EB84
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 013676E2 Relevance: .0, Instructions: 10COMMON
                            Download Yara Rule
                            C-Code - Quality: 100%
                            			E013676E2(void* __ecx) {
				void* _t5;

				if(__ecx != 0 && ( *(__ecx + 0x20) & 0x00000040) == 0) {
					return L013777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
				}
				return _t5;
			}




                            0x013676e4
                            0x00000000
                            0x013676f8
                            0x013676fd

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                            • Instruction ID: 18f007959206eae855dad659b4ecd261ba180f806ae4ccc31c4ed769832dc56e
                            • Opcode Fuzzy Hash: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                            • Instruction Fuzzy Hash: 2DC08C701411C09AEB2A570CCE24B303A59AB0861DFA8019CAA01094A2C36CAC03C208
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 013836CC Relevance: .0, Instructions: 10COMMON
                            Download Yara Rule
                            C-Code - Quality: 100%
                            			E013836CC(void* __ecx) {

				if(__ecx > 0x7fffffff) {
					return 0;
				} else {
					return E01374620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
				}
			}



                            0x013836d2
                            0x013836e8
                            0x013836d4
                            0x013836e5
                            0x013836e5

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                            • Instruction ID: 1c939ee3d3eb8c6f8b06c62e004c11871e39c9f67340c5fbbf137439546b2640
                            • Opcode Fuzzy Hash: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                            • Instruction Fuzzy Hash: 1FC04C75155540EADA256B288D51B157254B750A79F6406547221455E0D56DAC00D504
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 01384190 Relevance: .0, Instructions: 9COMMON
                            Download Yara Rule
                            C-Code - Quality: 100%
                            			E01384190() {

				if(E01377D50() != 0) {
					return  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x14));
				} else {
					return  *0x7ffe02d0;
				}
			}



                            0x01384197
                            0x013c641c
                            0x0138419d
                            0x013841a2
                            0x013841a2

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 175590c6a7dfeeadbeeb5abb91333881fb225fd9a6b890b8f217439b73e8cc0c
                            • Instruction ID: 3831a8e1d703f28f013389ffd1db150063e5948c34cb817dc9ab3e1831e90059
                            • Opcode Fuzzy Hash: 175590c6a7dfeeadbeeb5abb91333881fb225fd9a6b890b8f217439b73e8cc0c
                            • Instruction Fuzzy Hash: 40C04C757115418FCF15CB2EC284F1577E4B744B49F150890E805DB721E624EC00DA10
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 014287CF Relevance: .0, Instructions: 6COMMON
                            Download Yara Rule
                            C-Code - Quality: 100%
                            			E014287CF(void* __eflags) {

				return E01366600( *((intOrPtr*)( *[fs:0x30] + 0xa0))) & 0xffffff00 | _t5 != 0x00000000;
			}



                            0x014287e5

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 7342938eed41a2186320ed702457316c2ea2c435f83f70e6a7ab4e9bc3603639
                            • Instruction ID: 0e92b3026e2df331035f6fd8f4ad6bcfb3b22b37bba35a8d929f2b737593012f
                            • Opcode Fuzzy Hash: 7342938eed41a2186320ed702457316c2ea2c435f83f70e6a7ab4e9bc3603639
                            • Instruction Fuzzy Hash: 03B01231212941DFC7026F24CB01B5872ADBF016D0F0940B0650085430D7188C10D501
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0139B040 Relevance: .0, Instructions: 4COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 3b0e3b35251ff5445d578cd408f905fa5ee2eeb471421bb7ea99187fe6253e70
                            • Instruction ID: 7662968c850f096112833afbb79046e0526432ce89f48e915ea69cce1867d242
                            • Opcode Fuzzy Hash: 3b0e3b35251ff5445d578cd408f905fa5ee2eeb471421bb7ea99187fe6253e70
                            • Instruction Fuzzy Hash: 149002A5601140538940B19948044065015F7E13453D1C131A04445A0CCAA88859A2A5
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0139A3B0 Relevance: .0, Instructions: 4COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: b9c4c68fb9d982301ef0568174a3dbe138e5677b9fb96271a5331a7a97eb6df6
                            • Instruction ID: 94f368a1123e6ead9d0b7b3a7e53bcf8ae699ef0458445aefff758f5861035a6
                            • Opcode Fuzzy Hash: b9c4c68fb9d982301ef0568174a3dbe138e5677b9fb96271a5331a7a97eb6df6
                            • Instruction Fuzzy Hash: CA90027520144012D5407199844460B5005F7E0345FD1C421E0415594CCA55885AA261
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 01399520 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 43d912fc376f7a268ff491fd66f4dd75ac87cbfbda6761acc120a43de41d8ebf
                            • Instruction ID: a93c495c251a88a79d48eda1f70139c210c48a55ca35888eaa9326fa50752522
                            • Opcode Fuzzy Hash: 43d912fc376f7a268ff491fd66f4dd75ac87cbfbda6761acc120a43de41d8ebf
                            • Instruction Fuzzy Hash: E09002E5201140A28900A2998404B0A4505E7E0245BD1C026E10445A0CC9658855A175
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 01399560 Relevance: .0, Instructions: 4COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 87b04e9f1fd333faaafb25ae144ad83af7e0d93cd42765f7ac749fa712bfd807
                            • Instruction ID: 2d996067f26048ea6392e5d7a9b70aacf2045591b42afad2025f9dd75831107f
                            • Opcode Fuzzy Hash: 87b04e9f1fd333faaafb25ae144ad83af7e0d93cd42765f7ac749fa712bfd807
                            • Instruction Fuzzy Hash: 73900269221000124545A599060450B0445F7D63953D1C025F14065D0CCA6188696361
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 01399540 Relevance: .0, Instructions: 4COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 0f942f18c9fde9a2ebb96488e45148fb6bfb5dcf89e63e668b1cbb07bc2932d4
                            • Instruction ID: 03d984bb0c65e938d9c683cd58307e9618d3023467506f839d4b4171654d6cde
                            • Opcode Fuzzy Hash: 0f942f18c9fde9a2ebb96488e45148fb6bfb5dcf89e63e668b1cbb07bc2932d4
                            • Instruction Fuzzy Hash: 44900269211000134505A59907045070046E7D53953D1C031F1005590CDA6188656161
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 013995F0 Relevance: .0, Instructions: 4COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 3ead69872414abfb44b20184eaf22668a9188108b95e9efae125e1829c09cf54
                            • Instruction ID: ab25438b8bb4b2b4127af065ba8f86e5be6836574b0be73d7d694dc438fb523e
                            • Opcode Fuzzy Hash: 3ead69872414abfb44b20184eaf22668a9188108b95e9efae125e1829c09cf54
                            • Instruction Fuzzy Hash: DD90027520100812D504619948046860005E7D0345FD1C021A6014695EDAA588957171
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 013995D0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 6683bd3c66252e15a09ef172381b7803e8d3693f034600af19c84123245c996e
                            • Instruction ID: 496f8352759ea90c4b9ac57249708138babda1ffcca916d0417a7fa4efa19113
                            • Opcode Fuzzy Hash: 6683bd3c66252e15a09ef172381b7803e8d3693f034600af19c84123245c996e
                            • Instruction Fuzzy Hash: D99002A520200013850571994414616400AE7E0245BD1C031E10045D0DC96588957165
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 01399730 Relevance: .0, Instructions: 4COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: dbd01f0f5a56adcf4f877292662d636e4b9764ca712bbf52654debf7477ddeba
                            • Instruction ID: c272cc491a51a5e63d9b06757df8862cb495ed43f0179a843cc0b16be7b10a22
                            • Opcode Fuzzy Hash: dbd01f0f5a56adcf4f877292662d636e4b9764ca712bbf52654debf7477ddeba
                            • Instruction Fuzzy Hash: E090026560500412D540719954187060015E7D0245FD1D021A0014594DCA998A5976E1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0139A710 Relevance: .0, Instructions: 4COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: ea0b42fb606f21cfd5db0719292248e8d8924f19522e3badc26fdb6a5a56881d
                            • Instruction ID: e5a71748def2486fb726633b4f16a331bdeb7060b4f55b2e96776c4dd05c1a0b
                            • Opcode Fuzzy Hash: ea0b42fb606f21cfd5db0719292248e8d8924f19522e3badc26fdb6a5a56881d
                            • Instruction Fuzzy Hash: 8590027530100062D900A6D95804A4A4105E7F0345BD1D025A4004594CC99488656161
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 01399710 Relevance: .0, Instructions: 4COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 4ba4dbdfd99a4482fe0ddca8fc93d6baed3f6264df90755b0b207c1b7331c99a
                            • Instruction ID: 0a5de8607a59313d9452250f9c6db9a0f1f937675332efeb2ca64d5a163a677e
                            • Opcode Fuzzy Hash: 4ba4dbdfd99a4482fe0ddca8fc93d6baed3f6264df90755b0b207c1b7331c99a
                            • Instruction Fuzzy Hash: 5290027520100412D50065D954086460005E7E0345FD1D021A5014595ECAA588957171
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 01399770 Relevance: .0, Instructions: 4COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: f0d2b92c0e16e8d461c31370b2c29fad83fc240f91d4a853e56f86324cf2d86b
                            • Instruction ID: 3a9343003ec2dd17e3a2e345e254578e9905b573615e509aee74fac48bca3261
                            • Opcode Fuzzy Hash: f0d2b92c0e16e8d461c31370b2c29fad83fc240f91d4a853e56f86324cf2d86b
                            • Instruction Fuzzy Hash: 1490026520504452D50065995408A060005E7D0249FD1D021A10545D5DCA758855B171
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0139A770 Relevance: .0, Instructions: 4COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: ec9c3c0b3eb41351dea25618f1febf94639559bba1123d38bcb2301e538cb5bf
                            • Instruction ID: b8464f817ee4099a2662048d05258341d8ac8f3deb2b0483e68a607055bf4b94
                            • Opcode Fuzzy Hash: ec9c3c0b3eb41351dea25618f1febf94639559bba1123d38bcb2301e538cb5bf
                            • Instruction Fuzzy Hash: 3190027920504452D90065995804A870005E7D0349FD1D421A04145DCDCA948865B161
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 01399760 Relevance: .0, Instructions: 4COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 2defe4c7c3b4a365dcabb5bb52f790609ba2fd929431e994ca2f2f6e557e4d33
                            • Instruction ID: d4e512922752127c0ea9567e905ecaf66216666cf8d7fb2b03ef0ca9841cae39
                            • Opcode Fuzzy Hash: 2defe4c7c3b4a365dcabb5bb52f790609ba2fd929431e994ca2f2f6e557e4d33
                            • Instruction Fuzzy Hash: AB90027520100413D500619955087070005E7D0245FD1D421A0414598DDA9688557161
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 013997A0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 57834b9763e7029aea8b7b623772263ba853843d5a612b8f8ca62e5cb9be5f41
                            • Instruction ID: ae9125098fa97530e646ee4c554eabb5ccf40e7bfdd55a060b6420d472640cb1
                            • Opcode Fuzzy Hash: 57834b9763e7029aea8b7b623772263ba853843d5a612b8f8ca62e5cb9be5f41
                            • Instruction Fuzzy Hash: 4990026530100013D540719954186064005F7E1345FD1D021E0404594CDD55885A6262
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 01399780 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 3ecfc6123e522273461d305c493a9b149267345223058904bfb9ecd9cb40fd29
                            • Instruction ID: dde1471a8cbd9ed192bc54645cffacaaa9dc53adabed34ff9ea904ecd74515e9
                            • Opcode Fuzzy Hash: 3ecfc6123e522273461d305c493a9b149267345223058904bfb9ecd9cb40fd29
                            • Instruction Fuzzy Hash: ED90026D21300012D5807199540860A0005E7D1246FD1D425A0005598CCD55886D6361
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 01399610 Relevance: .0, Instructions: 4COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 1a42bbcc32724b44d1d402ff87b14f6419d190e6226168ae88ee1af514fe0e90
                            • Instruction ID: 59ada7839474b50df84c540b4ace8c1ddab9f4ce878bf8d6471f40380048f96e
                            • Opcode Fuzzy Hash: 1a42bbcc32724b44d1d402ff87b14f6419d190e6226168ae88ee1af514fe0e90
                            • Instruction Fuzzy Hash: 3690027560500812D550719944147460005E7D0345FD1C021A0014694DCB958A5976E1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 01399650 Relevance: .0, Instructions: 4COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: af24c2272f07495016dd60a2517323cf83474a3f0ed6f73107cf0ff03f84d2b5
                            • Instruction ID: a0259ba84dcae226851ac5c47ea0155eebc0d3b67cd0f011a462c3d97fa9aeb3
                            • Opcode Fuzzy Hash: af24c2272f07495016dd60a2517323cf83474a3f0ed6f73107cf0ff03f84d2b5
                            • Instruction Fuzzy Hash: 5090027520504852D54071994404A460015E7D0349FD1C021A00546D4DDA658D59B6A1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 013996D0 Relevance: .0, Instructions: 4COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: e39591569ce95d4d35bc1b06b8376c7a5493cb8e16cb6debca0a24a942c9e236
                            • Instruction ID: 38c14cc1805bb6cfa6a88ded30efa263f502fd057686ccf46a6af730c066a28b
                            • Opcode Fuzzy Hash: e39591569ce95d4d35bc1b06b8376c7a5493cb8e16cb6debca0a24a942c9e236
                            • Instruction Fuzzy Hash: C790027520100852D50061994404B460005E7E0345FD1C026A0114694DCA55C8557561
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 01399910 Relevance: .0, Instructions: 4COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 1c596c04a7f57bda3d8aca91d7e3a7706b5b1e96ff3a7d5057651fdc866196e3
                            • Instruction ID: 1c0fc8f90f71fef4044898cceb9e77513077f69e01c6b939b2823b0f8a843fd5
                            • Opcode Fuzzy Hash: 1c596c04a7f57bda3d8aca91d7e3a7706b5b1e96ff3a7d5057651fdc866196e3
                            • Instruction Fuzzy Hash: 909002B520100412D540719944047460005E7D0345FD1C021A5054594ECA998DD976A5
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 01399950 Relevance: .0, Instructions: 4COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: b27b2de99d4a1cb9f7ed8204fd640c698308f57e5b0f79d3f62e249d5bdf0a26
                            • Instruction ID: 2ece261c3d8ec8a32d7898892a37d887659744529b3250a65054fcb35cb15eec
                            • Opcode Fuzzy Hash: b27b2de99d4a1cb9f7ed8204fd640c698308f57e5b0f79d3f62e249d5bdf0a26
                            • Instruction Fuzzy Hash: EE9002A520140413D540659948046070005E7D0346FD1C021A2054595ECE698C557175
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 013999A0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: e911e0ea68b3cb2ef6e62c73862a6a9ead93e5ef4e91f3e5e4b35d830dbb827d
                            • Instruction ID: 5a18422f4d57f03bed17ca2a505ef2a027309f95189a6ebb2bde94f7e13ab5ca
                            • Opcode Fuzzy Hash: e911e0ea68b3cb2ef6e62c73862a6a9ead93e5ef4e91f3e5e4b35d830dbb827d
                            • Instruction Fuzzy Hash: 279002A534100452D50061994414B060005E7E1345FD1C025E1054594DCA59CC567166
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 013999D0 Relevance: .0, Instructions: 4COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 44e5df8ac57cadd9c25a961925ea11c7f295c139b8369ae8c32533d6b49e8146
                            • Instruction ID: 73b7aa6c6967053ca10a78376b537f1ede65d92cef765f7eb593e78806a551af
                            • Opcode Fuzzy Hash: 44e5df8ac57cadd9c25a961925ea11c7f295c139b8369ae8c32533d6b49e8146
                            • Instruction Fuzzy Hash: 949002A521100052D504619944047060045E7E1245FD1C022A2144594CC9698C656165
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 01399820 Relevance: .0, Instructions: 4COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: a06fe1ee7419c8f01650f32f3177dce3af061f7bb4389ea16a3fe75c55a8d6e2
                            • Instruction ID: 84fb5b2724cbb561cb5551012ad4d792674a286a7a78891ea79e736c26ceb69d
                            • Opcode Fuzzy Hash: a06fe1ee7419c8f01650f32f3177dce3af061f7bb4389ea16a3fe75c55a8d6e2
                            • Instruction Fuzzy Hash: 2490027524100412D541719944046060009F7D0285FD1C022A0414594ECA958A5ABAA1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 01399840 Relevance: .0, Instructions: 4COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 2fd8f58e0ed94699908d68df0d47dbe12c943e42a103f5b5906e7cc5f22a4435
                            • Instruction ID: 05e4943690e4d8695b444e556a5e9bcc8edd4382089702abb7c5c29fe03679e5
                            • Opcode Fuzzy Hash: 2fd8f58e0ed94699908d68df0d47dbe12c943e42a103f5b5906e7cc5f22a4435
                            • Instruction Fuzzy Hash: 15900265242041629945B19944045074006F7E02857D1C022A1404990CC966985AE661
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 013998A0 Relevance: .0, Instructions: 4COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 56fa1d700c4916dd4342d44f501ed3c0a16693ee80399127d9ffa37fec9a1510
                            • Instruction ID: 1b4d198237bc86bc5a2d1e884d0eb0a11c8967db017bf547a6a4e06102521b68
                            • Opcode Fuzzy Hash: 56fa1d700c4916dd4342d44f501ed3c0a16693ee80399127d9ffa37fec9a1510
                            • Instruction Fuzzy Hash: 3090026530100412D502619944146060009E7D1389FD1C022E1414595DCA658957B172
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 013998F0 Relevance: .0, Instructions: 4COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 6674084bfdb629463b912a50ce3a481eb54a8f4e5b0ace861e35eadb8fb1ed39
                            • Instruction ID: d4c201bc3eed226d69a1aa4cc1c545aba42c6a5ba6f0876802be387dc8e4b942
                            • Opcode Fuzzy Hash: 6674084bfdb629463b912a50ce3a481eb54a8f4e5b0ace861e35eadb8fb1ed39
                            • Instruction Fuzzy Hash: B690026560100512D50171994404616000AE7D0285FD1C032A1014595ECE658996B171
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 01399B00 Relevance: .0, Instructions: 4COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 58f994d6c2ffb087be0849c90a8fb43dd09a2f72b82261df6f2320f78949bd8d
                            • Instruction ID: a81e084e1ee71029242cc2d35776b271afa1538b14b444d2f38bffbc423e6e2e
                            • Opcode Fuzzy Hash: 58f994d6c2ffb087be0849c90a8fb43dd09a2f72b82261df6f2320f78949bd8d
                            • Instruction Fuzzy Hash: 9590026524100812D540719984147070006E7D0645FD1C021A0014594DCA56896976F1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 01399A20 Relevance: .0, Instructions: 4COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 3e96a83702c45a0c5f818af5868556e58fd3f3ad4a4e3c3ae6fa8ac459b42751
                            • Instruction ID: b8f2b3f38b17568007c2e454f1a024d356f15ab3cca795d062fd454e79589850
                            • Opcode Fuzzy Hash: 3e96a83702c45a0c5f818af5868556e58fd3f3ad4a4e3c3ae6fa8ac459b42751
                            • Instruction Fuzzy Hash: 8190026560100052854071A988449064005FBE12557D1C131A0988590DC999886966A5
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 01399A10 Relevance: .0, Instructions: 4COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 0c82744ac4b886087432a3380833142ac9c09ba697c096495a58abc32f6a8738
                            • Instruction ID: 47573b6d974d4709c12cf04c130c4f899a3ecb9c6fa85b2d6b0bc5eda6294631
                            • Opcode Fuzzy Hash: 0c82744ac4b886087432a3380833142ac9c09ba697c096495a58abc32f6a8738
                            • Instruction Fuzzy Hash: 2690027520140412D500619948087470005E7D0346FD1C021A5154595ECAA5C8957571
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 01399A00 Relevance: .0, Instructions: 4COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 43189391a6898d69fc30f1b0485778cb590f6af8fa4d2a696d0b8a1d115bdee7
                            • Instruction ID: 40df6918802f75d2d24c19d9436dd745b5634970061fdd3046491bd41a0df48b
                            • Opcode Fuzzy Hash: 43189391a6898d69fc30f1b0485778cb590f6af8fa4d2a696d0b8a1d115bdee7
                            • Instruction Fuzzy Hash: 1B90027520140412D5006199481470B0005E7D0346FD1C021A1154595DCA65885575B1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 01399A50 Relevance: .0, Instructions: 4COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: c05694d23c6bf654b84bbf856854b1de9bb206b5ed683ed4b86001e7bce32124
                            • Instruction ID: 4b02c962cdbb8ea6d31bad3f59c9f16aff86c4f1cd5fc2d60cd90bbfd1493209
                            • Opcode Fuzzy Hash: c05694d23c6bf654b84bbf856854b1de9bb206b5ed683ed4b86001e7bce32124
                            • Instruction Fuzzy Hash: B690026521180052D60065A94C14B070005E7D0347FD1C125A0144594CCD5588656561
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 01399A80 Relevance: .0, Instructions: 4COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 0e02b54868ed43f3e927dfd4ddc2ca09ac260afbc760d25294b89fcd37d9694d
                            • Instruction ID: 5e9250fc2da5d03331b3c95542f744344d57d6d89579f3262f71715f6b8b97db
                            • Opcode Fuzzy Hash: 0e02b54868ed43f3e927dfd4ddc2ca09ac260afbc760d25294b89fcd37d9694d
                            • Instruction Fuzzy Hash: 2890026520144452D54062994804B0F4105E7E1246FD1C029A4146594CCD5588596761
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0139AD30 Relevance: .0, Instructions: 4COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: da34681c5564c9df7a6450e4df16e398e85e469855ce308813d1f5a02cd74796
                            • Instruction ID: 1031297b8a452deb09ad8bb7db24561e346970a83129625adbfb23dc77ddffc1
                            • Opcode Fuzzy Hash: da34681c5564c9df7a6450e4df16e398e85e469855ce308813d1f5a02cd74796
                            • Instruction Fuzzy Hash: CB900275A0500022D540719948146464006F7E0785BD5C021A0504594CCD948A5963E1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 01399FE0 Relevance: .0, Instructions: 4COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 82cd6cb105b8430329311579e6e54c7195aa9394c69db2eb9e6d63425509f316
                            • Instruction ID: fa9c96c46e56876ffea9652a793de3acde6c6777a7ff1b41b14b9273dc0f8777
                            • Opcode Fuzzy Hash: 82cd6cb105b8430329311579e6e54c7195aa9394c69db2eb9e6d63425509f316
                            • Instruction Fuzzy Hash: 8E90027531114412D510619984047060005E7D1245FD1C421A0814598DCAD588957162
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 01399670 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                            • Instruction ID: 0f077137b3b663223475459e74750dc21e6c55fbf826a049b814a3b0df5f39bc
                            • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                            • Instruction Fuzzy Hash:
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 01357CC0 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 198COMMON
                            Download Yara Rule
                            C-Code - Quality: 41%
                            			E01357CC0(intOrPtr* _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				signed int _v20;
				intOrPtr _v24;
				signed int _t60;
				signed int _t65;
				void* _t70;
				void* _t73;
				signed int _t86;
				void* _t92;
				signed int _t94;
				intOrPtr _t101;
				signed int _t102;
				intOrPtr _t103;
				intOrPtr _t104;
				signed int _t105;
				signed int _t115;
				intOrPtr _t116;
				signed char _t117;
				void* _t118;
				intOrPtr* _t120;
				signed int _t121;
				void* _t122;

				_t101 = _a8;
				_t120 = _a4;
				_t121 = 0;
				_t104 = _t101 + 0x2e;
				_v24 = 8;
				_v16 = _t104;
				if( *_t120 == 0) {
					__eflags =  *(_t120 + 2);
					if( *(_t120 + 2) != 0) {
						goto L1;
					}
					__eflags =  *(_t120 + 4);
					if( *(_t120 + 4) != 0) {
						goto L1;
					}
					__eflags =  *(_t120 + 6);
					if( *(_t120 + 6) != 0) {
						goto L1;
					}
					_t117 =  *(_t120 + 0xc) & 0x0000ffff;
					_v20 = _t117 >> 8;
					__eflags = _t117;
					if(_t117 == 0) {
						goto L1;
					}
					_t86 =  *(_t120 + 8) & 0x0000ffff;
					__eflags = _t86;
					if(_t86 != 0) {
						_v12 = 0xffff;
						__eflags = _t86 - _v12;
						if(_t86 != _v12) {
							goto L1;
						}
						__eflags =  *(_t120 + 0xa);
						if( *(_t120 + 0xa) != 0) {
							goto L1;
						}
						__eflags = _t104 - _t101;
						_push( *(_t120 + 0xf) & 0x000000ff);
						_push( *(_t120 + 0xe) & 0x000000ff);
						_push(_v20 & 0x000000ff);
						_t92 = E013A6B30(_t101, _t104 - _t101, "::ffff:0:%u.%u.%u.%u", _t117 & 0x000000ff);
						L29:
						return _t92 + _t101;
					}
					_t94 =  *(_t120 + 0xa) & 0x0000ffff;
					__eflags = _t94;
					if(_t94 == 0) {
						_t118 = 0x13348a4;
						L27:
						_push( *(_t120 + 0xf) & 0x000000ff);
						_push( *(_t120 + 0xe) & 0x000000ff);
						_push(_v20 & 0x000000ff);
						_push( *(_t120 + 0xc) & 0xff);
						_t92 = E013A6B30(_t101, _t104 - _t101, "::%hs%u.%u.%u.%u", _t118);
						goto L29;
					}
					__eflags = _t94 - 0xffff;
					if(_t94 != 0xffff) {
						goto L1;
					}
					_t118 = 0x134d700;
					goto L27;
				}
				L1:
				_t105 = _t121;
				_t60 = _t121;
				_v8 = _t105;
				_v20 = _t60;
				if(( *(_t120 + 8) & 0x0000fffd) == 0) {
					__eflags =  *(_t120 + 0xa) - 0xfe5e;
					if( *(_t120 + 0xa) == 0xfe5e) {
						_v24 = 6;
					}
				}
				_t115 = _t121;
				_t102 = _t60;
				do {
					if( *((intOrPtr*)(_t120 + _t115 * 2)) == _t121) {
						__eflags = _t115 - _t60 + 1 - _v8 - _t102;
						_t60 = _v20;
						if(__eflags <= 0) {
							_t105 = _v8;
						} else {
							_t49 = _t115 + 1; // 0x1
							_t105 = _t49;
							_t102 = _t60;
							_v8 = _t105;
						}
					} else {
						_t13 = _t115 + 1; // 0x1
						_t60 = _t13;
						_v20 = _t60;
					}
					_t115 = _t115 + 1;
				} while (_t115 < _v24);
				_v12 = _t102;
				_t103 = _a8;
				if(_t105 - _t102 > 1) {
					_t65 = _v12;
				} else {
					_t105 = _t121;
					_t65 = _t121;
					_v8 = _t105;
					_v12 = _t65;
				}
				do {
					if(_t121 < _t105) {
						__eflags = _t65 - _t121;
						if(_t65 > _t121) {
							goto L9;
						}
						_push("::");
						_push(_v16 - _t103);
						_push(_t103);
						_t70 = E013A6B30();
						_t105 = _v8;
						_t122 = _t122 + 0xc;
						_t121 = _t105 - 1;
						goto L13;
					}
					L9:
					if(_t121 != 0 && _t121 != _t105) {
						_push(":");
						_push(_v16 - _t103);
						_push(_t103);
						_t73 = E013A6B30();
						_t122 = _t122 + 0xc;
						_t103 = _t103 + _t73;
					}
					_t70 = E013A6B30(_t103, _v16 - _t103, "%x",  *(_t120 + _t121 * 2) & 0x0000ffff);
					_t105 = _v8;
					_t122 = _t122 + 0x10;
					L13:
					_t116 = _v24;
					_t103 = _t103 + _t70;
					_t65 = _v12;
					_t121 = _t121 + 1;
				} while (_t121 < _t116);
				if(_t116 < 8) {
					_push( *(_t120 + 0xf) & 0x000000ff);
					_push( *(_t120 + 0xe) & 0x000000ff);
					_push( *(_t120 + 0xd) & 0x000000ff);
					_t103 = _t103 + E013A6B30(_t103, _v16 - _t103, ":%u.%u.%u.%u",  *(_t120 + 0xc) & 0x000000ff);
				}
				return _t103;
			}



























                            0x01357cc9
                            0x01357cce
                            0x01357cd1
                            0x01357cd3
                            0x01357cd6
                            0x01357cdd
                            0x01357ce3
                            0x013b2bbb
                            0x013b2bbf
                            0x00000000
                            0x00000000
                            0x013b2bc5
                            0x013b2bc9
                            0x00000000
                            0x00000000
                            0x013b2bcf
                            0x013b2bd3
                            0x00000000
                            0x00000000
                            0x013b2bd9
                            0x013b2be2
                            0x013b2be5
                            0x013b2be8
                            0x00000000
                            0x00000000
                            0x013b2bee
                            0x013b2bf2
                            0x013b2bf5
                            0x013b2c74
                            0x013b2c7b
                            0x013b2c7f
                            0x00000000
                            0x00000000
                            0x013b2c85
                            0x013b2c89
                            0x00000000
                            0x00000000
                            0x013b2c4b
                            0x013b2c4d
                            0x013b2c52
                            0x013b2c59
                            0x013b2c65
                            0x013b2c6d
                            0x00000000
                            0x013b2c6d
                            0x013b2bf7
                            0x013b2bfb
                            0x013b2bfe
                            0x013b2c15
                            0x013b2c1a
                            0x013b2c20
                            0x013b2c25
                            0x013b2c2c
                            0x013b2c34
                            0x013b2c3d
                            0x00000000
                            0x013b2c42
                            0x013b2c05
                            0x013b2c08
                            0x00000000
                            0x00000000
                            0x013b2c0e
                            0x00000000
                            0x013b2c0e
                            0x01357ce9
                            0x01357cee
                            0x01357cf0
                            0x01357cf2
                            0x01357cf5
                            0x01357cfc
                            0x013b2c96
                            0x013b2c9a
                            0x013b2ca0
                            0x013b2ca0
                            0x013b2c9a
                            0x01357d02
                            0x01357d04
                            0x01357d06
                            0x01357d0a
                            0x013b2cb6
                            0x013b2cb8
                            0x013b2cbb
                            0x013b2cca
                            0x013b2cbd
                            0x013b2cbd
                            0x013b2cbd
                            0x013b2cc0
                            0x013b2cc2
                            0x013b2cc2
                            0x01357d10
                            0x01357d10
                            0x01357d10
                            0x01357d13
                            0x01357d13
                            0x01357d16
                            0x01357d17
                            0x01357d1e
                            0x01357d23
                            0x01357d29
                            0x01357d9f
                            0x01357d2b
                            0x01357d2b
                            0x01357d2d
                            0x01357d2f
                            0x01357d32
                            0x01357d32
                            0x01357d35
                            0x01357d37
                            0x013b2cd2
                            0x013b2cd4
                            0x00000000
                            0x00000000
                            0x013b2cdd
                            0x013b2ce4
                            0x013b2ce5
                            0x013b2ce6
                            0x013b2ceb
                            0x013b2cee
                            0x013b2cf1
                            0x00000000
                            0x013b2cf1
                            0x01357d3d
                            0x01357d3f
                            0x01357d48
                            0x01357d4f
                            0x01357d50
                            0x01357d51
                            0x01357d56
                            0x01357d59
                            0x01357d59
                            0x01357d73
                            0x01357d78
                            0x01357d7b
                            0x01357d7e
                            0x01357d7e
                            0x01357d81
                            0x01357d83
                            0x01357d86
                            0x01357d87
                            0x01357d8e
                            0x013b2cfd
                            0x013b2d02
                            0x013b2d07
                            0x013b2d21
                            0x013b2d21
                            0x00000000

                            APIs
                            Strings
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID: ___swprintf_l
                            • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                            • API String ID: 48624451-2108815105
                            • Opcode ID: e7e02ff170c4eb2eddb407276345cf03c3e5843b1ba8309f2d9a499c9f6b25e7
                            • Instruction ID: e97ef203e585caf155f4cd696781017ad74dfb3be68c12956aace7f415246b75
                            • Opcode Fuzzy Hash: e7e02ff170c4eb2eddb407276345cf03c3e5843b1ba8309f2d9a499c9f6b25e7
                            • Instruction Fuzzy Hash: 0A61E5A2A00116ABCF51DF9DC880DBEFBF8FB586087508269ED55D7A41E374EE50C7A0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 013540FD Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 195COMMON
                            Download Yara Rule
                            C-Code - Quality: 63%
                            			E013540FD(void* __ecx) {
				signed int _v8;
				char _v548;
				unsigned int _v552;
				unsigned int _v556;
				unsigned int _v560;
				char _v564;
				char _v568;
				void* __ebx;
				void* __edi;
				void* __esi;
				unsigned int _t49;
				signed char _t53;
				unsigned int _t55;
				unsigned int _t56;
				unsigned int _t65;
				unsigned int _t66;
				void* _t68;
				unsigned int _t73;
				unsigned int _t77;
				unsigned int _t85;
				char* _t98;
				unsigned int _t102;
				signed int _t103;
				void* _t105;
				signed int _t107;
				void* _t108;
				void* _t110;
				void* _t111;
				void* _t112;

				_t45 =  *0x144d360 ^ _t107;
				_v8 =  *0x144d360 ^ _t107;
				_t105 = __ecx;
				if( *0x14484d4 == 0) {
					L5:
					return E0139B640(_t45, _t85, _v8 ^ _t107, _t102, _t105, _t106);
				}
				_t85 = 0;
				E0136E9C0(3,  *((intOrPtr*)(__ecx + 0x18)), 0, 0,  &_v564);
				if(( *0x7ffe02d5 & 0x00000003) == 0) {
					_t45 = 0;
				} else {
					_t45 =  *(_v564 + 0x5f) & 0x00000001;
				}
				if(_t45 == 0) {
					_v552 = _t85;
					_t49 = E013542EB(_t105);
					__eflags = _t49;
					if(_t49 != 0) {
						L15:
						_t103 = 2;
						_v552 = _t103;
						L10:
						__eflags = ( *0x7ffe02d5 & 0x0000000c) - 4;
						if(( *0x7ffe02d5 & 0x0000000c) == 4) {
							_t45 = 1;
						} else {
							_t53 = E013541EA(_v564);
							asm("sbb al, al");
							_t45 =  ~_t53 + 1;
							__eflags = _t45;
						}
						__eflags = _t45;
						if(_t45 == 0) {
							_t102 = _t103 | 0x00000040;
							_v552 = _t102;
						}
						__eflags = _t102;
						if(_t102 != 0) {
							L33:
							_push(4);
							_push( &_v552);
							_push(0x22);
							_push(0xffffffff);
							_t45 = E013996C0();
						}
						goto L4;
					}
					_v556 = _t85;
					_t102 =  &_v556;
					_t55 = E0135429E(_t105 + 0x2c, _t102);
					__eflags = _t55;
					if(_t55 >= 0) {
						__eflags = _v556 - _t85;
						if(_v556 == _t85) {
							goto L8;
						}
						_t85 = _t105 + 0x24;
						E013E5720(0x55, 3, "CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions\n", _v556);
						_v560 = 0x214;
						E0139FA60( &_v548, 0, 0x214);
						_t106 =  *0x14484d4;
						_t110 = _t108 + 0x20;
						 *0x144b1e0( *((intOrPtr*)(_t105 + 0x28)),  *((intOrPtr*)(_t105 + 0x18)),  *((intOrPtr*)(_t105 + 0x20)), L"ExecuteOptions",  &_v568,  &_v548,  &_v560, _t85);
						_t65 =  *((intOrPtr*)( *0x14484d4))();
						__eflags = _t65;
						if(_t65 == 0) {
							goto L8;
						}
						_t66 = _v560;
						__eflags = _t66;
						if(_t66 == 0) {
							goto L8;
						}
						__eflags = _t66 - 0x214;
						if(_t66 >= 0x214) {
							goto L8;
						}
						_t68 = (_t66 >> 1) * 2 - 2;
						__eflags = _t68 - 0x214;
						if(_t68 >= 0x214) {
							E0139B75A();
							goto L33;
						}
						_push(_t85);
						 *((short*)(_t107 + _t68 - 0x220)) = 0;
						E013E5720(0x55, 3, "CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database\n",  &_v548);
						_t111 = _t110 + 0x14;
						_t73 = E013A1480( &_v548, L"Execute=1");
						_push(_t85);
						__eflags = _t73;
						if(_t73 == 0) {
							E013E5720(0x55, 3, "CLIENT(ntdll): Processing %ws for patching section protection for %wZ\n",  &_v548);
							_t106 =  &_v548;
							_t98 =  &_v548;
							_t112 = _t111 + 0x14;
							_t77 = _v560 + _t98;
							_v556 = _t77;
							__eflags = _t98 - _t77;
							if(_t98 >= _t77) {
								goto L8;
							} else {
								goto L27;
							}
							do {
								L27:
								_t85 = E013A1150(_t106, 0x20);
								__eflags = _t85;
								if(__eflags != 0) {
									__eflags = 0;
									 *_t85 = 0;
								}
								E013E5720(0x55, 3, "CLIENT(ntdll): Processing section info %ws...\n", _t106);
								_t112 = _t112 + 0x10;
								E013D3E13(_t105, _t106, __eflags);
								__eflags = _t85;
								if(_t85 == 0) {
									goto L8;
								}
								_t41 = _t85 + 2; // 0x2
								_t106 = _t41;
								__eflags = _t106 - _v556;
							} while (_t106 < _v556);
							goto L8;
						}
						_push("CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ\n");
						_push(3);
						_push(0x55);
						E013E5720();
						goto L15;
					}
					L8:
					_t56 = E013541F7(_t105);
					__eflags = _t56;
					if(_t56 != 0) {
						goto L15;
					}
					_t103 = _v552;
					goto L10;
				} else {
					L4:
					 *(_t105 + 0x34) =  *(_t105 + 0x34) | 0x80000000;
					goto L5;
				}
			}
































                            0x0135410d
                            0x0135410f
                            0x0135411c
                            0x0135411e
                            0x01354158
                            0x01354168
                            0x01354168
                            0x01354126
                            0x01354130
                            0x0135413c
                            0x013b04a2
                            0x01354142
                            0x0135414b
                            0x0135414b
                            0x0135414f
                            0x0135416b
                            0x01354171
                            0x01354176
                            0x01354178
                            0x013541d0
                            0x013541d2
                            0x013541d3
                            0x013541a7
                            0x013541ae
                            0x013541b0
                            0x013541db
                            0x013541b2
                            0x013541b8
                            0x013541bf
                            0x013541c1
                            0x013541c1
                            0x013541c1
                            0x013541c3
                            0x013541c5
                            0x013541df
                            0x013541e2
                            0x013541e2
                            0x013541c7
                            0x013541c9
                            0x013b0628
                            0x013b0628
                            0x013b0630
                            0x013b0631
                            0x013b0633
                            0x013b0635
                            0x013b0635
                            0x00000000
                            0x013541c9
                            0x0135417d
                            0x01354183
                            0x01354189
                            0x0135418e
                            0x01354190
                            0x013b04a9
                            0x013b04af
                            0x00000000
                            0x00000000
                            0x013b04b5
                            0x013b04c8
                            0x013b04d5
                            0x013b04e5
                            0x013b04ea
                            0x013b04f6
                            0x013b0518
                            0x013b051e
                            0x013b0520
                            0x013b0522
                            0x00000000
                            0x00000000
                            0x013b0528
                            0x013b052e
                            0x013b0530
                            0x00000000
                            0x00000000
                            0x013b053b
                            0x013b053d
                            0x00000000
                            0x00000000
                            0x013b0545
                            0x013b054c
                            0x013b054e
                            0x013b0623
                            0x00000000
                            0x013b0623
                            0x013b0556
                            0x013b0557
                            0x013b056f
                            0x013b0574
                            0x013b0583
                            0x013b058a
                            0x013b058b
                            0x013b058d
                            0x013b05b5
                            0x013b05c0
                            0x013b05c6
                            0x013b05c8
                            0x013b05cb
                            0x013b05cd
                            0x013b05d3
                            0x013b05d5
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x013b05db
                            0x013b05db
                            0x013b05e3
                            0x013b05e7
                            0x013b05e9
                            0x013b05eb
                            0x013b05ed
                            0x013b05ed
                            0x013b05fa
                            0x013b05ff
                            0x013b0606
                            0x013b060b
                            0x013b060d
                            0x00000000
                            0x00000000
                            0x013b0613
                            0x013b0613
                            0x013b0616
                            0x013b0616
                            0x00000000
                            0x013b061e
                            0x013b058f
                            0x013b0594
                            0x013b0596
                            0x013b0598
                            0x00000000
                            0x013b059d
                            0x01354196
                            0x01354198
                            0x0135419d
                            0x0135419f
                            0x00000000
                            0x00000000
                            0x013541a1
                            0x00000000
                            0x01354151
                            0x01354151
                            0x01354151
                            0x00000000
                            0x01354151

                            Strings
                            • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 013B05AC
                            • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 013B058F
                            • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 013B0566
                            • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 013B04BF
                            • CLIENT(ntdll): Processing section info %ws..., xrefs: 013B05F1
                            • ExecuteOptions, xrefs: 013B050A
                            • Execute=1, xrefs: 013B057D
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                            • API String ID: 0-484625025
                            • Opcode ID: 9e1ca1e5bc75776d07d360eda279b8c0a52675ed7842450b105a5c03d1f6ee26
                            • Instruction ID: eb564af52604c4ed6a621defb747bb633492380cdce01122480bc07dec1051e2
                            • Opcode Fuzzy Hash: 9e1ca1e5bc75776d07d360eda279b8c0a52675ed7842450b105a5c03d1f6ee26
                            • Instruction Fuzzy Hash: 36613C75700219BAEF24DA98DC85FEA77BCEF6471CF040099EA05A7581FA70DB808F64
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 01391CC7 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 193COMMON
                            Download Yara Rule
                            C-Code - Quality: 69%
                            			E01391CC7(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t91;
				intOrPtr _t95;
				short _t96;
				intOrPtr _t104;
				intOrPtr _t111;
				short _t119;
				signed int _t131;
				intOrPtr _t134;
				intOrPtr _t138;
				intOrPtr* _t144;
				intOrPtr _t147;
				intOrPtr* _t149;
				void* _t151;

				_t139 = __edx;
				_push(0x154);
				_push(0x1430348);
				E013AD0E8(__ebx, __edi, __esi);
				 *(_t151 - 0xf0) = __edx;
				_t147 = __ecx;
				 *((intOrPtr*)(_t151 - 0xfc)) = __ecx;
				 *((intOrPtr*)(_t151 - 0xf8)) =  *((intOrPtr*)(_t151 + 8));
				 *((intOrPtr*)(_t151 - 0xe8)) =  *((intOrPtr*)(_t151 + 0xc));
				 *((intOrPtr*)(_t151 - 0xf4)) =  *((intOrPtr*)(_t151 + 0x10));
				 *((intOrPtr*)(_t151 - 0xe4)) = 0;
				 *((intOrPtr*)(_t151 - 0xdc)) = 0;
				 *((intOrPtr*)(_t151 - 0xd8)) = 0;
				 *(_t151 - 0xe0) = 0;
				 *((intOrPtr*)(_t151 - 0x140)) = 0x40;
				E0139FA60(_t151 - 0x13c, 0, 0x3c);
				 *((intOrPtr*)(_t151 - 0x164)) = 0x24;
				 *((intOrPtr*)(_t151 - 0x160)) = 1;
				_t131 = 7;
				memset(_t151 - 0x15c, 0, _t131 << 2);
				_t144 =  *((intOrPtr*)(_t151 - 0xe8));
				_t91 = E01372430(1, _t147, 0,  *((intOrPtr*)(_t151 - 0xf8)), _t144,  *((intOrPtr*)(_t151 - 0xf4)), _t151 - 0xe0, 0, 0);
				_t148 = _t91;
				if(_t91 >= 0) {
					if( *0x1448460 != 0 && ( *(_t151 - 0xe0) & 0x00000001) == 0) {
						_t95 = E01372D50(7, 0, 2,  *((intOrPtr*)(_t151 - 0xfc)), _t151 - 0x140);
						_t148 = _t95;
						if(_t95 < 0) {
							goto L1;
						}
						if( *((intOrPtr*)(_t151 - 0x13c)) == 1) {
							if(( *(_t151 - 0x118) & 0x00000001) == 0) {
								if(( *(_t151 - 0x118) & 0x00000002) != 0) {
									 *(_t151 - 0x120) = 0xfffffffc;
								}
							} else {
								 *(_t151 - 0x120) =  *(_t151 - 0x120) & 0x00000000;
							}
							_t134 =  *((intOrPtr*)(_t151 - 0x114));
							_t96 =  *((intOrPtr*)(_t134 + 0x5c));
							 *((short*)(_t151 - 0xda)) = _t96;
							 *((short*)(_t151 - 0xdc)) = _t96;
							 *((intOrPtr*)(_t151 - 0xd8)) =  *((intOrPtr*)(_t134 + 0x60)) +  *((intOrPtr*)(_t151 - 0x110));
							 *((intOrPtr*)(_t151 - 0xe8)) = _t151 - 0xd0;
							 *((short*)(_t151 - 0xea)) = 0xaa;
							_t104 = E01364720(_t139,  *(_t151 - 0xf0) & 0x0000ffff, _t151 - 0xec, 2, 0);
							_t148 = _t104;
							if(_t104 < 0 || E01369660(_t151 - 0xdc, _t151 - 0xec, 1) == 0) {
								goto L1;
							} else {
								_t149 =  *0x1448460; // 0x7471ff90
								 *0x144b1e0( *(_t151 - 0x120),  *(_t151 - 0xf0), _t151 - 0xe4);
								_t148 =  *_t149();
								 *((intOrPtr*)(_t151 - 0xd4)) = _t148;
								if(_t148 < 0) {
									goto L1;
								}
								_t111 =  *((intOrPtr*)(_t151 - 0xe4));
								if(_t111 == 0xffffffff) {
									L25:
									 *((intOrPtr*)(_t151 - 4)) = 1;
									_t144 =  *0x1448468;
									if(_t144 != 0) {
										 *0x144b1e0(_t111);
										 *_t144();
									}
									 *((intOrPtr*)(_t151 - 4)) = 0xfffffffe;
									goto L1;
								}
								E0136F540(_t151 - 0x164, _t111);
								 *((intOrPtr*)(_t151 - 4)) = 0;
								if( *((intOrPtr*)(_t144 + 4)) != 0) {
									L01372400(_t144);
								}
								_t145 =  *((intOrPtr*)(_t151 - 0xfc));
								_t148 = E01372430(0,  *((intOrPtr*)(_t151 - 0xfc)), 0,  *((intOrPtr*)(_t151 - 0xf8)), _t144,  *((intOrPtr*)(_t151 - 0xf4)), _t151 - 0xe0, 0, 0);
								 *((intOrPtr*)(_t151 - 0xd4)) = _t148;
								if(_t148 < 0) {
									L24:
									 *((intOrPtr*)(_t151 - 4)) = 0xfffffffe;
									_t111 = E013CD704();
									goto L25;
								} else {
									_t148 = E01372D50(7, 0, 2, _t145, _t151 - 0x140);
									 *((intOrPtr*)(_t151 - 0xd4)) = _t148;
									if(_t148 < 0) {
										goto L24;
									}
									if( *((intOrPtr*)(_t151 - 0x13c)) == 1) {
										_t138 =  *((intOrPtr*)(_t151 - 0x114));
										_t119 =  *((intOrPtr*)(_t138 + 0x5c));
										 *((short*)(_t151 - 0xda)) = _t119;
										 *((short*)(_t151 - 0xdc)) = _t119;
										 *((intOrPtr*)(_t151 - 0xd8)) =  *((intOrPtr*)(_t138 + 0x60)) +  *((intOrPtr*)(_t151 - 0x110));
										if(E01369660(_t151 - 0xdc, _t151 - 0xec, 1) == 0) {
											goto L24;
										}
										_t148 = 0xc0150004;
										L23:
										 *((intOrPtr*)(_t151 - 0xd4)) = _t148;
										goto L24;
									}
									_t148 = 0xc0150005;
									goto L23;
								}
							}
						}
						_t148 = 0xc0150005;
					}
				}
				L1:
				return E013AD130(1, _t144, _t148);
			}
















                            0x01391cc7
                            0x01391cc7
                            0x01391ccc
                            0x01391cd1
                            0x01391cd6
                            0x01391cdc
                            0x01391cde
                            0x01391ce7
                            0x01391cf0
                            0x01391cf9
                            0x01391d01
                            0x01391d09
                            0x01391d0f
                            0x01391d15
                            0x01391d1b
                            0x01391d2f
                            0x01391d37
                            0x01391d44
                            0x01391d4c
                            0x01391d55
                            0x01391d68
                            0x01391d78
                            0x01391d7d
                            0x01391d81
                            0x013cd4e3
                            0x013cd509
                            0x013cd50e
                            0x013cd512
                            0x00000000
                            0x00000000
                            0x013cd51e
                            0x013cd531
                            0x013cd543
                            0x013cd545
                            0x013cd545
                            0x013cd533
                            0x013cd533
                            0x013cd533
                            0x013cd54f
                            0x013cd555
                            0x013cd559
                            0x013cd560
                            0x013cd570
                            0x013cd57c
                            0x013cd587
                            0x013cd5a3
                            0x013cd5a8
                            0x013cd5ac
                            0x00000000
                            0x013cd5ce
                            0x013cd5e1
                            0x013cd5e9
                            0x013cd5f1
                            0x013cd5f3
                            0x013cd5fb
                            0x00000000
                            0x00000000
                            0x013cd601
                            0x013cd60a
                            0x013cd6e1
                            0x013cd6e1
                            0x013cd6e4
                            0x013cd6ec
                            0x013cd6f1
                            0x013cd6f7
                            0x013cd6f7
                            0x013cd730
                            0x00000000
                            0x013cd730
                            0x013cd618
                            0x013cd61f
                            0x013cd625
                            0x013cd628
                            0x013cd628
                            0x013cd644
                            0x013cd651
                            0x013cd653
                            0x013cd65b
                            0x013cd6d5
                            0x013cd6d5
                            0x013cd6dc
                            0x00000000
                            0x013cd65d
                            0x013cd670
                            0x013cd672
                            0x013cd67a
                            0x00000000
                            0x00000000
                            0x013cd682
                            0x013cd68b
                            0x013cd691
                            0x013cd695
                            0x013cd69c
                            0x013cd6ac
                            0x013cd6c8
                            0x00000000
                            0x00000000
                            0x013cd6ca
                            0x013cd6cf
                            0x013cd6cf
                            0x00000000
                            0x013cd6cf
                            0x013cd684
                            0x00000000
                            0x013cd684
                            0x013cd65b
                            0x013cd5ac
                            0x013cd520
                            0x013cd520
                            0x013cd4e3
                            0x01391d87
                            0x01391d8e

                            Strings
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID: $$@
                            • API String ID: 0-1194432280
                            • Opcode ID: 81bcf856d32abc11ea17ca6d73afad101e024b08071a824ebd573cb59eab54f3
                            • Instruction ID: c2591a33cc0a6302f11e48ea588c52bfd8cdfea08a4fc1b29ed22783f85bc4ca
                            • Opcode Fuzzy Hash: 81bcf856d32abc11ea17ca6d73afad101e024b08071a824ebd573cb59eab54f3
                            • Instruction Fuzzy Hash: A3810F71D002699BDB31DF98CC44BEEBAB8AF49714F0441EAAA1DB7250D7705E85CFA0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 01388E00 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 126timeCOMMON
                            Download Yara Rule
                            C-Code - Quality: 44%
                            			E01388E00(void* __ecx) {
				signed int _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t32;
				intOrPtr _t35;
				intOrPtr _t43;
				void* _t46;
				intOrPtr _t47;
				void* _t48;
				signed int _t49;
				void* _t50;
				intOrPtr* _t51;
				signed int _t52;
				void* _t53;
				intOrPtr _t55;

				_v8 =  *0x144d360 ^ _t52;
				_t49 = 0;
				_t48 = __ecx;
				_t55 =  *0x1448464; // 0x74720110
				if(_t55 == 0) {
					L9:
					if( !_t49 >= 0) {
						if(( *0x1445780 & 0x00000003) != 0) {
							E013D5510("minkernel\\ntdll\\ldrsnap.c", 0x2b5, "LdrpFindDllActivationContext", 0, "Querying the active activation context failed with status 0x%08lx\n", _t49);
						}
						if(( *0x1445780 & 0x00000010) != 0) {
							asm("int3");
						}
					}
					return E0139B640(_t49, 0, _v8 ^ _t52, _t47, _t48, _t49);
				}
				_t47 =  *((intOrPtr*)(__ecx + 0x18));
				_t43 =  *0x1447984; // 0xe22c00
				if( *((intOrPtr*)( *[fs:0x30] + 0x1f8)) == 0 || __ecx != _t43) {
					_t32 =  *((intOrPtr*)(_t48 + 0x28));
					if(_t48 == _t43) {
						_t50 = 0x5c;
						if( *_t32 == _t50) {
							_t46 = 0x3f;
							if( *((intOrPtr*)(_t32 + 2)) == _t46 &&  *((intOrPtr*)(_t32 + 4)) == _t46 &&  *((intOrPtr*)(_t32 + 6)) == _t50 &&  *((intOrPtr*)(_t32 + 8)) != 0 &&  *((short*)(_t32 + 0xa)) == 0x3a &&  *((intOrPtr*)(_t32 + 0xc)) == _t50) {
								_t32 = _t32 + 8;
							}
						}
					}
					_t51 =  *0x1448464; // 0x74720110
					 *0x144b1e0(_t47, _t32,  &_v12);
					_t49 =  *_t51();
					if(_t49 >= 0) {
						L8:
						_t35 = _v12;
						if(_t35 != 0) {
							if( *((intOrPtr*)(_t48 + 0x48)) != 0) {
								E01389B10( *((intOrPtr*)(_t48 + 0x48)));
								_t35 = _v12;
							}
							 *((intOrPtr*)(_t48 + 0x48)) = _t35;
						}
						goto L9;
					}
					if(_t49 != 0xc000008a) {
						if(_t49 != 0xc000008b && _t49 != 0xc0000089 && _t49 != 0xc000000f && _t49 != 0xc0000204 && _t49 != 0xc0000002) {
							if(_t49 != 0xc00000bb) {
								goto L8;
							}
						}
					}
					if(( *0x1445780 & 0x00000005) != 0) {
						_push(_t49);
						E013D5510("minkernel\\ntdll\\ldrsnap.c", 0x298, "LdrpFindDllActivationContext", 2, "Probing for the manifest of DLL \"%wZ\" failed with status 0x%08lx\n", _t48 + 0x24);
						_t53 = _t53 + 0x1c;
					}
					_t49 = 0;
					goto L8;
				} else {
					goto L9;
				}
			}




















                            0x01388e0f
                            0x01388e16
                            0x01388e19
                            0x01388e1b
                            0x01388e21
                            0x01388e7f
                            0x01388e85
                            0x013c9354
                            0x013c936c
                            0x013c9371
                            0x013c937b
                            0x013c9381
                            0x013c9381
                            0x013c937b
                            0x01388e9d
                            0x01388e9d
                            0x01388e29
                            0x01388e2c
                            0x01388e38
                            0x01388e3e
                            0x01388e43
                            0x01388eb5
                            0x01388eb9
                            0x013c92aa
                            0x013c92af
                            0x013c92e8
                            0x013c92e8
                            0x013c92af
                            0x01388eb9
                            0x01388e45
                            0x01388e53
                            0x01388e5b
                            0x01388e5f
                            0x01388e78
                            0x01388e78
                            0x01388e7d
                            0x01388ec3
                            0x01388ecd
                            0x01388ed2
                            0x01388ed2
                            0x01388ec5
                            0x01388ec5
                            0x00000000
                            0x01388e7d
                            0x01388e67
                            0x01388ea4
                            0x013c931a
                            0x00000000
                            0x00000000
                            0x013c9320
                            0x01388ea4
                            0x01388e70
                            0x013c9325
                            0x013c9340
                            0x013c9345
                            0x013c9345
                            0x01388e76
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000

                            APIs
                            Strings
                            • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 013C932A
                            • minkernel\ntdll\ldrsnap.c, xrefs: 013C933B, 013C9367
                            • Querying the active activation context failed with status 0x%08lx, xrefs: 013C9357
                            • LdrpFindDllActivationContext, xrefs: 013C9331, 013C935D
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID: DebugPrintTimes
                            • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                            • API String ID: 3446177414-3779518884
                            • Opcode ID: ad33c68e2a6ca6e11d60a5765bef36eb7c646d877a73e0f5d0433db151834cd2
                            • Instruction ID: 2d7302f07a7a0b4be2119e9064de9890aec8e8cf335e432f0a9c299cd2207090
                            • Opcode Fuzzy Hash: ad33c68e2a6ca6e11d60a5765bef36eb7c646d877a73e0f5d0433db151834cd2
                            • Instruction Fuzzy Hash: 2C410732A007199FEB36BB1C8849B35B7B5AB4475CF8641E9E90C575D1E770BD80C781
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 01352FB0 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 262timeCOMMON
                            Download Yara Rule
                            C-Code - Quality: 69%
                            			E01352FB0(intOrPtr* _a4) {
				signed int _v8;
				void* _v36;
				void* _v62;
				void* _v68;
				void* _v72;
				signed int _v96;
				void* _v98;
				char _v100;
				void* _v104;
				void* _v108;
				void* _v112;
				void* _v116;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t62;
				intOrPtr _t64;
				signed int* _t83;
				signed int _t84;
				signed int _t88;
				char* _t89;
				char _t93;
				void* _t99;
				signed int* _t102;
				intOrPtr _t103;
				void* _t104;
				signed int* _t107;
				signed int _t108;
				char* _t115;
				signed int _t118;
				signed int _t124;
				void* _t125;
				void* _t126;
				signed int _t127;
				intOrPtr* _t128;
				void* _t135;
				intOrPtr _t137;
				intOrPtr* _t159;
				void* _t160;
				void* _t162;
				intOrPtr* _t164;
				void* _t167;
				signed int* _t168;
				signed int* _t169;
				signed int _t172;
				signed int _t174;

				_t174 = (_t172 & 0xfffffff8) - 0x64;
				_v8 =  *0x144d360 ^ _t174;
				_push(_t125);
				_t159 = _a4;
				if(_t159 == 0) {
					__eflags =  *0x1448748 - 2;
					if( *0x1448748 >= 2) {
						_t64 =  *[fs:0x30];
						__eflags =  *(_t64 + 0xc);
						if( *(_t64 + 0xc) == 0) {
							_push("HEAP: ");
							E0135B150();
						} else {
							E0135B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push("(HeapHandle != NULL)");
						E0135B150();
						__eflags =  *0x1447bc8;
						if(__eflags == 0) {
							_t135 = 2;
							E01412073(_t125, _t135, _t159, __eflags);
						}
					}
					L26:
					_t62 = 0;
					L27:
					_pop(_t160);
					_pop(_t162);
					_pop(_t126);
					return E0139B640(_t62, _t126, _v8 ^ _t174, _t155, _t160, _t162);
				}
				if( *((intOrPtr*)(_t159 + 8)) == 0xddeeddee) {
					_t137 =  *[fs:0x30];
					__eflags = _t159 -  *((intOrPtr*)(_t137 + 0x18));
					if(_t159 ==  *((intOrPtr*)(_t137 + 0x18))) {
						L30:
						_t62 = _t159;
						goto L27;
					}
					_t138 =  *(_t159 + 0x20);
					__eflags =  *(_t159 + 0x20);
					if( *(_t159 + 0x20) != 0) {
						_t155 = _t159;
						E013FCB1E(_t138, _t159, 0, 8, 0);
					}
					E013531B0(_t125, _t159, _t155);
					E0141274F(_t159);
					_t155 = 1;
					E01381249(_t159, 1, 0, 0);
					E0141B581(_t159);
					goto L26;
				}
				if(( *(_t159 + 0x44) & 0x01000000) != 0) {
					_t164 =  *0x1445718; // 0x0
					 *0x144b1e0(_t159);
					_t62 =  *_t164();
					goto L27;
				}
				_t144 =  *((intOrPtr*)(_t159 + 0x58));
				if( *((intOrPtr*)(_t159 + 0x58)) != 0) {
					_t155 = _t159;
					E013FCB1E(_t144, _t159, 0, 8, 0);
				}
				E013531B0(_t125, _t159, _t155);
				if(( *(_t159 + 0x40) & 0x61000000) != 0) {
					__eflags =  *(_t159 + 0x40) & 0x10000000;
					if(( *(_t159 + 0x40) & 0x10000000) != 0) {
						goto L5;
					}
					_t124 = E01413518(_t159);
					__eflags = _t124;
					if(_t124 == 0) {
						goto L30;
					}
					goto L5;
				} else {
					L5:
					if(_t159 ==  *((intOrPtr*)( *[fs:0x30] + 0x18))) {
						goto L30;
					} else {
						_t155 = 1;
						E01381249(_t159, 1, 0, 0);
						_t83 = _t159 + 0x9c;
						_t127 =  *_t83;
						while(_t83 != _t127) {
							_t84 = _t127;
							_t155 =  &_v96;
							_t127 =  *_t127;
							_v96 = _t84 & 0xffff0000;
							_v100 = 0;
							E0138174B( &_v96,  &_v100, 0x8000);
							_t88 = E01377D50();
							__eflags = _t88;
							if(_t88 == 0) {
								_t89 = 0x7ffe0388;
							} else {
								_t89 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
							}
							__eflags =  *_t89;
							if(__eflags != 0) {
								_t155 = _v96;
								E0140FE3F(_t127, _t159, _v96, _v100);
							}
							_t83 = _t159 + 0x9c;
						}
						if( *((char*)(_t159 + 0xda)) == 2) {
							_t93 =  *((intOrPtr*)(_t159 + 0xd4));
						} else {
							_t93 = 0;
						}
						if(_t93 != 0) {
							 *((intOrPtr*)(_t174 + 0x1c)) = _t93;
							_t155 = _t174 + 0x1c;
							 *((intOrPtr*)(_t174 + 0x1c)) = 0;
							E0138174B(_t174 + 0x1c, _t174 + 0x1c, 0x8000);
						}
						_t128 = _t159 + 0x88;
						if( *_t128 != 0) {
							 *((intOrPtr*)(_t174 + 0x24)) = 0;
							_t155 = _t128;
							E0138174B(_t128, _t174 + 0x24, 0x8000);
							 *_t128 = 0;
						}
						if(( *(_t159 + 0x40) & 0x00000001) == 0) {
							 *((intOrPtr*)(_t159 + 0xc8)) = 0;
						}
						goto L16;
						L16:
						_t167 =  *((intOrPtr*)(_t159 + 0xa8)) - 0x10;
						E01353138(_t167);
						if(_t167 != _t159) {
							goto L16;
						} else {
							_t99 = E01377D50();
							_t168 = 0x7ffe0380;
							if(_t99 != 0) {
								_t102 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							} else {
								_t102 = 0x7ffe0380;
							}
							if( *_t102 != 0) {
								_t103 =  *[fs:0x30];
								__eflags =  *(_t103 + 0x240) & 0x00000001;
								if(( *(_t103 + 0x240) & 0x00000001) != 0) {
									_t118 = E01377D50();
									__eflags = _t118;
									if(_t118 != 0) {
										_t168 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
										__eflags = _t168;
									}
									 *((short*)(_t174 + 0x2a)) = 0x1023;
									_push(_t174 + 0x24);
									_push(4);
									_push(0x402);
									_push( *_t168 & 0x000000ff);
									 *((intOrPtr*)(_t174 + 0x54)) = _t159;
									E01399AE0();
								}
							}
							_t104 = E01377D50();
							_t169 = 0x7ffe038a;
							if(_t104 != 0) {
								_t107 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
							} else {
								_t107 = 0x7ffe038a;
							}
							if( *_t107 != 0) {
								_t108 = E01377D50();
								__eflags = _t108;
								if(_t108 != 0) {
									_t169 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
									__eflags = _t169;
								}
								 *((short*)(_t174 + 0x4e)) = 0x1023;
								_push(_t174 + 0x48);
								_push(4);
								_push(0x402);
								_push( *_t169 & 0x000000ff);
								 *((intOrPtr*)(_t174 + 0x78)) = _t159;
								E01399AE0();
							}
							if(E01377D50() != 0) {
								_t115 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
							} else {
								_t115 = 0x7ffe0388;
							}
							if( *_t115 != 0) {
								E0140FDD3(_t159);
							}
							goto L26;
						}
					}
				}
			}


















































                            0x01352fb8
                            0x01352fc2
                            0x01352fc6
                            0x01352fc9
                            0x01352fce
                            0x013afb7d
                            0x013afb84
                            0x013afb8a
                            0x013afb90
                            0x013afb94
                            0x013afbb3
                            0x013afbb8
                            0x013afb96
                            0x013afbab
                            0x013afbb0
                            0x013afbbe
                            0x013afbc3
                            0x013afbc8
                            0x013afbd0
                            0x013afbd8
                            0x013afbd9
                            0x013afbd9
                            0x013afbd0
                            0x013530ea
                            0x013530ea
                            0x013530ec
                            0x013530f0
                            0x013530f1
                            0x013530f2
                            0x013530fd
                            0x013530fd
                            0x01352fdb
                            0x013afbe3
                            0x013afbea
                            0x013afbed
                            0x0135312b
                            0x0135312b
                            0x00000000
                            0x0135312b
                            0x013afbf3
                            0x013afbf8
                            0x013afbfa
                            0x013afc00
                            0x013afc02
                            0x013afc02
                            0x013afc09
                            0x013afc10
                            0x013afc1b
                            0x013afc1c
                            0x013afc23
                            0x00000000
                            0x013afc23
                            0x01352fe8
                            0x013afc2d
                            0x013afc36
                            0x013afc3c
                            0x00000000
                            0x013afc3c
                            0x01352fee
                            0x01352ff5
                            0x013afc47
                            0x013afc49
                            0x013afc49
                            0x01352ffd
                            0x01353009
                            0x013afc53
                            0x013afc5a
                            0x00000000
                            0x00000000
                            0x013afc62
                            0x013afc67
                            0x013afc69
                            0x00000000
                            0x00000000
                            0x00000000
                            0x0135300f
                            0x0135300f
                            0x01353018
                            0x00000000
                            0x0135301e
                            0x01353024
                            0x01353025
                            0x0135302a
                            0x01353030
                            0x01353032
                            0x013afc74
                            0x013afc76
                            0x013afc7a
                            0x013afc81
                            0x013afc8f
                            0x013afc93
                            0x013afc98
                            0x013afc9d
                            0x013afc9f
                            0x013afcb1
                            0x013afca1
                            0x013afcaa
                            0x013afcaa
                            0x013afcb6
                            0x013afcb9
                            0x013afcbf
                            0x013afcc5
                            0x013afcc5
                            0x013afcca
                            0x013afcca
                            0x01353041
                            0x01353100
                            0x01353047
                            0x01353047
                            0x01353047
                            0x0135304b
                            0x0135310b
                            0x0135310f
                            0x0135311c
                            0x01353121
                            0x01353121
                            0x01353051
                            0x01353059
                            0x013afcde
                            0x013afce3
                            0x013afce5
                            0x013afcea
                            0x013afcea
                            0x01353063
                            0x01353075
                            0x01353075
                            0x00000000
                            0x0135307b
                            0x01353081
                            0x01353086
                            0x0135308d
                            0x00000000
                            0x0135308f
                            0x0135308f
                            0x01353094
                            0x013530a0
                            0x013afcfa
                            0x013530a6
                            0x013530a6
                            0x013530a6
                            0x013530ab
                            0x013afd01
                            0x013afd07
                            0x013afd0e
                            0x013afd14
                            0x013afd19
                            0x013afd1b
                            0x013afd26
                            0x013afd26
                            0x013afd26
                            0x013afd2f
                            0x013afd38
                            0x013afd39
                            0x013afd3b
                            0x013afd43
                            0x013afd44
                            0x013afd48
                            0x013afd48
                            0x013afd0e
                            0x013530b1
                            0x013530b6
                            0x013530c2
                            0x013afd5b
                            0x013530c8
                            0x013530c8
                            0x013530c8
                            0x013530cd
                            0x013afd62
                            0x013afd67
                            0x013afd69
                            0x013afd74
                            0x013afd74
                            0x013afd74
                            0x013afd7d
                            0x013afd86
                            0x013afd87
                            0x013afd89
                            0x013afd91
                            0x013afd92
                            0x013afd96
                            0x013afd96
                            0x013530da
                            0x013afda9
                            0x013530e0
                            0x013530e0
                            0x013530e0
                            0x013530e8
                            0x01353131
                            0x01353131
                            0x00000000
                            0x013530e8
                            0x0135308d
                            0x01353018

                            APIs
                            Strings
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID: DebugPrintTimes
                            • String ID: (HeapHandle != NULL)$HEAP: $HEAP[%wZ]:
                            • API String ID: 3446177414-3610490719
                            • Opcode ID: 060d54f7831868a8f1d70ff12d10b2b095aa34147a34fea281e7100a32d7b5ed
                            • Instruction ID: 37a3103f473e5b9bb6f144369535900eaac7db59d980d13474a66ddde9fc04bb
                            • Opcode Fuzzy Hash: 060d54f7831868a8f1d70ff12d10b2b095aa34147a34fea281e7100a32d7b5ed
                            • Instruction Fuzzy Hash: 509131717047419FDB26EB29C854F3ABBA9FF84B8CF004019ED428B681DB34E940CB92
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 01395DBF Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 141timeCOMMON
                            Download Yara Rule
                            C-Code - Quality: 55%
                            			E01395DBF(void* __ebx, signed int __ecx, void* __edx, void* __edi) {
				signed int _v24;
				signed int _v36;
				char _v548;
				char _v552;
				char _v556;
				char* _v560;
				short _v562;
				signed int _v564;
				short _v570;
				char _v572;
				signed int _v580;
				char _v588;
				signed int _v604;
				signed short _v608;
				void* __esi;
				void* __ebp;
				void* _t25;
				signed int* _t27;
				signed int _t39;
				signed int _t42;
				signed int _t54;
				signed char _t56;
				signed int* _t58;
				intOrPtr* _t65;
				signed int _t67;
				void* _t70;
				signed int _t72;
				signed int _t75;
				void* _t77;
				signed int _t80;
				void* _t82;
				signed int _t85;
				signed int _t87;

				_t70 = __edx;
				_push(__ebx);
				_push(__edi);
				_t72 = __ecx;
				_t25 = E013693A0();
				if(_t25 != 0) {
					E01372280(_t25, 0x14479e4);
					_t27 =  *0x144b224; // 0x0
					_t75 =  *_t27;
					__eflags = _t72;
					if(_t72 != 0) {
						__eflags = _t75;
						if(_t75 == 0) {
							goto L13;
						} else {
							_t80 = _t75 - 1;
							goto L7;
						}
					} else {
						__eflags = _t75;
						if(_t75 == 0) {
							E01357470( *0x144b21c, _t75);
						}
						__eflags = _t75 - 0xffffffff;
						if(_t75 == 0xffffffff) {
							L13:
							E0136FFB0(0x14479e4, _t72, 0x14479e4);
							_t65 = 0xe;
							asm("int 0x29");
							_t87 = (_t85 & 0xfffffff8) - 0x224;
							_v24 =  *0x144d360 ^ _t87;
							_t76 = _t65;
							 *0x144b1e0( &_v548, 0x104, _t75, _t82);
							_t67 =  *_t65() + _t33;
							__eflags = _t67;
							if(_t67 != 0) {
								__eflags =  *0x1448484;
								_v560 =  &_v552;
								_v564 = _t67;
								_v562 = 0x208;
								if(__eflags == 0) {
									L24:
									_push( &_v556);
									_push( &_v564);
									E013E34A0(0x14479e4, _t72, _t76, __eflags);
									goto L14;
								} else {
									_t76 = ( *0x1448480 & 0x0000ffff) + 2 + _t67;
									_t42 = E01374620(_t67,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t76);
									_v580 = _t42;
									__eflags = _t42;
									if(_t42 != 0) {
										__eflags = 0;
										_v570 = _t76;
										_v572 = 0;
										E01367B60(_t67,  &_v572, 0x1448480);
										E01367B60(_t67,  &_v580,  &_v572);
										E0136A990(_t67,  &_v588, 0x1334e90);
										L013777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *0x1448484);
										 *0x1448480 = _v608;
										_t54 = _v604;
										 *0x1448484 = _t54;
										 *0x144847c = _t54;
										E013E3DE3(_t67, __eflags);
										goto L24;
									} else {
										_t56 =  *0x1445780; // 0x0
										__eflags = _t56 & 0x00000003;
										if((_t56 & 0x00000003) != 0) {
											_push("Failed to reallocate the system dirs string !\n");
											_push(0);
											_push("LdrpInitializePerUserWindowsDirectory");
											_push(0xc80);
											_push("minkernel\\ntdll\\ldrinit.c");
											E013D5510();
											_t56 =  *0x1445780; // 0x0
											_t87 = _t87 + 0x14;
										}
										__eflags = _t56 & 0x00000010;
										if((_t56 & 0x00000010) != 0) {
											asm("int3");
										}
										_t39 = 0xc0000017;
									}
								}
							} else {
								L14:
								_t39 = 0;
								__eflags = 0;
							}
							_pop(_t77);
							__eflags = _v36 ^ _t87;
							return E0139B640(_t39, 0x14479e4, _v36 ^ _t87, _t70, _t72, _t77);
						} else {
							_t80 = _t75 + 1;
							__eflags = _t80;
							L7:
							_t58 =  *0x144b224; // 0x0
							 *_t58 = _t80;
							__eflags = _t72;
							if(_t72 != 0) {
								__eflags = _t80;
								if(_t80 == 0) {
									E01357470( *0x144b21c, 1);
								}
							}
							_t25 = E0136FFB0(0x14479e4, _t72, 0x14479e4);
							goto L1;
						}
					}
				} else {
					L1:
					return _t25;
				}
			}




































                            0x01395dbf
                            0x01395dc1
                            0x01395dc3
                            0x01395dc4
                            0x01395dc6
                            0x01395dcd
                            0x01395dd9
                            0x01395dde
                            0x01395de3
                            0x01395de5
                            0x01395de7
                            0x01395e23
                            0x01395e25
                            0x00000000
                            0x01395e27
                            0x01395e27
                            0x00000000
                            0x01395e27
                            0x01395de9
                            0x01395de9
                            0x01395deb
                            0x01395df4
                            0x01395df4
                            0x01395df9
                            0x01395dfc
                            0x01395e2a
                            0x01395e2b
                            0x01395e32
                            0x01395e33
                            0x01395e3d
                            0x01395e4a
                            0x01395e5b
                            0x01395e5e
                            0x01395e68
                            0x01395e68
                            0x01395e6a
                            0x013d0041
                            0x013d004c
                            0x013d0055
                            0x013d005a
                            0x013d005f
                            0x013d0130
                            0x013d0134
                            0x013d0139
                            0x013d013a
                            0x00000000
                            0x013d0065
                            0x013d0075
                            0x013d007d
                            0x013d0082
                            0x013d0086
                            0x013d0088
                            0x013d00c5
                            0x013d00c7
                            0x013d00cc
                            0x013d00db
                            0x013d00ea
                            0x013d00f9
                            0x013d010f
                            0x013d0118
                            0x013d011d
                            0x013d0121
                            0x013d0126
                            0x013d012b
                            0x00000000
                            0x013d008a
                            0x013d008a
                            0x013d008f
                            0x013d0091
                            0x013d0093
                            0x013d0098
                            0x013d009a
                            0x013d009f
                            0x013d00a4
                            0x013d00a9
                            0x013d00ae
                            0x013d00b3
                            0x013d00b3
                            0x013d00b6
                            0x013d00b8
                            0x013d00ba
                            0x013d00ba
                            0x013d00bb
                            0x013d00bb
                            0x013d0088
                            0x01395e70
                            0x01395e70
                            0x01395e70
                            0x01395e70
                            0x01395e70
                            0x01395e79
                            0x01395e7a
                            0x01395e84
                            0x01395dfe
                            0x01395dfe
                            0x01395dfe
                            0x01395dff
                            0x01395dff
                            0x01395e04
                            0x01395e06
                            0x01395e08
                            0x01395e0a
                            0x01395e0c
                            0x01395e16
                            0x01395e16
                            0x01395e0c
                            0x01395e1c
                            0x00000000
                            0x01395e1c
                            0x01395dfc
                            0x01395dcf
                            0x01395dcf
                            0x01395dd2
                            0x01395dd2

                            APIs
                            Strings
                            • LdrpInitializePerUserWindowsDirectory, xrefs: 013D009A
                            • Failed to reallocate the system dirs string !, xrefs: 013D0093
                            • minkernel\ntdll\ldrinit.c, xrefs: 013D00A4
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID: DebugPrintTimes
                            • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                            • API String ID: 3446177414-1783798831
                            • Opcode ID: 3cfda4e59c3152da19f175aed6fee118bcc8c3965407f751f675239c5b1b2db8
                            • Instruction ID: 80796e5665690acd17933e2d91be61846ae5aa30ec70018ddb4653a2ce165667
                            • Opcode Fuzzy Hash: 3cfda4e59c3152da19f175aed6fee118bcc8c3965407f751f675239c5b1b2db8
                            • Instruction Fuzzy Hash: 4141F67A910306ABDB32EB6CD844F5B7BECEF44718F04452AF958D7265E770D8008791
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 013577A0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 99COMMON
                            Download Yara Rule
                            C-Code - Quality: 60%
                            			E013577A0(void* __ecx, void* __edx, intOrPtr _a4, char _a8) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				char _t16;
				char _t17;
				char _t21;
				void* _t23;
				char _t28;
				intOrPtr* _t30;
				char _t32;
				intOrPtr _t34;
				void* _t37;
				intOrPtr _t39;
				char _t42;
				signed int _t49;
				signed int _t50;
				void* _t51;

				_t37 = __edx;
				_t50 = _t49 & 0xfffffff8;
				_push(__ecx);
				_t39 = _a4;
				_t30 = _t39 + 0x28;
				_t42 =  *_t30;
				if(_t42 < 0) {
					_t34 =  *[fs:0x18];
					__eflags =  *((intOrPtr*)(_t39 + 0x2c)) -  *((intOrPtr*)(_t34 + 0x24));
					if( *((intOrPtr*)(_t39 + 0x2c)) !=  *((intOrPtr*)(_t34 + 0x24))) {
						while(1) {
							L7:
							__eflags = _t42;
							if(_t42 >= 0) {
								goto L1;
							}
							__eflags = _a8;
							if(_a8 == 0) {
								L19:
								_t17 = 0;
								L3:
								return _t17;
							}
							_t18 =  *((intOrPtr*)(_t39 + 0x34));
							_t36 = _t39 + 0x1c;
							 *((intOrPtr*)(_t18 + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t39 + 0x34)) + 0x14)) + 1;
							asm("lock inc dword [ecx]");
							_t42 =  *_t30;
							__eflags = _t42;
							if(_t42 < 0) {
								L11:
								_t32 = 0;
								__eflags = 0;
								while(1) {
									asm("sbb esi, esi");
									_t47 =  !( ~( *(_t39 + 0x30) & 1)) & 0x014479c8;
									_push( !( ~( *(_t39 + 0x30) & 1)) & 0x014479c8);
									_push(0);
									_push( *((intOrPtr*)(_t39 + 0x18)));
									_t21 = E01399520();
									__eflags = _t21 - 0x102;
									if(_t21 != 0x102) {
										break;
									}
									_t23 = E0139CE00( *_t47,  *((intOrPtr*)(_t47 + 4)), 0xff676980, 0xffffffff);
									_push(_t37);
									_push(_t23);
									E013E5720(0x65, 0, "RTL: Acquire Shared Sem Timeout %d(%I64u secs)\n", _t32);
									E013E5720(0x65, 0, "RTL: Resource at %p\n", _t39);
									_t51 = _t50 + 0x28;
									_t32 = _t32 + 1;
									__eflags = _t32 - 2;
									if(__eflags > 0) {
										_t36 = _t39;
										E013EFFB9(_t32, _t39, _t37, _t39, 0, __eflags);
									}
									_push("RTL: Re-Waiting\n");
									_push(0);
									_push(0x65);
									E013E5720();
									_t50 = _t51 + 0xc;
								}
								_t30 = _t39 + 0x28;
								__eflags = _t21;
								if(_t21 < 0) {
									E013ADF30(_t36, _t37, _t21);
									goto L19;
								}
								_t42 =  *_t30;
								continue;
							}
							_t28 = E013947E7(_t36);
							__eflags = _t28;
							if(_t28 != 0) {
								continue;
							}
							goto L11;
						}
						goto L1;
					}
					asm("lock dec dword [ebx]");
					L2:
					_t17 = 1;
					goto L3;
				}
				L1:
				_t16 = _t42;
				asm("lock cmpxchg [ebx], ecx");
				if(_t16 != _t42) {
					_t42 = _t16;
					goto L7;
				}
				goto L2;
			}





















                            0x013577a0
                            0x013577a5
                            0x013577a8
                            0x013577ac
                            0x013577af
                            0x013577b2
                            0x013577b6
                            0x013577d4
                            0x013577de
                            0x013577e1
                            0x013b28f2
                            0x013b28f2
                            0x013b28f2
                            0x013b28f4
                            0x00000000
                            0x00000000
                            0x013b28fa
                            0x013b28fe
                            0x013b29ae
                            0x013b29ae
                            0x013577cb
                            0x013577d1
                            0x013577d1
                            0x013b2904
                            0x013b2907
                            0x013b290a
                            0x013b290d
                            0x013b2910
                            0x013b2912
                            0x013b2914
                            0x013b291f
                            0x013b291f
                            0x013b291f
                            0x013b2921
                            0x013b292b
                            0x013b292f
                            0x013b2935
                            0x013b2936
                            0x013b2938
                            0x013b293b
                            0x013b2940
                            0x013b2945
                            0x00000000
                            0x00000000
                            0x013b2953
                            0x013b2958
                            0x013b2959
                            0x013b2965
                            0x013b2973
                            0x013b2978
                            0x013b297b
                            0x013b297c
                            0x013b297f
                            0x013b2981
                            0x013b2983
                            0x013b2983
                            0x013b2988
                            0x013b298d
                            0x013b298e
                            0x013b2990
                            0x013b2995
                            0x013b2995
                            0x013b299a
                            0x013b299d
                            0x013b299f
                            0x013b29a9
                            0x00000000
                            0x013b29a9
                            0x013b29a1
                            0x00000000
                            0x013b29a1
                            0x013b2916
                            0x013b291b
                            0x013b291d
                            0x00000000
                            0x00000000
                            0x00000000
                            0x013b291d
                            0x00000000
                            0x013b28f2
                            0x013577e7
                            0x013577c9
                            0x013577c9
                            0x00000000
                            0x013577c9
                            0x013577b8
                            0x013577bb
                            0x013577bd
                            0x013577c3
                            0x013b28f0
                            0x00000000
                            0x013b28f0
                            0x00000000

                            APIs
                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 013B2953
                            Strings
                            • RTL: Resource at %p, xrefs: 013B296B
                            • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 013B295B
                            • RTL: Re-Waiting, xrefs: 013B2988
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                            • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                            • API String ID: 885266447-605551621
                            • Opcode ID: fdf952ba882d3605d8192aff02cbf4c3126f2c221d877ec7cc4defd32c57bffc
                            • Instruction ID: 09fbb46b3b560414c9589a5c8ef7c97d5c34685e888ee100cf8d9701882670cf
                            • Opcode Fuzzy Hash: fdf952ba882d3605d8192aff02cbf4c3126f2c221d877ec7cc4defd32c57bffc
                            • Instruction Fuzzy Hash: FD313075A006367BDB214A19CCC4FA77B68EF11B6DF500314EE585BA81D711BC11C7E1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 01353ACA Relevance: 6.3, APIs: 4, Instructions: 348COMMON
                            Download Yara Rule
                            C-Code - Quality: 69%
                            			E01353ACA(void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t197;
				intOrPtr _t200;
				signed int _t201;
				signed int _t202;
				intOrPtr _t206;
				signed int _t207;
				intOrPtr _t209;
				intOrPtr _t217;
				signed int _t224;
				signed int _t226;
				signed int _t229;
				signed int _t230;
				signed int _t233;
				intOrPtr _t238;
				signed int _t246;
				signed int _t249;
				char* _t252;
				intOrPtr _t257;
				signed int _t272;
				intOrPtr _t280;
				intOrPtr _t281;
				signed char _t286;
				signed int _t291;
				signed int _t292;
				intOrPtr _t299;
				intOrPtr _t301;
				signed int _t307;
				intOrPtr* _t308;
				signed int _t309;
				signed int _t310;
				intOrPtr _t312;
				signed int* _t313;
				intOrPtr _t315;
				signed int _t316;
				void* _t317;

				_push(0x84);
				_push(0x142f4d0);
				E013AD0E8(__ebx, __edi, __esi);
				_t312 = __edx;
				 *((intOrPtr*)(_t317 - 0x38)) = __edx;
				 *((intOrPtr*)(_t317 - 0x20)) = __ecx;
				_t307 = 0;
				 *(_t317 - 0x74) = 0;
				 *((intOrPtr*)(_t317 - 0x78)) = 0;
				_t272 = 0;
				 *(_t317 - 0x60) = 0;
				 *((intOrPtr*)(_t317 - 0x68)) =  *((intOrPtr*)(__ecx + 0x2c)) + __ecx;
				_t197 = __edx + 0x28;
				 *((intOrPtr*)(_t317 - 0x7c)) = _t197;
				 *((intOrPtr*)(_t317 - 0x88)) = _t197;
				E01372280(_t197, _t197);
				_t280 =  *((intOrPtr*)(_t312 + 0x2c));
				 *((intOrPtr*)(_t317 - 0x34)) = _t280;
				L1:
				while(1) {
					if(_t280 == _t312 + 0x2c) {
						E0136FFB0(_t272, _t307,  *((intOrPtr*)(_t317 - 0x7c)));
						asm("sbb ebx, ebx");
						return E013AD130( ~_t272 & 0xc000022d, _t307, _t312);
					}
					_t15 = _t280 - 4; // -4
					_t200 = _t15;
					 *((intOrPtr*)(_t317 - 0x70)) = _t200;
					 *((intOrPtr*)(_t317 - 0x8c)) = _t200;
					 *((intOrPtr*)(_t317 - 0x6c)) = _t200;
					_t308 = 0x7ffe0010;
					_t313 = 0x7ffe03b0;
					goto L4;
					do {
						do {
							do {
								do {
									L4:
									_t201 =  *0x1448628; // 0x0
									 *(_t317 - 0x30) = _t201;
									_t202 =  *0x144862c; // 0x0
									 *(_t317 - 0x44) = _t202;
									 *(_t317 - 0x28) =  *_t313;
									 *(_t317 - 0x58) = _t313[1];
									while(1) {
										_t301 =  *0x7ffe000c;
										_t281 =  *0x7ffe0008;
										__eflags = _t301 -  *_t308;
										if(_t301 ==  *_t308) {
											goto L6;
										}
										asm("pause");
									}
									L6:
									_t313 = 0x7ffe03b0;
									_t309 =  *0x7ffe03b0;
									 *(_t317 - 0x40) = _t309;
									_t206 =  *0x7FFE03B4;
									 *((intOrPtr*)(_t317 - 0x3c)) = _t206;
									__eflags =  *(_t317 - 0x28) - _t309;
									_t308 = 0x7ffe0010;
								} while ( *(_t317 - 0x28) != _t309);
								__eflags =  *(_t317 - 0x58) - _t206;
							} while ( *(_t317 - 0x58) != _t206);
							_t207 =  *0x1448628; // 0x0
							_t310 =  *0x144862c; // 0x0
							 *(_t317 - 0x28) = _t310;
							__eflags =  *(_t317 - 0x30) - _t207;
							_t308 = 0x7ffe0010;
						} while ( *(_t317 - 0x30) != _t207);
						__eflags =  *(_t317 - 0x44) -  *(_t317 - 0x28);
					} while ( *(_t317 - 0x44) !=  *(_t317 - 0x28));
					_t315 =  *((intOrPtr*)(_t317 - 0x6c));
					_t307 = 0;
					_t272 =  *(_t317 - 0x60);
					asm("sbb edx, [ebp-0x3c]");
					asm("sbb edx, eax");
					 *(_t317 - 0x28) = _t281 -  *(_t317 - 0x40) -  *(_t317 - 0x30) + 0x7a120;
					asm("adc edx, edi");
					asm("lock inc dword [esi+0x2c]");
					_t209 =  *((intOrPtr*)(_t317 - 0x20));
					_t286 =  *(_t315 + 0x24) &  *(_t209 + 0x18);
					 *(_t317 - 0x40) = _t286;
					__eflags =  *(_t315 + 0x34);
					if( *(_t315 + 0x34) != 0) {
						L37:
						 *((intOrPtr*)(_t317 - 0x34)) =  *((intOrPtr*)( *((intOrPtr*)(_t317 - 0x34))));
						E0138DF4C(_t317 - 0x78, _t315, _t317 - 0x74, _t317 - 0x78);
						_t316 =  *(_t317 - 0x74);
						__eflags = _t316;
						_t280 =  *((intOrPtr*)(_t317 - 0x34));
						if(_t316 != 0) {
							 *0x144b1e0( *((intOrPtr*)(_t317 - 0x78)));
							 *_t316();
							_t280 =  *((intOrPtr*)(_t317 - 0x34));
						}
						_t312 =  *((intOrPtr*)(_t317 - 0x38));
						continue;
					}
					__eflags = _t286;
					if(_t286 == 0) {
						goto L37;
					}
					 *(_t317 - 0x5c) = _t286;
					_t45 = _t317 - 0x5c;
					 *_t45 =  *(_t317 - 0x5c) & 0x00000001;
					__eflags =  *_t45;
					if( *_t45 == 0) {
						L40:
						__eflags = _t286 & 0xfffffffe;
						if((_t286 & 0xfffffffe) != 0) {
							__eflags =  *((intOrPtr*)(_t315 + 0x64)) - _t307;
							if( *((intOrPtr*)(_t315 + 0x64)) == _t307) {
								L14:
								__eflags =  *(_t315 + 0x40) - _t307;
								if( *(_t315 + 0x40) != _t307) {
									__eflags = _t301 -  *(_t315 + 0x4c);
									if(__eflags > 0) {
										goto L15;
									}
									if(__eflags < 0) {
										L59:
										_t299 =  *((intOrPtr*)(_t317 - 0x20));
										__eflags =  *(_t315 + 0x5c) -  *((intOrPtr*)(_t299 + 0x10));
										if( *(_t315 + 0x5c) >=  *((intOrPtr*)(_t299 + 0x10))) {
											goto L37;
										}
										goto L15;
									}
									__eflags =  *(_t317 - 0x28) -  *(_t315 + 0x48);
									if( *(_t317 - 0x28) >=  *(_t315 + 0x48)) {
										goto L15;
									}
									goto L59;
								}
								L15:
								__eflags =  *((intOrPtr*)(_t317 + 8)) - _t307;
								if( *((intOrPtr*)(_t317 + 8)) != _t307) {
									__eflags =  *((intOrPtr*)(_t315 + 0x58)) - _t307;
									if( *((intOrPtr*)(_t315 + 0x58)) != _t307) {
										goto L16;
									}
									goto L37;
								}
								L16:
								 *(_t317 - 0x24) = _t307;
								 *(_t317 - 0x30) = _t307;
								 *((intOrPtr*)(_t317 - 0x2c)) =  *((intOrPtr*)(_t315 + 0x10));
								_t217 =  *((intOrPtr*)(_t315 + 0xc));
								 *((intOrPtr*)(_t317 - 0x4c)) =  *((intOrPtr*)(_t217 + 0x10));
								 *((intOrPtr*)(_t317 - 0x48)) =  *((intOrPtr*)(_t217 + 0x14));
								 *(_t317 - 0x58) =  *(_t217 + 0x24);
								 *((intOrPtr*)(_t317 - 0x3c)) =  *((intOrPtr*)(_t315 + 0x14));
								 *((intOrPtr*)(_t317 - 0x64)) =  *((intOrPtr*)(_t315 + 0x18));
								 *(_t315 + 0x60) =  *( *[fs:0x18] + 0x24);
								_t224 =  *((intOrPtr*)(_t317 - 0x38)) + 0x28;
								 *(_t317 - 0x94) = _t224;
								_t291 = _t224;
								 *(_t317 - 0x28) = _t291;
								 *(_t317 - 0x90) = _t291;
								E0136FFB0(_t272, _t307, _t224);
								_t292 = _t307;
								 *(_t317 - 0x54) = _t292;
								_t226 = _t307;
								 *(_t317 - 0x50) = _t226;
								 *(_t317 - 0x44) = _t226;
								__eflags =  *(_t315 + 0x28);
								if(__eflags != 0) {
									asm("lock bts dword [eax], 0x0");
									_t229 = 0;
									_t230 = _t229 & 0xffffff00 | __eflags >= 0x00000000;
									 *(_t317 - 0x50) = _t230;
									 *(_t317 - 0x44) = _t230;
									__eflags = _t230;
									if(_t230 != 0) {
										goto L17;
									}
									__eflags =  *((intOrPtr*)(_t317 + 8)) - 1;
									if( *((intOrPtr*)(_t317 + 8)) == 1) {
										E01372280( *(_t315 + 0x28) + 0x10,  *(_t315 + 0x28) + 0x10);
										_t230 = 1;
										 *(_t317 - 0x50) = 1;
										 *(_t317 - 0x44) = 1;
										goto L17;
									}
									_t233 = _t230 + 1;
									L35:
									 *( *((intOrPtr*)(_t317 - 0x70)) + 0x58) = _t233;
									__eflags = _t292;
									if(_t292 == 0) {
										E01372280(_t233,  *(_t317 - 0x28));
									}
									 *(_t315 + 0x60) = _t307;
									goto L37;
								}
								L17:
								__eflags =  *(_t315 + 0x34) - _t307;
								if( *(_t315 + 0x34) != _t307) {
									L26:
									__eflags =  *(_t317 - 0x50);
									if( *(_t317 - 0x50) != 0) {
										_t230 = E0136FFB0(_t272, _t307,  *(_t315 + 0x28) + 0x10);
									}
									__eflags =  *(_t317 - 0x30);
									if( *(_t317 - 0x30) == 0) {
										L71:
										_t292 =  *(_t317 - 0x54);
										L34:
										_t233 = _t307;
										goto L35;
									}
									E01372280(_t230,  *(_t317 - 0x94));
									_t292 = 1;
									 *(_t317 - 0x54) = 1;
									__eflags =  *(_t317 - 0x24) - 0xc000022d;
									if( *(_t317 - 0x24) == 0xc000022d) {
										L69:
										__eflags =  *(_t315 + 0x20) & 0x00000004;
										if(( *(_t315 + 0x20) & 0x00000004) == 0) {
											goto L34;
										}
										_t272 = 1;
										__eflags = 1;
										 *(_t317 - 0x60) = 1;
										E013E30AE(_t315,  *(_t317 - 0x24),  *( *((intOrPtr*)(_t317 - 0x20)) + 0x10));
										goto L71;
									}
									__eflags =  *(_t317 - 0x24) - 0xc0000017;
									if( *(_t317 - 0x24) == 0xc0000017) {
										goto L69;
									}
									__eflags =  *(_t315 + 0x1c);
									if( *(_t315 + 0x1c) != 0) {
										_t238 =  *((intOrPtr*)(_t317 - 0x20));
										__eflags =  *((intOrPtr*)(_t238 + 0x10)) -  *(_t315 + 0x1c);
										if( *((intOrPtr*)(_t238 + 0x10)) -  *(_t315 + 0x1c) > 0) {
											goto L31;
										}
										L32:
										__eflags =  *(_t315 + 0x20) & 0x00000004;
										if(( *(_t315 + 0x20) & 0x00000004) != 0) {
											__eflags =  *(_t315 + 0x50) - _t307;
											if( *(_t315 + 0x50) > _t307) {
												 *(_t315 + 0x40) = _t307;
												 *(_t315 + 0x54) = _t307;
												 *(_t315 + 0x48) = _t307;
												 *(_t315 + 0x4c) = _t307;
												 *(_t315 + 0x50) = _t307;
												 *(_t315 + 0x5c) = _t307;
											}
										}
										goto L34;
									}
									L31:
									 *(_t315 + 0x1c) =  *( *((intOrPtr*)(_t317 - 0x20)) + 0x10);
									goto L32;
								}
								 *(_t317 - 0x30) = 1;
								 *((intOrPtr*)(_t317 - 0x80)) = 1;
								 *((intOrPtr*)(_t317 - 0x64)) = E01353E80( *((intOrPtr*)(_t317 - 0x64)));
								 *(_t317 - 4) = _t307;
								__eflags =  *(_t317 - 0x5c);
								if( *(_t317 - 0x5c) != 0) {
									_t257 =  *((intOrPtr*)(_t317 - 0x20));
									 *0x144b1e0( *((intOrPtr*)(_t317 - 0x4c)),  *((intOrPtr*)(_t317 - 0x48)),  *((intOrPtr*)(_t257 + 0x10)),  *(_t317 - 0x58),  *((intOrPtr*)(_t317 - 0x3c)),  *((intOrPtr*)(_t317 - 0x68)),  *((intOrPtr*)(_t257 + 0x14)));
									 *(_t317 - 0x24) =  *((intOrPtr*)(_t317 - 0x2c))();
								}
								_t246 =  *(_t317 - 0x40);
								__eflags = _t246 & 0x00000010;
								if((_t246 & 0x00000010) != 0) {
									__eflags =  *(_t315 + 0x34) - _t307;
									if( *(_t315 + 0x34) != _t307) {
										goto L21;
									}
									__eflags =  *(_t317 - 0x24);
									if( *(_t317 - 0x24) >= 0) {
										L64:
										 *0x144b1e0( *((intOrPtr*)(_t317 - 0x4c)),  *((intOrPtr*)(_t317 - 0x48)), _t307,  *(_t317 - 0x58),  *((intOrPtr*)(_t317 - 0x3c)), _t307, _t307);
										 *((intOrPtr*)(_t317 - 0x2c))();
										 *(_t317 - 0x24) = _t307;
										_t246 =  *(_t317 - 0x40);
										goto L21;
									}
									__eflags =  *(_t315 + 0x20) & 0x00000004;
									if(( *(_t315 + 0x20) & 0x00000004) != 0) {
										goto L21;
									}
									goto L64;
								} else {
									L21:
									__eflags = _t246 & 0xffffffee;
									if((_t246 & 0xffffffee) != 0) {
										 *(_t317 - 0x24) = _t307;
										 *0x144b1e0( *((intOrPtr*)(_t317 - 0x4c)),  *((intOrPtr*)(_t317 - 0x48)),  *((intOrPtr*)(_t317 - 0x3c)), _t246);
										 *((intOrPtr*)(_t317 - 0x2c))();
									}
									_t249 = E01377D50();
									__eflags = _t249;
									if(_t249 != 0) {
										_t252 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x234;
									} else {
										_t252 = 0x7ffe038e;
									}
									__eflags =  *_t252;
									if( *_t252 != 0) {
										_t252 = E013E2E14( *( *((intOrPtr*)(_t317 - 0x20)) + 0x10), _t315,  *((intOrPtr*)(_t317 - 0x38)),  *((intOrPtr*)(_t317 - 0x2c)),  *(_t317 - 0x40),  *(_t317 - 0x24),  *((intOrPtr*)(_t317 - 0x4c)),  *((intOrPtr*)(_t317 - 0x48)));
									}
									 *(_t317 - 4) = 0xfffffffe;
									E01353E6B(_t252);
									_t230 = E01353E80( *((intOrPtr*)(_t317 - 0x64)));
									goto L26;
								}
							}
						}
						__eflags = _t286 & 0x00000010;
						if((_t286 & 0x00000010) == 0) {
							goto L37;
						}
						goto L14;
					}
					__eflags =  *(_t315 + 0x1c);
					if( *(_t315 + 0x1c) != 0) {
						__eflags =  *((intOrPtr*)(_t209 + 0x10)) -  *(_t315 + 0x1c);
						if( *((intOrPtr*)(_t209 + 0x10)) -  *(_t315 + 0x1c) > 0) {
							goto L14;
						}
						goto L40;
					}
					goto L14;
				}
			}






































                            0x01353aca
                            0x01353acf
                            0x01353ad4
                            0x01353ad9
                            0x01353adb
                            0x01353ae0
                            0x01353ae3
                            0x01353ae5
                            0x01353ae8
                            0x01353aeb
                            0x01353aed
                            0x01353af5
                            0x01353af8
                            0x01353afb
                            0x01353afe
                            0x01353b05
                            0x01353b0a
                            0x01353b0d
                            0x00000000
                            0x01353b10
                            0x01353b15
                            0x01353b1a
                            0x01353b21
                            0x01353b30
                            0x01353b30
                            0x01353b33
                            0x01353b33
                            0x01353b36
                            0x01353b39
                            0x01353b3f
                            0x01353b47
                            0x01353b4a
                            0x01353b4a
                            0x01353b4f
                            0x01353b4f
                            0x01353b4f
                            0x01353b4f
                            0x01353b4f
                            0x01353b4f
                            0x01353b54
                            0x01353b57
                            0x01353b5c
                            0x01353b61
                            0x01353b67
                            0x01353b6f
                            0x01353b6f
                            0x01353b71
                            0x01353b75
                            0x01353b77
                            0x00000000
                            0x00000000
                            0x01353e6c
                            0x01353e6c
                            0x01353b7d
                            0x01353b7d
                            0x01353b82
                            0x01353b84
                            0x01353b87
                            0x01353b8a
                            0x01353b8d
                            0x01353b90
                            0x01353b90
                            0x01353b97
                            0x01353b97
                            0x01353b9c
                            0x01353ba1
                            0x01353ba7
                            0x01353baa
                            0x01353bad
                            0x01353bad
                            0x01353bb7
                            0x01353bb7
                            0x01353bbc
                            0x01353bbf
                            0x01353bc1
                            0x01353bc7
                            0x01353bcd
                            0x01353bd5
                            0x01353bd8
                            0x01353bda
                            0x01353be1
                            0x01353be4
                            0x01353be7
                            0x01353bea
                            0x01353bed
                            0x01353d97
                            0x01353d9c
                            0x01353da8
                            0x01353dad
                            0x01353db0
                            0x01353db2
                            0x01353db5
                            0x013b020b
                            0x013b0211
                            0x013b0213
                            0x013b0213
                            0x01353dbb
                            0x00000000
                            0x01353dbb
                            0x01353bf3
                            0x01353bf5
                            0x00000000
                            0x00000000
                            0x01353bfb
                            0x01353bfe
                            0x01353bfe
                            0x01353bfe
                            0x01353c02
                            0x01353dd1
                            0x01353dd1
                            0x01353dd7
                            0x013b00c1
                            0x013b00c4
                            0x01353c11
                            0x01353c11
                            0x01353c14
                            0x013b00cf
                            0x013b00d2
                            0x00000000
                            0x00000000
                            0x013b00d8
                            0x013b00e6
                            0x013b00e9
                            0x013b00ec
                            0x013b00ef
                            0x00000000
                            0x00000000
                            0x00000000
                            0x013b00f5
                            0x013b00dd
                            0x013b00e0
                            0x00000000
                            0x00000000
                            0x00000000
                            0x013b00e0
                            0x01353c1a
                            0x01353c1a
                            0x01353c1d
                            0x01353e20
                            0x01353e23
                            0x00000000
                            0x00000000
                            0x00000000
                            0x01353e29
                            0x01353c23
                            0x01353c23
                            0x01353c26
                            0x01353c2c
                            0x01353c2f
                            0x01353c35
                            0x01353c3b
                            0x01353c41
                            0x01353c47
                            0x01353c4d
                            0x01353c59
                            0x01353c5f
                            0x01353c62
                            0x01353c68
                            0x01353c6a
                            0x01353c6d
                            0x01353c74
                            0x01353c79
                            0x01353c7b
                            0x01353c7e
                            0x01353c80
                            0x01353c83
                            0x01353c89
                            0x01353c8b
                            0x01353dea
                            0x01353df1
                            0x01353df2
                            0x01353df5
                            0x01353df8
                            0x01353dfb
                            0x01353dfd
                            0x00000000
                            0x00000000
                            0x01353e03
                            0x01353e07
                            0x01353e42
                            0x01353e49
                            0x01353e4a
                            0x01353e4d
                            0x00000000
                            0x01353e4d
                            0x01353e09
                            0x01353d86
                            0x01353d89
                            0x01353d8c
                            0x01353d8e
                            0x01353e31
                            0x01353e31
                            0x01353d94
                            0x00000000
                            0x01353d94
                            0x01353c91
                            0x01353c91
                            0x01353c94
                            0x01353d23
                            0x01353d23
                            0x01353d27
                            0x01353e16
                            0x01353e16
                            0x01353d2d
                            0x01353d31
                            0x013b01fe
                            0x013b01fe
                            0x01353d84
                            0x01353d84
                            0x00000000
                            0x01353d84
                            0x01353d3d
                            0x01353d44
                            0x01353d45
                            0x01353d48
                            0x01353d4f
                            0x013b01de
                            0x013b01de
                            0x013b01e2
                            0x00000000
                            0x00000000
                            0x013b01ea
                            0x013b01ea
                            0x013b01eb
                            0x013b01f9
                            0x00000000
                            0x013b01f9
                            0x01353d55
                            0x01353d5c
                            0x00000000
                            0x00000000
                            0x01353d62
                            0x01353d66
                            0x01353e55
                            0x01353e5e
                            0x01353e60
                            0x00000000
                            0x00000000
                            0x01353d75
                            0x01353d75
                            0x01353d79
                            0x01353d7b
                            0x01353d7e
                            0x013b01c7
                            0x013b01ca
                            0x013b01cd
                            0x013b01d0
                            0x013b01d3
                            0x013b01d6
                            0x013b01d6
                            0x01353d7e
                            0x00000000
                            0x01353d79
                            0x01353d6c
                            0x01353d72
                            0x00000000
                            0x01353d72
                            0x01353c9d
                            0x01353ca0
                            0x01353cab
                            0x01353cae
                            0x01353cb1
                            0x01353cb5
                            0x01353cb7
                            0x01353cd2
                            0x01353cdb
                            0x01353cdb
                            0x01353cde
                            0x01353ce1
                            0x01353ce3
                            0x013b00fa
                            0x013b00fd
                            0x00000000
                            0x00000000
                            0x013b0103
                            0x013b0107
                            0x013b0113
                            0x013b0125
                            0x013b012b
                            0x013b012e
                            0x013b0131
                            0x00000000
                            0x013b0131
                            0x013b0109
                            0x013b010d
                            0x00000000
                            0x00000000
                            0x00000000
                            0x01353ce9
                            0x01353ce9
                            0x01353ce9
                            0x01353cee
                            0x013b0139
                            0x013b0149
                            0x013b014f
                            0x013b014f
                            0x01353cf4
                            0x01353cf9
                            0x01353cfb
                            0x013b0160
                            0x01353d01
                            0x01353d01
                            0x01353d01
                            0x01353d06
                            0x01353d09
                            0x013b0184
                            0x013b0184
                            0x01353d0f
                            0x01353d16
                            0x01353d1e
                            0x00000000
                            0x01353d1e
                            0x01353ce3
                            0x013b00ca
                            0x01353ddd
                            0x01353de0
                            0x00000000
                            0x00000000
                            0x00000000
                            0x01353de2
                            0x01353c08
                            0x01353c0b
                            0x01353dc9
                            0x01353dcb
                            0x00000000
                            0x00000000
                            0x00000000
                            0x01353dcb
                            0x00000000
                            0x01353c0b

                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: c9926b758cee31237689846d70201edac0586fd8927c8abe7397108d3311c29d
                            • Instruction ID: f07c8158182601ecd37fd6fecdd70a4b13831d86b280f22f02ff765f51d21504
                            • Opcode Fuzzy Hash: c9926b758cee31237689846d70201edac0586fd8927c8abe7397108d3311c29d
                            • Instruction Fuzzy Hash: 89E1EF75E00608DFCB65CFA9C984AADFBF5FF48748F14452AE946A7661D730A841CF10
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0142DB13 Relevance: 6.2, APIs: 4, Instructions: 178timeCOMMON
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID: DebugPrintTimes
                            • String ID:
                            • API String ID: 3446177414-0
                            • Opcode ID: 9cd74a05dcf67118a4e5b23c38f7af7922b7ffa3497ed197989ba097d0ba4e93
                            • Instruction ID: 21c767568f95b3877930cef785de76ab85ecf996048904acddfcec626be015d3
                            • Opcode Fuzzy Hash: 9cd74a05dcf67118a4e5b23c38f7af7922b7ffa3497ed197989ba097d0ba4e93
                            • Instruction Fuzzy Hash: AA518035B046269FEB18CF99C8E562ABBE1FF49310B5441AED906D7765CB70EC81CB80
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0138645B Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 109timeCOMMON
                            Download Yara Rule
                            C-Code - Quality: 26%
                            			E0138645B(void* __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v8;
				void* _v36;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				char _v60;
				char _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t48;
				intOrPtr _t49;
				intOrPtr _t50;
				intOrPtr* _t52;
				char _t56;
				void* _t69;
				char _t72;
				void* _t73;
				intOrPtr _t75;
				intOrPtr _t79;
				void* _t82;
				void* _t84;
				intOrPtr _t86;
				void* _t88;
				signed int _t90;
				signed int _t92;
				signed int _t93;

				_t80 = __edx;
				_t92 = (_t90 & 0xfffffff8) - 0x4c;
				_v8 =  *0x144d360 ^ _t92;
				_t72 = 0;
				_v72 = __edx;
				_t82 = __ecx;
				_t86 =  *((intOrPtr*)(__edx + 0xc8));
				_v68 = _t86;
				E0139FA60( &_v60, 0, 0x30);
				_t48 =  *((intOrPtr*)(_t82 + 0x70));
				_t93 = _t92 + 0xc;
				_v76 = _t48;
				_t49 = _t48;
				if(_t49 == 0) {
					_push(5);
					 *((char*)(_t82 + 0x6a)) = 0;
					 *((intOrPtr*)(_t82 + 0x6c)) = 0;
					goto L3;
				} else {
					_t69 = _t49 - 1;
					if(_t69 != 0) {
						if(_t69 == 1) {
							_push(0xa);
							goto L3;
						} else {
							_t56 = 0;
						}
					} else {
						_push(4);
						L3:
						_pop(_t50);
						_v80 = _t50;
						if(_a4 == _t72 && _t86 != 0 && _t50 != 0xa &&  *((char*)(_t82 + 0x6b)) == 1) {
							E01372280(_t50, _t86 + 0x1c);
							_t79 = _v72;
							 *((intOrPtr*)(_t79 + 0x20)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
							 *((intOrPtr*)(_t79 + 0x88)) =  *((intOrPtr*)(_t82 + 0x68));
							 *((intOrPtr*)(_t79 + 0x8c)) =  *((intOrPtr*)(_t82 + 0x6c));
							 *((intOrPtr*)(_t79 + 0x90)) = _v80;
							 *((intOrPtr*)(_t79 + 0x20)) = _t72;
							E0136FFB0(_t72, _t82, _t86 + 0x1c);
						}
						_t75 = _v80;
						_t52 =  *((intOrPtr*)(_v72 + 0x20));
						_t80 =  *_t52;
						_v72 =  *((intOrPtr*)(_t52 + 4));
						_v52 =  *((intOrPtr*)(_t82 + 0x68));
						_v60 = 0x30;
						_v56 = _t75;
						_v48 =  *((intOrPtr*)(_t82 + 0x6c));
						asm("movsd");
						_v76 = _t80;
						_v64 = 0x30;
						asm("movsd");
						asm("movsd");
						asm("movsd");
						if(_t80 != 0) {
							 *0x144b1e0(_t75, _v72,  &_v64,  &_v60);
							_t72 = _v76();
						}
						_t56 = _t72;
					}
				}
				_pop(_t84);
				_pop(_t88);
				_pop(_t73);
				return E0139B640(_t56, _t73, _v8 ^ _t93, _t80, _t84, _t88);
			}


































                            0x0138645b
                            0x01386463
                            0x0138646d
                            0x01386475
                            0x0138647a
                            0x0138647e
                            0x01386480
                            0x0138648c
                            0x01386490
                            0x01386495
                            0x01386498
                            0x0138649b
                            0x0138649f
                            0x013864a1
                            0x013c7c07
                            0x013c7c09
                            0x013c7c0c
                            0x00000000
                            0x013864a7
                            0x013864a7
                            0x013864aa
                            0x013c7bf7
                            0x013c7c00
                            0x00000000
                            0x013c7bf9
                            0x013c7bf9
                            0x013c7bf9
                            0x013864b0
                            0x013864b0
                            0x013864b2
                            0x013864b2
                            0x013864b3
                            0x013864ba
                            0x01386553
                            0x0138655e
                            0x01386566
                            0x0138656c
                            0x01386575
                            0x0138657f
                            0x01386585
                            0x01386588
                            0x01386588
                            0x013864c7
                            0x013864cb
                            0x013864ce
                            0x013864d3
                            0x013864da
                            0x013864e5
                            0x013864ed
                            0x013864f1
                            0x013864f5
                            0x013864f6
                            0x013864fa
                            0x01386502
                            0x01386503
                            0x01386504
                            0x01386507
                            0x0138651a
                            0x01386524
                            0x01386524
                            0x01386526
                            0x01386526
                            0x013864aa
                            0x0138652c
                            0x0138652d
                            0x0138652e
                            0x01386539

                            APIs
                            Strings
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID: DebugPrintTimes
                            • String ID: 0$0
                            • API String ID: 3446177414-203156872
                            • Opcode ID: 313680e1b68815906f9b21ca5e35b188c19bfeb30800fe1ce7d8486ca4bb0c6b
                            • Instruction ID: 047a4683cfb4e995876a9aa68c9eaa0b187c4d6e2bcd38b29b5c1c24960e120e
                            • Opcode Fuzzy Hash: 313680e1b68815906f9b21ca5e35b188c19bfeb30800fe1ce7d8486ca4bb0c6b
                            • Instruction Fuzzy Hash: 91416AB16047069FC711DF2CC445A1ABBE9FB89718F04452EF988DB301D731EA05CB96
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 013EFDDA Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                            Download Yara Rule
                            C-Code - Quality: 53%
                            			E013EFDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E0139CE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E013E5720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E013E5720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                            0x013efdda
                            0x013efde2
                            0x013efde5
                            0x013efdec
                            0x013efdfa
                            0x013efdff
                            0x013efe0a
                            0x013efe0f
                            0x013efe17
                            0x013efe1e
                            0x013efe19
                            0x013efe19
                            0x013efe19
                            0x013efe20
                            0x013efe21
                            0x013efe22
                            0x013efe25
                            0x013efe40

                            APIs
                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 013EFDFA
                            Strings
                            • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 013EFE2B
                            • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 013EFE01
                            Memory Dump Source
                            • Source File: 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: true
                            • Associated: 00000005.00000002.311918583.000000000144B000.00000040.00000800.00020000.00000000.sdmpDownload File
                            • Associated: 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_5_2_1330000_SecuriteInfo.jbxd
                            Similarity
                            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                            • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                            • API String ID: 885266447-3903918235
                            • Opcode ID: fd0778e5a20ca0723c6ec9e0fd6c9d477cbba4511d3b8d305579c0ce025b2ef9
                            • Instruction ID: 34a0d10d7402f502b1554e949d53093f4dd2c0c6f097e18bb6185736d5bdfbf6
                            • Opcode Fuzzy Hash: fd0778e5a20ca0723c6ec9e0fd6c9d477cbba4511d3b8d305579c0ce025b2ef9
                            • Instruction Fuzzy Hash: 24F0FC765402117FEA201A49DC05F23BF9EDB84738F140314F618565D1D962FC3086F4
                            Uniqueness

                            Uniqueness Score: -1.00%